05FW

JWT Decoder

Decode JSON Web Tokens (JWT) to inspect the header and payload. Shows claims and expiry in readable JSON. Decoding happens locally — your token never leaves your browser.

JWT decoder

Paste a JSON Web Token to instantly decode its header and payload into readable JSON. The decoder also surfaces common claims like issued-at and expiry and tells you whether the token is still valid. Decoding is local and private — ideal for debugging authentication.

Frequently asked questions

Does this verify the JWT signature?

No. This tool decodes the header and payload so you can read the claims. Verifying the signature requires the secret or public key and should be done on your server.

Is my token sent to a server?

Never. Decoding is done locally in your browser by Base64URL-decoding the token parts. Your token never leaves your device.

What do iat and exp mean?

iat is 'issued at' and exp is 'expiration', both Unix timestamps. The tool shows them as readable dates and flags whether the token has expired.

Related tools

Base64 Encoder & Decoder

Encode or decode Base64 text safely.
JSON Formatter & Validator

Beautify, minify and validate JSON.
Hash Generator (SHA)

SHA-1, SHA-256, SHA-384 and SHA-512 hashes.