100% local · token never uploaded
JWT Decoder
Decode a JSON Web Token to read its header and payload, with expiry and issued-at timestamps spelled out. Decoding only, no verification.
About this tool
This JWT decoder splits a JSON Web Token into its three parts and decodes the header and payload from Base64URL so you can read the claims. It also spells out the time-based claims (exp, iat, nbf) as readable dates, which is the fastest way to see whether a token has expired.
Decoding happens entirely in your browser and the token is never uploaded. The tool does not verify the signature, it only decodes, so treat the contents as unverified and never paste a sensitive production token into any online tool you do not control.
Frequently asked questions
Does this verify the signature?+
No. It only decodes the header and payload. Verifying the signature needs the secret or public key and should be done in your own code.
Is the token uploaded anywhere?+
No, decoding is done locally in your browser. That said, avoid pasting real production tokens into any third-party tool.
How do I tell if a JWT is expired?+
Look at the exp claim, shown here as a readable date. If it is in the past, the token has expired.