Encoding · Security

JWT Decoder

Decode and inspect JSON Web Tokens — header, payload and signature — instantly and entirely in your browser.

Decoded locally — never sent anywhere
Encoded token
TOKEN STRUCTURE
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMDI0LWE5ZiIsIm5hbWUiOiJBZGEgTG92ZWxhY2UiLCJyb2xlIjoiYWRtaW4iLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE3MTgzMTk2MDB9.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
● header● payload● signature
Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Payload · claims
{
  "sub": "1024-a9f",
  "name": "Ada Lovelace",
  "role": "admin",
  "scope": [
    "read",
    "write"
  ],
  "iat": 1516239022,
  "exp": 1718319600
}

Frequently asked

No. The entire decode happens in your browser — the token never leaves your machine and nothing is logged. You can go offline and it still works.

Decoding shows the header and payload without a secret. Signature verification is a separate, optional step you run locally with your key.

Any standard JWS with a base64url-encoded header and payload. Encrypted JWE tokens are flagged as not decodable without a key.

How to use

1

Paste your token into the input, or hit Load sample to try it.

2

The header and payload decode automatically as you type — no button press needed.

3

Copy either panel with one click, or read the color-coded token structure.

Related tools