JWT Decoder

Inspect any JSON Web Token's header, payload, and signature. Fully client-side — the token never leaves your browser.

100% client-side.Your token is decoded in your browser only — it's never sent to a server, logged, or stored.

Algorithm

HS256

Type

JWT

Subject

1234567890

Expiry

Active · in 23553 d

{
  "alg": "HS256",
  "typ": "JWT"
}

{
  "sub": "1234567890",
  "name": "Ada Lovelace",
  "iat": 1716000000,
  "exp": 2035000000,
  "role": "admin"
}

subSubject — typically the user ID

iatMay 18, 2024, 02:40:00 AM · in 19861 d

expJun 27, 2034, 05:46:40 AM · in 23553 d

roleRole assigned to subject

k8q9o5b3vYxsT3xQYJrBcWf8e0a5UqHl0u_uG9fJ7vU

Signature verification requires the issuer's secret or public key, so it's not done here. Use your backend or a library like jose to verify.

A short PDF covering the OWASP JWT pitfalls — none/alg confusion, weak secrets, missing aud checks, and more.

No spam. Unsubscribe anytime.

Explore Related Tools

Discover more utility-driven tools designed to enhance your workflow and technical excellence.

Test JavaScript regular expressions with live match highlighting, capture groups, and a plain-English breakdown of every token.

Paste raw CSS to get Tailwind utility classes, or paste Tailwind classes to get equivalent CSS. Supports the 60+ most common properties.

Beautify, minify, sort keys, and validate JSON instantly. Side-by-side diff mode for comparing two payloads.