Encoded Token
Header
// Header
Payload
// Data
Note: Signature verification is not performed on the client side.
What is a JWT Decoder?
The JWT Decoder helps you visualize the contents of a JSON Web Token (JWT). It splits the token into its three encoded components—Header, Payload, and Signature—and decodes the Base64Url strings into readable JSON.
JWTs are the standard for stateless authentication in modern web apps. But they are just long strings of seemingly random characters. This tool lets you 'crack them open' to see who the user is, when the token expires, and what permissions they have.
Important: We decode the token to show its data. We do NOT verify the cryptographic signature because we don't have your server's secret key. This tool is for debugging the *content* of the token.
1How to Use
- Get a Token: Copy a JWT from your browser's local storage, cookies, or API response.
- Paste It: Drop the string into the 'Encoded Token' box.
- Inspect Header: See the algorithm (e.g., HS256) and type.
- Inspect Payload: Read the claims (key-value pairs) like `sub` (subject), `name`, or `scope`.
- Check Expiration: Look for the `exp` claim to timestamp.
★Key Features
- Client-Side Privacy: Your tokens (which effectively act as passwords) are never sent to our server.
- Syntax Highlighting: Color-coded JSON output for better readability.
- Auto-Formatting: Beautifies minified JSON automatically.
- Error Detection: Validates if the string is a properly formed JWT.
- Signature Separation: Clearly distinguishes the signature part from the data.