Debug an access token
Inspect token claims while troubleshooting login sessions or API authorization.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkJ1aWxkT25MYWJzIiwiaWF0IjoxNzEwMDAwMDAwLCJleHAiOjE3MTAwMDM2MDB9.signatureSecurity
JWT Decoder
Decode JWT headers and payloads locally to debug auth flows without exposing tokens.
jwt decodertoken decoderjwt debuggerjwt parser
L
This tool runs locally in your browser. Your input is not sent to a backend or paid API.
JWT Decoder
Decode JWT headers and payloads locally. Signature verification is not performed.
How to use
How to use JWT Decoder
Follow this workflow to complete the task locally without leaving the page.
- 1
Paste a JWT into the token input.
- 2
Click Decode JWT to parse the header and payload.
- 3
Review the decoded JSON and common claims such as issuer, subject, and expiration.
- 4
Remember that decoding does not verify the token signature.
Examples
Example inputs
Use these examples to understand common workflows and expected input formats.
Check expiry claims
Decode payload timestamps to confirm whether a token is expired or issued unexpectedly.
Inspect exp, iat, nbf, iss, aud, and sub fields.FAQ
JWT Decoder FAQ
Answers to common questions about behavior, privacy, and practical usage.
Does this JWT Decoder verify signatures?
No. It decodes the JWT header and payload so you can inspect claims. It does not verify signatures or prove that a token is trusted.
Is it safe to paste a JWT into this tool?
Decoding runs locally in your browser. Still, avoid sharing production secrets or tokens in screenshots, chat logs, or public issue trackers.
Why do JWT timestamps look like numbers?
JWT claims such as exp, iat, and nbf commonly use Unix seconds. The decoder converts those fields to readable dates when possible.
What JWT parts are decoded?
The tool decodes the first two JWT segments: the header and payload. The third segment is the signature and is shown but not validated.