JWT Decoder
Decode and inspect JWT header and payload — shows expiry status and issued-at time.
How to use this tool
- 1Paste a JWT token into the textarea (the full eyJ... string).
- 2The decoded Header and Payload appear as formatted JSON below.
- 3If the token has an exp claim, a green or red banner shows whether it is expired.
About JWT Decoder
JSON Web Tokens (JWTs) are Base64Url-encoded strings used for authentication and API authorisation. When debugging an auth issue, you need to see what's inside the token without writing code. This decoder splits the JWT on dots, decodes the header and payload parts using Base64Url decoding (replacing - with + and _ with / before atob()), and displays them as formatted JSON. If the payload contains an exp claim, the tool shows whether the token is expired or still valid and displays the expiry time in your local timezone. The iat (issued at) claim is also shown if present. The signature is not verified — this tool is for inspection only. An error is shown if the token doesn't have exactly three dot-separated parts or if the header/payload can't be decoded. Developers debugging OAuth flows, inspecting API tokens, and verifying JWT claims are the primary users.