Does JWT decoding verify the signature?
Decoding is not verification. Decoding shows token contents; trust requires validating the signature with the correct key and algorithm.
DevTools JWT Decoder splits JSON Web Tokens to inspect Header, Payload, and time claims such as exp, iat, and nbf—processed locally in your browser.
Decode JSON Web Tokens and inspect Header, Payload, and time-related claim fields.
{
"alg": "HS256",
"typ": "JWT"
}{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
JWTs have Header, Payload, and Signature sections and are widely used for API auth and SSO. Quickly verify algorithm, audience, issuance, and expiry.
Decoding is not verification. Decoding shows token contents; trust requires validating the signature with the correct key and algorithm.
The first two segments are Base64URL-encoded, not encrypted. Never put plaintext secrets in the Payload.
No. Decoding runs locally in your browser.
The decoded Header JSON shows alg and other standard fields as stored in the token.
Convert between common formats: CSV/JSON, YAML/JSON, TOML/JSON, Markdown/HTML, timestamps, image Base64, text encodings, and number bases.
Format and beautify SQL, HTML, XML, and YAML, plus a regex debugger—all run locally in the browser, free with no sign-up.
Full JSON toolkit: format, validate, minify, convert to CSV/XML, diff, generate and validate Schema, JSONPath, and tree view—all processed locally in the browser.
Upload a logo, preview browser and Google search results, configure iOS/Android icons, and generate a complete favicon package in one click.