JWT Decoder
A JWT (JSON Web Token, RFC 7519) is a base64url-encoded triple of header, payload, and signature used for stateless authentication. This decoder splits the token, base64url-decodes the header and payload, and surfaces expiration (exp), issuer (iss), audience (aud), and other registered claims — entirely in your browser. The token is never transmitted off-device.
Signature verification requires the signing key, which is intentionally outside this tool's scope — pasting a key into a third-party site is a real risk during pentest engagements.
Features
Full Decode
Splits the JWT into header, payload, and signature with formatted JSON display.
Expiration Check
Automatically detects and displays token expiration status with clear visual indicators.
Privacy First
All decoding happens in your browser. Your tokens are never sent to any server.