Can this verify the JWT signature?

No. Signature verification requires the secret or public key, which should never be shared in a browser tool. This tool only decodes the base64-encoded parts.

Is my JWT sent to a server?

No. All decoding happens locally in your browser using JavaScript. Your token never leaves your device.

What claims does it show?

All standard claims (sub, name, iat, exp, iss, aud, etc.) and any custom claims in the payload are displayed.

How do I know if my token is expired?

The tool reads the "exp" claim and compares it to the current time, showing a green "Token Valid" or red "Token Expired" badge.

What JWT formats are supported?

Standard 3-part JWTs (header.payload.signature) with base64url encoding, which covers HS256, RS256, ES256, and all common algorithms.

ToolsArena

JWT Decoder

Decode and inspect JWT tokens — header, payload, expiry and claims.

JWT Token

🟢 Token ValidIssued: 1/18/2018, 1:30:22 AMExpires: 11/20/2286, 5:46:39 PMAlgorithm: HS256

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022,
  "exp": 9999999999
}

SignatureCannot be verified client-side without secret

SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

How to Use JWT Decoder

1
Paste your JWT token into the input.
2
View the decoded Header (purple) section.
3
View the decoded Payload (blue) with all claims.
4
Check the validity status bar for expiry info.
5
Copy sections individually using the copy buttons.

About JWT Decoder

Paste any JSON Web Token and instantly decode its header and payload. See the algorithm, all claims, issued-at and expiry dates, and whether the token is currently valid or expired. Color-coded sections for header, payload, and signature. Useful for debugging auth issues.