JWT Decoder & Inspector
Decode and inspect JWT header, payload and claims — locally, never sent anywhere.
Runs entirely in your browser — your input never leaves your deviceAbout this tool
A JSON Web Token has three Base64URL parts — header, payload and signature — separated by dots. This inspector decodes the header and payload into readable JSON and translates theexpclaim into a human date so you can immediately see whether a token has expired.
Crucially, decoding happens entirely in your browser and the token is never transmitted — which is exactly what you want when debugging real access tokens.
Why use it
Readable claims
Decodes header and payload into clean JSON and shows the exp claim as a date.
Expiry at a glance
A green or red badge tells you instantly whether a token is still valid.
Never uploaded
Decoding is local — safe for real access tokens.
Common use cases
- Inspect a JWT while debugging auth
- Check whether a token has expired
- Read the claims in an access token
- Confirm what a backend encoded
Frequently asked questions
Does this verify the JWT signature?
No. It only decodes the header and payload so you can read the claims. Verifying the signature requires the secret or public key and should be done server-side.
Is my token sent anywhere?
Never. The token is decoded locally in your browser, which is why it is safe to paste real access tokens here.
How do I know if a token is expired?
If the payload has an exp claim, the tool converts it to a date and shows a green “valid until” or a red “expired” badge.
Why can't my token be decoded?
A JWT must have at least a header and payload separated by dots, each valid Base64URL-encoded JSON. Truncated or malformed tokens can't be parsed.