JWT Decoder & Verifier
Decode the header and payload of a JSON Web Token, inspect standard claims with human-readable timestamps, and verify HS256 signatures — all locally in your browser.
About the JWT Decoder
A JSON Web Token (JWT) is a compact, URL-safe token made of three Base64URL-encoded parts — header, payload and signature — separated by dots. Bytewrench's JWT decoder splits the token and decodes the header and payload so you can inspect claims like issuer, subject, expiry and custom data in readable JSON.
Decoding happens entirely in your browser, so you can safely inspect access tokens and ID tokens without sending them to a third-party service.
Instantly view the decoded header and payload claims as formatted JSON.
Standard claims like iat, exp and nbf are easy to interpret at a glance.
Tokens are decoded locally — never transmitted or logged.
Drop in any JWT and see its structure immediately, no configuration needed.
Frequently asked questions
Does this verify the JWT signature?
No. This tool decodes and displays the token contents but does not verify the cryptographic signature. Never trust a token's claims without verifying its signature server-side.
Is it safe to paste my token here?
Decoding happens entirely in your browser and nothing is uploaded. Still, treat live access tokens with care and avoid sharing them.
What are the three parts of a JWT?
A JWT has a header (algorithm and type), a payload (the claims), and a signature, each Base64URL-encoded and joined with dots.
Why is my token marked invalid?
A JWT must have exactly three dot-separated, Base64URL-encoded segments. Malformed or truncated tokens cannot be decoded.