JWT Decoder

Decode JSON Web Tokens to inspect the header, payload, and signature. Check expiration and view standard claims.

What is a JWT (JSON Web Token)?

A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. A JWT consists of three parts separated by dots: a header (specifying the algorithm and token type), a payload (containing claims or data), and a signature (for verification). JWTs are Base64URL-encoded, making them easy to pass in URLs, HTTP headers, and cookies.

This tool decodes JWTs instantly in your browser, displaying each section with color coding and checking whether the token has expired.

How to Use This JWT Decoder

Paste your JWT — Copy a JWT token and paste it into the input field.

View decoded sections — The header, payload, and signature are displayed separately with color coding.

Check expiration — The tool automatically checks the exp claim and shows whether the token is still valid or has expired.

Inspect claims — Review all claims in the payload including issuer, audience, subject, and custom claims.

Common Use Cases

Debugging authentication — Decode access tokens and ID tokens to inspect their claims and troubleshoot login issues.

Verifying token contents — Check that a JWT contains the expected claims (roles, permissions, user ID) before deploying.

Checking token expiration — Quickly determine if a token has expired without writing code to parse the exp claim.

API development — Inspect JWTs returned by OAuth providers or your own auth service during development.

Frequently Asked Questions

What is a JSON Web Token (JWT)?

A JWT is a compact, URL-safe token format used for securely transmitting information between parties. It consists of three parts separated by dots: a header (algorithm and token type), a payload (claims/data), and a signature for verification.

Is it safe to decode a JWT online?

This tool decodes JWTs entirely in your browser — the token is never sent to any server. However, remember that JWT payloads are only Base64-encoded, not encrypted, so anyone with the token can read its contents. Never share JWTs containing sensitive data.

How do I check if a JWT is expired?

Paste your JWT into the decoder and it will automatically check the "exp" (expiration) claim in the payload. The tool displays whether the token is currently valid or expired, along with the exact expiration date and time.