Decode and inspect JWT tokens. View header, payload, and verify expiration.
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange. It consists of three parts: a header (algorithm info), payload (claims/data), and signature.
This tool decodes and inspects JWT tokens, showing the header, payload, and expiration status. Signature verification requires the secret key, which we intentionally do not ask for to protect your security.
Yes. All decoding happens in your browser — your token is never sent to any server. However, never share JWT tokens publicly as they may contain sensitive claims.
Standard claims include: iss (issuer), sub (subject), aud (audience), exp (expiration), iat (issued at), and nbf (not before). Custom claims can contain any application-specific data like user roles or permissions.
Paste your token and our decoder automatically checks the exp (expiration) claim against the current time. Expired tokens show a red badge, and valid tokens show a green badge with the expiration date.