JWT Decoder

How to use this JWT decoder

  1. Paste an encoded JWT into the left box.
  2. The header and payload decode automatically.
  3. Inspect the claims — useful for debugging auth issues.

What is a JWT?

A JSON Web Token is a compact, URL-safe way to represent claims between two parties. It has three parts separated by dots: header, payload, and signature.

Does this verify the signature?

No. This tool only decodes the header and payload so you can inspect their contents; it does not verify the signature, and you should never paste tokens containing real secrets into third-party tools.

Is it safe to decode a production JWT here?

Decoding happens locally in your browser and nothing is sent anywhere, but as a general habit, avoid pasting tokens from production systems into any third-party tool.

What does "exp" mean in the payload?

"exp" is the expiration time, a standard claim indicating when the token becomes invalid, expressed as a Unix timestamp.