JWT Decoder

Paste a JWT to decode its header and payload. Runs entirely in your browser.

This tool only decodes the token - it does not verify the signature, since that would require the signing secret or key, which never belongs in a client-side tool.

How it works

A JWT's header and payload are just base64url-encoded JSON, so decoding them requires no server round-trip - but decoding isn't the same as verifying: anyone can read a JWT's contents without the signing key.

Ad space