🔓 JWT Decoder

About

This tool splits a JWT into its three segments and decodes the header and payload as pretty-printed JSON, highlighting time claims (exp, iat, nbf) with human-readable timestamps and expiry status. Signature verification is intentionally out of scope — decoding only. Because everything runs locally in your browser, your tokens are never transmitted to any server, making it safe to inspect tokens that contain sensitive claims.

How to use

1. Paste your JWT token (starting with eyJ…) into the input box.
2. Click the Decode button (or the tool decodes automatically on paste).
3. Inspect the decoded Header JSON — algorithm (alg), token type (typ), and key ID (kid) are shown here.
4. Read the Payload JSON — all claims including sub, iss, aud, roles, and custom data appear with syntax highlighting.
5. Check the Time Claims section for exp, iat, and nbf — each shows a human-readable UTC date and an EXPIRED or valid badge.

FAQ

Is this JWT decoder free?

Yes, completely free. No account, no subscription, and no usage limits.

Does my JWT token get uploaded to a server?

Never. All decoding happens locally in your browser using JavaScript. Your token never leaves your device, making it safe to use with production tokens.

Does the JWT decoder work offline?

Yes. Once the page is loaded, it works with no internet connection. It also supports being opened directly as a local file.

Does this tool verify the JWT signature?

No — this is a decoder, not a validator. It base64url-decodes the header and payload but does not verify the signature against any key. Use it for inspection and debugging, not for security verification.

How do I check if my JWT is expired?

After decoding, scroll to the Time Claims section. The exp claim shows the expiry date in UTC and displays an EXPIRED badge in red if the token has already expired, or a valid badge in green if it is still active.