JWT Decoder
Decode JWT tokens to see the header and payload. All decoding happens in your browser.
Paste only the compact JWT string. The signature is decoded but not verified.
Tool guide
About JWT Decoder
JWTs contain Base64URL-encoded header and payload sections. A decoder helps you inspect claims such as issuer, subject, audience, issued-at time, and expiration time during debugging.
Decoding a JWT does not verify its signature. Treat decoded claims as untrusted unless the token has been verified by your application or identity provider.
Common use cases
- Inspect token claims while debugging authentication.
- Check expiration and issued-at timestamps.
- Compare token payloads between environments.
- Verify whether an API client is sending the expected audience or scope.
Practical tips
- Never paste production secrets or private tokens into tools you do not trust.
- Decoding is not the same as validating a signature.
- Check exp, nbf, aud, iss, and scope claims when troubleshooting auth.
Related tools
Frequently asked questions
Does decoding verify a JWT?
No. Decoding only reads the header and payload. Signature verification must be done separately.
What is Base64URL?
Base64URL is a URL-safe variant of Base64 used by JWT segments.
Can I edit a JWT after decoding it?
Changing a token payload invalidates the original signature unless it is re-signed by a trusted issuer.
Is JWT Decoder free to use?
Yes. JWT Decoder is free to use in your browser with no signup required.
Is my data uploaded when I use JWT Decoder?
Most FreeTools utilities process data locally in your browser. Tools that call third-party services, such as IP lookup and advertising, are disclosed in the privacy policy.
What can I use JWT Decoder for?
Decode JWT tokens to view header and payload. Decodes token header and payload locally in your browser; do not paste sensitive production tokens into any web page.