JWT
Decoder

Decode and inspect JSON Web Tokens instantly. View header, payload, claims, and expiration status.

Token

Header

Paste a JWT to see the header.

Payload

Paste a JWT to see the payload.

Standard Claims

Paste a JWT to see token claims.

Learn more

How do JWTs carry authentication, and why are they signed but not encrypted?

Was this useful?

Related Tools

Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text instantly in your browser.

Design System Generator

Turn two or three brand colors into semantic design tokens with live previews and CSS, Tailwind, SCSS, and JSON exports.

JSON Formatter

Format and validate JSON quickly with clean output and errors.

Base64 Encode/Decode

Convert plain text to Base64 and back in one panel.

Epoch Converter

Convert Unix timestamps to readable date and time values.

Markdown to HTML

Render markdown into clean, copy-ready HTML output.

Frequently Asked Questions

A JWT consists of three Base64URL-encoded segments separated by dots: header, payload, and signature. Paste the token and the decoder splits and decodes the header and payload into readable JSON.

You cannot verify the signature without the secret or public key used to sign the token. Decoding the payload shows the claims but does not confirm the token is authentic.

The exp field contains a Unix timestamp indicating when the token expires. If the current time exceeds this value, the token should be rejected by the server.

JWT Decoder - Decode JSON Web Tokens Online | ToolsCanvas