DevSecOps
JWT Decoder
Paste any JWT string to decode the header and payload, see the expiry and issued-at timestamps in human-readable form, and check whether the token is expired. The signature is not verified — this tool decodes only. Nothing is transmitted.
No data is transmitted — everything runs locallyTool
About this tool
JWT Decoder
The JWT Decoder decodes any JSON Web Token header and payload in your browser, showing all claims including expiry and issued-at timestamps. Signature is not verified.
• Debug a 401 error caused by an expired token
• Inspect the claims in an OAuth or OIDC token
• Verify the algorithm and key ID in a JWT header
• Check token lifetime before a demo or integration test
Affiliate disclosure
Credential and secrets management for teams. 1Password provides enterprise password management and secrets infrastructure for development teams.
View secrets with 1Password
External site · Independent provider · We may receive a commission · Not a recommendation
FAQ
What does this tool tell you?
The JWT Decoder decodes any JSON Web Token header and payload in your browser, showing all claims including expiry and issued-at timestamps. Signature is not verified.
What affects the result most?
Algorithm (HS256/RS256/ES256 — symmetric vs asymmetric). Expiry claim (exp) — Unix timestamp. Issued-at claim (iat).
How should I use the result?
The parsing and decoding happen entirely in your browser — input is never transmitted. Copy the decoded output into your audit log, debugging session, or documentation; the transformation is reversible when the format specifies one.
Related tools