JWT Decoder
How to use this JWT decoder
- Paste an encoded JWT into the left box.
- The header and payload decode automatically.
- Inspect the claims — useful for debugging auth issues.
What is a JWT?
A JSON Web Token is a compact, URL-safe way to represent claims between two parties. It has three parts separated by dots: header, payload, and signature.
Does this verify the signature?
No. This tool only decodes the header and payload so you can inspect their contents; it does not verify the signature, and you should never paste tokens containing real secrets into third-party tools.
Is it safe to decode a production JWT here?
Decoding happens locally in your browser and nothing is sent anywhere, but as a general habit, avoid pasting tokens from production systems into any third-party tool.
What does "exp" mean in the payload?
"exp" is the expiration time, a standard claim indicating when the token becomes invalid, expressed as a Unix timestamp.