JWT Decoder client-side ?
How to use JWT DecoderA JSON Web Token (JWT) is made of three parts (header, payload and signature) encoded in Base64 and separated by dots. This tool decodes the JWT to show its header and data in clear text, which is handy for debugging authentication or inspecting claims such as expiry or issuer.
Decoding happens entirely in your browser. Your token is never sent to a server, which is critical since a JWT often contains sensitive information and can act on behalf of a user. Treat any token as a secret and avoid sharing it.
?
A JSON Web Token (JWT) is made of three parts (header, payload and signature) encoded in Base64 and separated by dots. This tool decodes the JWT to show its header and data in clear text, which is handy for debugging authentication or inspecting claims such as expiry or issuer. Decoding happens entirely in your browser. Your token is never sent to a server, which is critical since a JWT often contains sensitive information and can act on behalf of a user. Treat any token as a secret and avoid sharing it.
Decode and verify JWT signatures directly in your browser.
How to use JWT Decoder
A JSON Web Token (JWT) is made of three parts (header, payload and signature) encoded in Base64 and separated by dots. This tool decodes the JWT to show its header and data in clear text, which is handy for debugging authentication or inspecting claims such as expiry or issuer. Decoding happens entirely in your browser. Your token is never sent to a server, which is critical since a JWT often contains sensitive information and can act on behalf of a user. Treat any token as a secret and avoid sharing it.
Frequently asked questions
Is a JWT encrypted?
No, it is usually only Base64-encoded. Anyone can read its payload, which is why you must never put secret data in it. The signature ensures integrity, not confidentiality.
Is my token sent anywhere?
No. Decoding happens in your browser and the token is never transmitted to a server.
Does this tool verify the signature?
It decodes and displays the token content. Verifying the signature requires the secret key on the server side and is not the purpose of this tool.
What does a JWT payload contain?
Claims such as the user identifier (sub), expiry date (exp), issuer (iss) and any data added by the application. It is all readable in clear text once decoded.