JWT Decoder Online
Inspect JSON Web Tokens
Paste a JWT to decode its Base64URL header and payload as formatted JSON. Inspect claims, roles, and expiration without verifying the signature.
What is this tool?
This JWT decoder reads the header and payload segments of a JSON Web Token and formats them as JSON. JWTs are compact strings made from Base64URL-encoded JSON parts separated by dots, commonly used for authentication, authorization claims, and identity-provider integrations.
The decoder is intentionally an inspection tool. It does not verify the signature, fetch JWKS keys, validate iss or aud, enforce algorithm policies, or prove that a token is trustworthy. It helps you see what the token says; it does not prove who signed it.
Use it when debugging claim shape, expiration timestamps, roles, scopes, kid values, or environment mismatches between auth providers and applications.
How to use
- Paste a JWT in compact form, usually
header.payload.signature. - Click Decode JWT to parse the first two Base64URL segments.
- Read the formatted header and payload JSON, including expiration information when an
expclaim exists. - Use a real verifier when you need to validate the signature, issuer, audience, or key ID.
Examples
| Input / setting | Output | Notes |
|---|---|---|
eyJhbGciOiJub25lIn0.eyJzdWIiOiIxMjMifQ. | header {"alg":"none"}; payload {"sub":"123"} | A minimal token decoded into its JSON header and payload. |
eyJ0eXAiOiJKV1QifQ.eyJyb2xlIjoiYWRtaW4ifQ.signature | header {"typ":"JWT"}; payload {"role":"admin"} | The signature segment is not verified by this decoder. |
Related tools & concepts
Last reviewed: 2026-05-08