VyomaStack
Security

Free JWT Decoder Online

Decode JWT headers and payloads instantly. Inspect claims, expiration dates, and algorithms. Does not verify signatures — for debugging only.

JWT Decoder
Decode JWT header and payload. Does not verify signatures — for inspection only.
Never paste production secrets. This tool does not verify token signatures.

Expires: Sat, 20 Nov 2286 17:46:39 GMT

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022,
  "exp": 9999999999
}

Signature

SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Related Tools

Frequently Asked Questions

What is a JWT decoder?
A JWT decoder extracts and displays the header and payload from a JSON Web Token (JWT) without verifying the cryptographic signature.
Does this verify JWT signatures?
No. This tool only decodes Base64URL-encoded header and payload sections. Signature verification requires the secret key and is not performed.
Is it safe to paste my JWT here?
Decoding happens entirely in your browser — nothing is uploaded. However, avoid pasting production tokens with sensitive claims.
What are the three parts of a JWT?
A JWT has three dot-separated parts: Header (algorithm and type), Payload (claims and data), and Signature (verification hash).
Can I see token expiration?
Yes. If the payload contains an exp (expiration) claim, the decoder shows the expiry date and whether the token has expired.