Is it safe to paste my JWT token here?

Yes — JWT Decoder runs 100% in your browser. Your token is never sent to any server. All decoding happens locally using JavaScript. You can verify this by checking your browser's network tab.

What is a JSON Web Token (JWT)?

A JWT is a compact, URL-safe token format used for authentication and authorization. It consists of three Base64-encoded parts separated by dots: a header (algorithm & type), a payload (claims like user ID, roles, expiration), and a signature.

Can this tool verify JWT signatures?

This tool decodes and inspects JWTs but does not verify signatures, since that requires the signing secret or public key. It's designed for debugging and inspecting token contents.

What claims does the tool detect?

It detects and highlights all registered claims including iss (issuer), sub (subject), aud (audience), exp (expiration), nbf (not before), iat (issued at), and jti (JWT ID). Custom claims are also displayed.

Does this work with expired tokens?

Yes. You can decode any JWT regardless of whether it's expired. The tool will show the expiration status and how long ago it expired or when it will expire.

Free & Private JWT Inspector

Decode Any
JSON Web Token

Paste a JWT to instantly see its header, payload, and claims. Check expiration, inspect algorithms, and debug authentication — all in your browser, nothing sent to a server.

🔓

Instant Decode

Paste any JWT and instantly see the decoded header, payload, and signature — no waiting, no server calls.

⏱️

Expiration Check

Automatically detects exp, iat, and nbf claims and shows whether the token is expired, valid, or not yet active.

🔒

100% Client-Side

Your tokens never leave your browser. Zero network requests — completely safe for production JWTs.

Frequently Asked Questions

Everything you need to know about JWT Decoder.

Decode AnyJSON Web Token

Instant Decode

Expiration Check

100% Client-Side

Token Input

Frequently Asked Questions

Decode Any
JSON Web Token