Nceptia

JWT decoder

Pretty-print header and payload from a JSON Web Token—signature verification is not performed here.

For debugging only. Never trust a token based on decoding alone—always verify signatures and issuer on your server.

Header
Payload
Signature (opaque)

What the decoder shows

JWT decoding is useful when you want to inspect the header and payload of a token without guessing at the encoded text. You can quickly see claims such as the subject, issuer, audience, or expiration time in a readable JSON format.

Decoding is not trust

Seeing the contents of a token does not prove the signature is valid. Treat this page as a debugging aid only, then verify the signature and expiry in your authentication service before trusting the claims in a real application.

What JWT decoding shows

JSON Web Tokens carry a header (algorithm, type), payload (claims such as sub, exp, aud), and signature. This page base64url-decodes the first two parts for inspection.

Security reminder

Decoding is not verification. Anyone can read an unsigned or encoded token; only your auth service should trust a token after signature and expiry checks.

Inspecting JSON Web Tokens

Paste a JWT to view decoded header and payload JSON. Useful when debugging auth flows, checking expiry (exp), or verifying audience (aud) claims during development.

Security

Never paste production tokens on shared computers. Decoding does not validate signatures — use your identity provider for trust decisions.

Quick start

  1. Paste a JWT — Drop a JSON Web Token into the input — use test tokens only on shared machines.
  2. Inspect header and payload — Decoded claims appear as formatted JSON for quick debugging.
  3. Verify signature separately — This tool decodes only; validate signatures with your auth server or library.