JWT Decoder
Decode a JWT header and payload, and optionally verify it.
How to use it
- Paste a JWT.
- Read the decoded header and payload.
- To check an HS256 signature, enter the secret and click Verify.
About this tool
The JWT decoder splits a token and base64url decodes the header and payload to readable JSON, and shows the signature. Decoding does not check the signature, so treat decoded contents as unverified until checked. For HS256 tokens you can paste the secret and verify the signature locally with Web Crypto. Everything runs in your browser, so only paste secrets on a device you trust.
Examples
A standard JWTDecoded header and payload as JSONAn HS256 token plus its secretSignature valid or invalidCommon uses
- Inspect the claims inside a JWT
- Check a token expiry or subject
- Debug an authentication flow
- Verify an HS256 signature locally
FAQ
Is the token sent anywhere?
Does decoding verify the token?
Which algorithms can it verify?
Related tools
JSON Formatter
Format, validate, beautify, and minify JSON.
Open toolBase64 Encoder and Decoder
Encode text to Base64 or decode it back.
Open toolPassword Generator
Generate strong random passwords with length and character options.
Open toolUUID Generator
Generate v4 UUIDs in bulk.
Open toolURL Encoder and Decoder
URL-encode or decode percent-encoded strings.
Open toolEmbed this tool
Paste this snippet to put the tool on your own site. It runs entirely in the visitor's browser, the same as it does here.