All Tools
Paste a JWT token to see the decoded header and payload. No validation — just decoding.
Decode JSON Web Tokens (JWT) to inspect their header and payload without any external tools or libraries. Paste a JWT and see the algorithm, claims, expiration time, and all encoded data in a readable format. Used daily by developers working with authentication, OAuth, and API security.
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange. It consists of three parts separated by dots: a header (algorithm and token type), a payload (claims and data), and a signature (for verification). JWTs are used by most modern authentication systems including OAuth 2.0, OpenID Connect, Firebase Auth, Auth0, and Supabase.
Yes — this tool only decodes the token locally in your browser. It does not validate the signature or send the token anywhere. That said, JWTs often contain sensitive information (user IDs, email addresses, permissions), so never paste production tokens into online tools that upload data to servers. This tool doesn't — everything stays in your browser.