JWT Decoder
FreeDecode and inspect JWT token header and payload
HEADER:
{
"alg": "HS256"
}
PAYLOAD:
{
"sub": "123",
"name": "Mehul"
}
Signature: abcAbout JWT Decoder
When you are debugging authentication, a JWT is a wall of dots and Base64 that hides the claims you actually need to check: the subject, expiry, issuer, and scopes. Rather than copy each segment into a Base64 decoder, this tool splits the token and decodes its header and payload in one step so you can read what it carries.
Paste a JWT and the decoder separates the three dot-delimited parts, Base64URL-decodes the header and payload, and shows their JSON contents. It is free, runs in your browser, needs no signup, and returns the result instantly. It reads the token's claims for inspection; it does not verify the signature, so a decoded token is not proof that it is valid or untampered.
Common uses
- Inspecting the claims in a JWT while debugging an auth flow
- Checking a token's expiry and issued-at times
- Reading the subject, scopes, or roles encoded in a token
- Confirming which algorithm a token's header declares
- Verifying that a backend issued the claims you expected
How to use
- 1
Configure options
Set your preferences using the options panel below.
- 2
Click Generate
Click the process button to generate your result instantly.
- 3
Copy or download
Copy the result to clipboard or download it directly to your device.
Why ToolHub?
- Accurate conversion
- Multiple formats
- Instant results
FAQ
Does it verify the token's signature?
No. It decodes the header and payload for inspection only. Signature verification requires the secret or public key and should be done server-side.
Is the secret key needed to decode?
No. The header and payload are Base64URL-encoded, not encrypted, so they decode without any key.
Can I see if a token is expired?
You can read the exp claim, which is a Unix timestamp, and compare it to the current time to judge expiry.
Is my token sent anywhere?
Decoding happens in your browser, so the token is not transmitted to a server, which matters for sensitive credentials.
Can I use JWT Decoder on mobile?
Yes — ToolHub is fully responsive and works on iPhone, Android, tablets and all modern browsers. No app install needed.