Loading…
Paste a JSON Web Token and instantly inspect its decoded header, payload, and expiry claims. No secret key required — this tool decodes only.
Use Cases
- ›Checking the claims and expiry in an auth token during development
- ›Inspecting the algorithm declared in the JWT header
- ›Debugging token refresh issues by comparing iat and exp values
- ›Auditing what scopes or roles are encoded in a third-party token
Example
Input
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .eyJzdWIiOiIxMjM0IiwibmFtZSI6IkFsaWNlIn0 .signature
Output
Header: { "alg": "HS256", "typ": "JWT" }
Payload: { "sub": "1234", "name": "Alice" }FAQ
Can it verify the signature?
No. Signature verification requires the secret key and is intentionally out of scope — this tool is for inspection only.
Are tokens stored or logged anywhere?
No. Everything stays in memory in your browser and is never transmitted.