JWT Decoder
Paste a JWT and decode its header and payload locally for quick claim inspection.
Inspect JWT claims locally
JWTs are just base64url-encoded JSON segments, but reading them by hand is awkward. This decoder parses the header and payload so you can inspect claims like subject, issuer, audience, and expiration.
Remember that decoding is not verification. A decoded token can still be forged or invalid if the signature does not verify.
No upload token inspection
The token stays in your browser.
Frequently Asked Questions
Does this verify JWT signatures?
No. It decodes header and payload only. Signature verification requires the secret or public key.
Is it safe to paste production tokens?
Avoid pasting sensitive production tokens into any tool. This runs locally, but caution is still best.
What parts does it decode?
It decodes the header and payload from a standard three-part JSON Web Token.
Is my token uploaded?
No. Decoding happens in your browser.
Debug tokens and API payloads faster with browser utilities.