JWT Decoder
Decode a JWT's header and payload and turn exp/iat into human-readable times
도구를 불러오는 중…
🔒 Everything runs 100% in your browser. Your files and input are never uploaded to any server.
Paste in a JWT (JSON Web Token) and this tool base64url-decodes the header and payload into nicely formatted JSON, converting time values like exp and iat into human-readable dates. It's useful for developers who need to quickly inspect the contents of login and auth tokens.
How to use
- Paste the entire JWT token (header.payload.signature) into the input box.
- The header and payload are automatically decoded and shown as formatted JSON.
- Time values like exp (expiry) and iat (issued at) are shown as human-readable dates along with whether the token has expired.
- Use the copy button to put the decoded JSON on your clipboard.
FAQ
- Is the signature verified too?
- No. This tool only decodes the contents and does not verify the signature. Don't use it to judge whether a token has been tampered with.
- How is expiry determined?
- It compares the payload's exp value with the current time and shows 'valid' or 'expired'. Tokens without an exp don't show an expiry status.
- Is the token sent to a server?
- No. Decoding all happens in your browser, and the token is never sent to or stored on a server. Even so, handle production secret tokens with care.
