EncodeIn browser
JWT decoder
Local inspection of JWT JSON content for authentication debugging. The token signature is not verified.
Use cases
Authentication debuggingClaims inspectionExpiry checksHeader inspection
Important: this tool only decodes the contents. The JWT signature is not verified.
JWT token
Header and payload
How to use it
- 1Paste a JWT with three dot-separated segments.
- 2Click Decode JWT.
- 3Inspect the formatted header and payload JSON.
- 4Do not treat the result as proof of authenticity: this tool does not verify signatures.
Questions
Is the JWT sent to a server?
No. The token is decoded only in your browser and its contents are not included in analytics.
Does this tool verify the JWT signature?
No. It only decodes the header and payload. Claims are trustworthy only after separate signature verification.
Why can't the token be decoded?
A JWT must have three segments. Header and payload must be Base64URL-encoded JSON objects, and a signed JWT needs a non-empty Base64URL signature. With alg "none", the signature must be empty.