JWT Decoder | JSON Web Token Parser
Decode all three JWT segments, scan standard claims, and see expiry hints—local only, not a substitute for server-side verification
Free online JWT decoder for header, payload, and signature—handy for API debugging and auth troubleshooting.
How to use
What it does
Splits a JWT into header, payload, and signature, pretty-prints JSON, summarizes common claims, and surfaces exp status when present.
Workflow
- Paste the full token including two dots.
- Click Decode to render formatted JSON and the raw signature bytes as text.
- Use Copy on each card to grab the text you need.
- Open with ?token= or ?jwt= in the query string to auto-decode.
About claims
- Standard OIDC/OAuth claims include iss, sub, aud, exp, and more; vendors may add private claims.
- Time-based claims list both Unix seconds and a local human-readable timestamp.
Security
- Avoid pasting production secrets or long-lived tokens into untrusted devices; processing stays in your browser.
- Client-side decoding never replaces signature verification and authorization checks on the server.