EncodeIn browser

JWT decoder

Local inspection of JWT JSON content for authentication debugging. The token signature is not verified.

Use cases
Authentication debuggingClaims inspectionExpiry checksHeader inspection

Important: this tool only decodes the contents. The JWT signature is not verified.

JWT token
Header and payload

How to use it

  1. 1Paste a JWT with three dot-separated segments.
  2. 2Click Decode JWT.
  3. 3Inspect the formatted header and payload JSON.
  4. 4Do not treat the result as proof of authenticity: this tool does not verify signatures.

Questions

Is the JWT sent to a server?

No. The token is decoded only in your browser and its contents are not included in analytics.

Does this tool verify the JWT signature?

No. It only decodes the header and payload. Claims are trustworthy only after separate signature verification.

Why can't the token be decoded?

A JWT must have three segments. Header and payload must be Base64URL-encoded JSON objects, and a signed JWT needs a non-empty Base64URL signature. With alg "none", the signature must be empty.

Other tools

All tools