MyAITools
Decoder

JWT Decoder

Paste a JSON Web Token to read its header and payload instantly — claims decoded, timestamps rendered as real dates, all without the token ever leaving your browser.

Key facts

Inputs
1 field: JWT
Outputs
5 values: Header, Payload, Signature (hex), Algorithm, and Expires
Runtime
your browser on the device
Mode
Decoder
Privacy
Files and text stay in the browser session.
Cost
$0, no account required

How to use JWT Decoder

  1. 1

    Paste or fill in the input

    Enter your text or values into the input fields on the page.

  2. 2

    Run the utility

    Click Compute to run the utility in your browser and review the result.

  3. 3

    Copy the output

    Copy the output value you need from the result panel.

JWT Decoder details

A JWT is three base64url segments — header, payload, signature — joined by dots. The header and payload are only encoded, not encrypted, so anyone can read them; this tool splits the token, base64url-decodes the first two parts, and pretty-prints the JSON so you can verify the issuer, audience, subject and scopes during debugging. Numeric date claims like exp, iat and nbf are converted to readable timestamps so you can immediately see whether a token is expired.

Crucially, decoding happens locally. A JWT often carries a live session — pasting one into a random online decoder is handing over credentials. Here the work runs in your browser's JavaScript, so the token is never transmitted. Note that decoding is not verification: this shows you what a token claims, but confirming the signature requires the signing key and is a separate step.

Common searches

  • jwt decoder
  • jwt decode
  • decode jwt
  • json web token decoder
  • jwt parser
  • jwt viewer

Related tools

Tools that work with the same formats — most users open one of these next.

Text & EncodingDecoder

Base64 Decode

Decode Base64 or URL-safe Base64 strings back to UTF-8 text — runs locally in your browser.

Try it →
Text & EncodingOnline

QR Code Reader

Scan a QR code from any image and decode it to text — free, online, runs entirely in your browser.

PNGTXT
Text & EncodingGenerator

CRC32 Checksum Calculator

Calculate the CRC32 checksum of any text — hex and decimal output. Free, instant, runs in your browser.

Try it →
Text & EncodingEncoder

Base64 Encode

Encode any text to Base64 (and URL-safe Base64) — runs locally in your browser, free and online.

Try it →
Text & EncodingHasher

Hash Text

Compute MD5, SHA-1, SHA-256, SHA-384 or SHA-512 of any text — runs locally in your browser.

Try it →
Text & EncodingGenerator

UUID Generator

Generate cryptographically random UUIDs (v4) or time-ordered UUIDs (v7) — runs locally in your browser.

Try it →

Frequently asked

Does this verify the JWT signature?

No — it decodes and displays the header and payload. Verifying the signature requires the secret or public key and is intentionally not done here; this tool is for inspecting claims while debugging.

Is it safe to paste a real token?

Yes. Decoding runs entirely in your browser and the token is never sent to a server. That said, treat any JWT as a credential and avoid pasting production tokens into tools you don't control — this one is safe because it's client-side.

Why are exp and iat shown as dates?

Those claims are Unix timestamps (seconds since 1970). We render them as local dates so you can tell at a glance when a token was issued and when it expires.