Security utility

JWT Decoder and Header Inspector

Decode JSON Web Token segments, review algorithms and registered claims, and check token timing fields directly in the browser.

Runtime: Browser
Verify: No
Format: JWS

Token decoder

Decoding is local and does not verify the cryptographic signature.

Decode only

JWT input 0 chars

Waiting for a JWT.

Header

0 bytes

Decoded header appears here.

Payload

0 bytes

Decoded payload appears here.

Claim inspector

Registered and custom payload claims are listed in source order.

0 claims

Claim	Value	Meaning
Decode a JWT to inspect claims.

JWT segments

A compact JWS token usually has header, payload, and signature segments separated by dots. The first two segments are Base64URL encoded JSON.

Registered claims

Claims such as iss, sub, aud, exp, nbf, and iat carry issuer, subject, audience, and timing information. Each application decides which claims matter.

Signature trust

Decoding a JWT is not verification. A trusted verifier must validate the signature, algorithm, issuer, audience, clock skew, and application policy.

Usage guide

How to use the JWT decoder

What this tool shows

It decodes the header and payload, lists claims, highlights timing fields, and shows signature segment metadata without claiming trust.

How to test it

Load the sample token, compare alg and typ, inspect exp and nbf, then paste your own token to review the claim table.

When it helps

Use it while debugging authentication flows, checking token expiration, comparing issuers or audiences, or explaining that decoding is not verification.