For debugging only. Never trust a token based on decoding alone—always verify signatures and issuer on your server.
Header
—
Payload
—
Signature (opaque)
—
JWT decoder
Pretty-print header and payload from a JSON Web Token—signature verification is not performed here.
What this JWT tool does
JWTs are three Base64url-encoded pieces: header, payload, and signature. This page decodes the first two into JSON so you can read standard claims like expiration (exp) or audience (aud). It does not validate cryptographic signatures.
Privacy
Tokens are processed entirely in your browser.
Frequently asked questions
Does this verify the signature?
No—it only decodes Base64url segments so you can inspect claims. Use your identity provider or server libraries to verify.
Is my JWT uploaded?
No—all decoding happens locally.
Should I paste production tokens?
Avoid sharing live secrets on shared machines; treat decoded tokens like passwords.
What about encrypted JWE?
This page targets standard signed JWT (three segments separated by dots).