DevTools
Language

JWT Decoder

DevTools JWT Decoder splits JSON Web Tokens to inspect Header, Payload, and time claims such as exp, iat, and nbf—processed locally in your browser.

JWT Decoder

Decode JSON Web Tokens and inspect Header, Payload, and time-related claim fields.

Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Payload
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

Time claims

iat (issued at)
1/18/2018, 1:30:22 AM
Signature (raw)
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

About this tool

JWTs have Header, Payload, and Signature sections and are widely used for API auth and SSO. Quickly verify algorithm, audience, issuance, and expiry.

How to use

  1. Paste the full JWT string.
  2. Review parsed Header, Payload, and time claims.
  3. Check whether the token is expired or not yet valid.

FAQ

Does JWT decoding verify the signature?

Decoding is not verification. Decoding shows token contents; trust requires validating the signature with the correct key and algorithm.

Why can anyone read JWT Payload?

The first two segments are Base64URL-encoded, not encrypted. Never put plaintext secrets in the Payload.

Is my token uploaded?

No. Decoding runs locally in your browser.

Which algorithms are shown in the Header?

The decoded Header JSON shows alg and other standard fields as stored in the token.

Related tools