JWT Decoder

Decode a JSON Web Token's header and payload, check its expiry, and verify HS256 signatures — without your token ever leaving the browser.

Encoded token

The decoded header and payload will appear here.

Tokens and secrets are processed entirely in your browser — nothing is uploaded, logged or stored.

What's inside a JWT?

A JSON Web Token is three Base64URL-encoded segments joined by dots: header.payload.signature. The header declares the signing algorithm (alg) and type; the payload carries the claims — standard ones like sub (subject), iss (issuer), iat (issued at) and exp (expiry), plus whatever custom claims the issuer added; the signature proves the token wasn't tampered with. Decoding requires no key — the first two parts are just encoded, not encrypted.

Debugging with this tool

Paste any JWT and you'll see the pretty-printed header and payload immediately, with iat/nbf/exp translated to human-readable dates and a clear Expired / Valid badge — the answer to the most common JWT debugging question. If the token is signed with HS256, paste the shared secret to verify the signature via WebCrypto, right in your browser.

FAQ

Is it safe to paste a real token here?

The tool runs fully client-side — no network requests are made with your token or secret, which you can confirm in your browser's network tab. That said, treat production tokens like passwords as a general habit: prefer decoding expired or development tokens when you can.

Why can't I verify RS256 tokens?

RS256/ES256 tokens are signed with a private key and verified with the issuer's public key (usually published at a JWKS URL). Verification belongs in your backend with a proper JWT library; this tool focuses on decoding and HS256 shared-secret checks.

My token says "expired" — what now?

The exp claim is a Unix timestamp; once it's in the past, servers reject the token. Request a fresh token (or use your refresh-token flow) — no amount of client-side fiddling makes an expired JWT valid again, by design.

Built by Abasthan Cloud

Free tools are just the start

Deploy your next app on bare-metal cloud with per-second billing — your first app is free, no credit card required.