JWT Decoder
Decode JWT tokens to inspect header, payload, and expiry
How to Use
- Paste JWT token
Paste the JWT token (header.payload.signature format) into the input area.
- Decode
Click "Convert" to decode the header and payload into formatted JSON.
- Check expiry
If exp/iat/nbf fields are present, human-readable dates and expiry status are shown.
JWT Decoder Examples
Decode a JWT token
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c--- Header ---
{
"alg": "HS256",
"typ": "JWT"
}
--- Payload ---
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}Header and payload JSON plus timestamp conversion are displayed.
Check an expired token
eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MDAwMDAwMDB9.xxx--- Payload ---
{
"exp": 1600000000
}
exp: 2020-09-13T12:26:40.000Z
Status: ExpiredThe exp date and expiry status are shown.
Features
- Display JWT header and payload as formatted JSON
- Accurate Base64URL decoding
- Convert iat/exp/nbf to human-readable dates with expiry check
- Automatic expired/valid status display
- Local processing (your input is not sent to servers)
- Mobile-friendly responsive design
- Dark mode support
FAQ
What is JWT?
JWT (JSON Web Token) is a compact token format for securely transmitting JSON claims. It is widely used for authentication and API authorization. A JWT consists of three Base64URL-encoded parts: header, payload, and signature.
Can it verify signatures?
This tool focuses on decoding headers and payloads. Signature verification requires secret or public keys and is not included due to browser security considerations.
Is my data sent to a server?
No. All decoding happens locally in your browser via JavaScript. Your JWT tokens are never transmitted externally.