JWT (JSON Web Token) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of three Base64URL-encoded parts: header, payload, and signature, separated by dots.
This tool decodes and inspects JWT tokens — it displays the header, payload, and raw signature. Signature verification requires the secret key or public key, which is not needed for decoding.
exp (expiration time) indicates when the token expires. iat (issued at) indicates when the token was created. Both are Unix timestamps. This tool automatically validates these claims and highlights expired tokens.
Yes. All decoding happens entirely in your browser. No data is ever sent to any server. You can verify this in the Network tab of your browser's developer tools.
This decoder works with any JWT regardless of the signing algorithm (HS256, RS256, ES256, etc.) because it only decodes the token — it does not verify signatures.