JWT Decoder

Decode any JSON Web Token — header, payload, signature — in your browser.

  • No upload
  • Browser-based
  • Free
  • No signup
  • Text

Runs in your browser. Your text never leaves your device.

Frequently asked questions

Is my JWT sent anywhere?
No. JWTs often contain sensitive claims — that's exactly why this tool runs entirely in your browser. Nothing leaves your device.
Does it verify the signature?
No. Verification needs the signing key (secret for HS256, public key for RS256). This tool decodes only — safer, and the common use case is debugging payload contents.
Are the timestamps human-readable?
Yes — `iat`, `exp`, and `nbf` are shown both as raw epoch and as a local date/time.
Which algorithms are supported?
All algorithms — decoding is format-only. Signature is shown as base64 but not verified.