JSON Formatter JSON Validator JSON to YAML YAML to JSON Base64 Encode/Decode URL Encode/Decode JWT Decoder Regex Tester Epoch Converter UUID Generator Cron Parser Hash Generator Query String CSV JSON Bin Oct Dec Hex

Token Tool

Inspect JWT headers and payload claims without sending tokens anywhere.

Token Tool

JWT Decoder

Inspect JWT header and payload claims client-side. This page is useful for development and debugging when you want to review token contents without sending them elsewhere.

This online JWT decoder helps you read token headers and payloads, inspect claims like sub, aud, iss, and exp, and understand what an identity provider or API is returning.

Tool UI

Decode JWT header and payload

About the JWT decoder

This page decodes JSON Web Tokens in the browser so you can inspect the header and payload quickly. It is intended for development and troubleshooting workflows where you need to understand what a token contains.

Common use cases include checking claims, scopes, expiration times, audiences, issuers, and custom identity fields returned by an authentication system.

How to decode a JWT

  1. Paste the JSON Web Token into the input field.
  2. Select Decode JWT to parse the token header and payload.
  3. Review the decoded claims in the output panels.
  4. Use the result for development debugging, claim inspection, or troubleshooting auth flows.

This is useful when you need to inspect a bearer token quickly without moving it into a separate app or external service.

What is a JWT?

A JWT, or JSON Web Token, is a compact token format commonly used in authentication and authorization flows. It usually contains three parts separated by dots: a header, a payload, and a signature.

The header and payload are typically Base64Url encoded JSON, while the signature is used to verify integrity when proper validation is performed.

Why use a JWT decoder?

JWTs often contain useful debugging information about who the token represents, what it can access, and when it expires. A decoder helps you inspect those claims without manually unpacking the token.

This is especially useful in OAuth, OpenID Connect, API gateway debugging, local development, and staging environments.

JWT decoder FAQ

Does decoding a JWT verify the signature?

No. Decoding only reveals the header and payload. Signature validation is a separate step that requires the correct verification key and algorithm checks.

What claims can I inspect?

You can inspect common claims such as issuer, subject, audience, expiration, not-before, issued-at, scopes, roles, and any custom fields added by your auth system.

Why do JWT tokens look like Base64?

JWT segments are typically Base64Url encoded. That makes them readable after decoding, but it does not prove they are trustworthy or still valid.

Can I use this to debug expired tokens?

Yes. A common use case is checking the exp claim to understand whether a token is already expired or whether clock skew might be affecting your environment.

JWT tips

  • Decoding a token is not the same as verifying it.
  • Check exp, nbf, and iat claims when debugging time-based failures.
  • Review aud and iss when a token is rejected by an API.
  • Treat sensitive tokens carefully even in debugging workflows.

Related tools

Base64 Encode / Decode JSON Formatter + Minifier URL Encode / Decode