About this jwt decoder
A JSON Web Token (JWT) is a compact, dotted string that apps use to carry sign-in information. It has three parts: a header, a payload and a signature. This JWT decoder takes the first two parts, which are just Base64-encoded JSON, and shows them in a readable form so you can see the claims inside — who the token is for, when it was issued and when it expires. Common time fields like iat, nbf and exp are converted into real dates, and the tool flags a token whose expiry has already passed. Decoding happens entirely in your browser, and the signature is never checked, so treat this as a read-only viewer rather than a security check.
Frequently asked questions
- Does this verify the token's signature?
- No. It only decodes and displays the header and payload so you can read them. It cannot confirm that a token is valid or untampered.
- Is it safe to paste a token here?
- The decoding happens in your browser and nothing is sent anywhere, but as good practice you should never paste real, live tokens that belong to someone else or to production systems.
- Why are some fields shown as dates?
- Time fields such as iat, nbf and exp are stored as numbers (seconds since 1970). The tool converts them to readable dates for you.