JWT Decoder

Decode JSON Web Tokens. Header, payload, and signature — with human-readable timestamps for exp, iat, and nbf.

All decoding happens locally in your browser. Your token never leaves this page.

Paste a JWT token in the format header.payload.signature

Header


            


            

                

                    
Payload

                    
                

                

                

            


            

                

                    
Signature

                    
                

                

                
Signature is shown but not verified — verification requires the issuer's secret or public key. Never trust an unverified JWT in production code.

            

        


        

            
About JWTs

            A JSON Web Token is three Base64URL-encoded segments joined by dots: header.payload.signature. The header and payload are JSON; the signature proves the token wasn't tampered with. This tool decodes the first two segments locally — it does not verify the signature.