Decode JSON Web Tokens instantly. Auto-decode on paste. View header, payload, and expiration status. Check token validity and time-to-expiry. Client-side only, no data sent.
Client-sideAuto-DecodeExpiration Check
Paste JWT Token
Note: This tool only decodes JWTs — it does not verify signatures. A token shown as "Valid JWT Format" means it is correctly structured, not that it is cryptographically verified or trustworthy.
Header
Algorithm & Type
Paste JWT above to decode
Payload (Claims)
Claims & Data
Paste JWT above to decode
Signature
⚠️ Cannot verify signature without secret key. Signature validity cannot be checked client-side.
Signature (base64url)
Paste JWT above to decode
Token Status
JWT Structure
JWT tokens have 3 parts separated by dots:
header.payload.signature
✓ Header: Algorithm & type
✓ Payload: Claims & data
✓ Signature: Verification (server-side only)
Security Note
This tool decodes JWTs client-side without sending data to servers. You can safely decode any token here. Never paste sensitive secrets in this tool.