JWT Decoder
Paste a JSON Web Token to see its header and payload as formatted JSON. exp, iat and nbf are shown as readable dates. Everything runs in your browser — your input is never sent to a server.
A JWT has three dot-separated parts (header, payload, signature). This tool decodes the first two. The signature is not verified.
How to Use the JWT Decoder
New here? Click one of the "Examples (click to try)" chips above the input box — a well-known sample token loads and its header and payload appear instantly. If you already know your way around, just paste your token into the box above and it decodes immediately (the output updates as you type).
- Paste the JWT string you want to inspect (the
eyJ...value with three parts joined by dots). - The Header and Payload are shown as formatted JSON.
- If the payload contains
exp,iatornbf, each Unix time is also shown as a human-readable local date and time. - Use the Copy button under each block to copy the displayed JSON.
Worked example: paste this token
A JWT is three parts — "header.payload.signature" (e.g. eyJhbGci….eyJzdWIi….SflKxwRJ…) — joined by dots. For example, paste this token:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
The header shows as { "alg": "HS256", "typ": "JWT" } and the payload as { "sub": "1234567890", "name": "John Doe", "iat": 1516239022 }, with iat 1516239022 shown as a local date like Jan 18, 2018, 10:30:22. Note that this tool does not verify the signature — it only decodes and displays the header and payload (it does not check whether the third signature part is correct).
Where It Comes in Handy
- Checking what is inside an API access token or ID token (
sub,scope, and so on) - Seeing whether a token has expired (
exp) or when it was issued (iat) - Debugging OAuth and OpenID Connect flows by comparing claims
- Confirming the signing algorithm (
alg) or key ID (kid) in the header