JWT Decoder
Paste a JWT to decode and inspect its header, payload, and claims - all client-side.
⚠
Never paste real production tokens into untrusted tools. All decoding happens locally in your browser - no data is transmitted.
About this tool
JWTs (JSON Web Tokens) are a compact, URL-safe way to represent claims between parties. A JWT has three base64url-encoded parts separated by dots: the header (algorithm and token type), the payload (claims such as user ID, roles, expiry), and the signature (used to verify the token hasn't been tampered with). This tool decodes the header and payload for inspection only - it cannot verify the signature without the secret key or public certificate.