Paste JWT Token
How to Use This Tool
Paste a JWT
Paste a JSON Web Token into the input field.
View decoded parts
The header, payload, and signature are decoded and displayed automatically.
Check expiration
The tool highlights whether the token is expired or still valid.
Features
Instant Decode
Header and payload are decoded in real time as you paste or type.
Expiration Check
Timestamps like exp, iat, and nbf are converted to human-readable dates.
Signature Display
View the algorithm and signature portion without needing a secret key.
Pretty-Printed Claims
Payload claims are formatted as readable JSON.
Frequently Asked Questions
Can this tool verify JWT signatures?
This tool decodes and inspects JWTs. Signature verification requires the signing secret or public key, which should never be pasted into a web tool. Use server-side libraries for verification.
Is it safe to paste my JWT here?
All decoding happens in your browser — tokens are never sent to a server. However, never paste production tokens containing sensitive claims into any online tool.
What JWT algorithms are supported?
The decoder works with any JWT regardless of algorithm (HS256, RS256, ES256, etc.). It reads the alg field from the header and displays it.
Why does my JWT have three parts?
A JWT consists of three Base64URL-encoded sections separated by dots: the header (algorithm and type), the payload (claims), and the signature (integrity verification).