XpressDevTools

JWT Decoder

Decode and inspect JWTs — header, payload, claims and expiry.

Runs in your browser No sign-up Free forever
JWT
Decoded

Header

Payload

Signature

Note: This tool does not verify signatures — it only decodes them.

Claims

ClaimDescriptionValue

What is a JWT Decoder?

A JSON Web Token (JWT, pronounced "jot") is a compact, URL-safe credential format defined by RFC 7519. It packages claims about a user — like their ID, roles, or expiration — into three Base64URL-encoded segments separated by dots: header.payload.signature. A JWT decoder splits those parts and shows the underlying JSON so you can inspect what's inside.

What this tool shows

  • Header — algorithm (alg) and token type (typ).
  • Payload — all the claims, formatted as JSON.
  • Signature — the raw signature bytes (Base64URL).
  • Expiration check — instantly see whether the token is still valid.
  • Standard claims tableiss, sub, aud, exp, iat, nbf, jti with human-readable descriptions and decoded timestamps.

Privacy

JWTs typically contain sensitive identity information. This tool decodes everything in your browser — the token is never sent over the network. Close the tab and there's nothing left behind.

Important

Decoding a JWT does not verify its signature. Anyone with the token can read its contents — that's why you should treat JWTs as bearer credentials and only trust their claims after verifying the signature server-side.

Related Tools