JWT Decoder

Decode JSON Web Tokens to inspect the header and payload. View claims and expiry. Local, private, no upload.

Browser Processing Only (Offline Ready)

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

Standard Claims

Issued at (iat): Jan 18, 2018, 1:30:22 AM

SignatureSflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

The signature is not verified here. Verifying it requires the secret or public key and should be done on a trusted server.

Enter your text

Paste or type your content into the input field.

Adjust settings

Configure options to get the result you want.

Copy or save

Copy the output to clipboard or save it.

Key Features

Header & Payload View

Instantly decode both segments into clean, pretty-printed JSON.

Readable Claims

Standard time claims (iat, nbf, exp) are shown as human-readable dates.

Expiry Check

See at a glance whether a token is still valid or has already expired.

Token Stays Local

Decoding happens in your browser — your token is never sent anywhere.

About This Tool

What is the JWT Decoder?

The JWT Decoder reads a JSON Web Token and shows its header and payload as formatted JSON, plus a summary of the standard time claims. It's the fast way to see what's inside a token while debugging authentication.

Common Uses

Debugging auth: Check which claims a token carries and when it expires.
Inspecting scopes: Confirm roles or permissions encoded in the payload.
Learning JWTs: See how the header, payload, and signature fit together.
Support tickets: Quickly read a token a user has shared (after they revoke it).

Privacy-First by Design

Your token is decoded entirely in the browser. It is never uploaded, logged, or stored — which matters because tokens often grant access. Still, treat any token you paste anywhere as compromised and rotate it.

Related Tools

Base64 Encode/Decode

Encode text to Base64 or decode Base64 back to text.

JSON Formatter

Format, validate, and minify JSON data with syntax highlighting.

Unix Timestamp Converter

Convert between Unix timestamps and human-readable dates.

FAQ

A JSON Web Token (JWT) is a compact, URL-safe token with three Base64URL-encoded parts — header, payload, and signature — separated by dots. It's commonly used for authentication and to pass claims between services.

No. This tool only decodes the header and payload so you can read them. Signature verification needs the signing secret or key and must happen in a trusted environment, never in a public web page.

No. All processing happens entirely in your browser. Your data never leaves your device — nothing is uploaded to any server.

Yes. Once the page has loaded, the tool works completely offline. For the best experience, install PrivaDeck as a PWA from your browser.