Skip to content
DevLab

JWT Decoder

Decode JWT (JSON Web Token) in your browser and visualize the header, payload, and signature.iat / exp / nbf are automatically converted to human-readable dates.

✅ 100% free, no signup, runs entirely in your browser

About the JWT structure

A JWT is a string consisting of header.payload.signature three parts joined with dots (.). The header and payload are Base64URL-encoded JSON, and the signature is generated using the algorithm specified in the header (e.g., HS256 / RS256).

Key claims: iss (issuer), sub (subject), aud (audience), exp (expiration), nbf (not before), iat (issued at), jti (JWT ID)

If something is broken or not displaying correctly, let us know via the contact form からご報告ください。

📖 How to Use

  1. 1
    Copy your JWT
    Get the JWT string from your API response or Authorization header.
  2. 2
    Paste into the input
    Paste the JWT into the top textarea and decoding runs automatically.
  3. 3
    Inspect header & payload
    View algorithm (alg), issuer (iss), expiration (exp) and other claims visually.

❓ FAQ

What is a JWT?
A JWT (JSON Web Token) is an authentication token made of three Base64URL-encoded parts (header.payload.signature) joined with dots. Commonly used for API auth after login.
Can this tool verify the signature?
This tool is decode-only. Signature verification needs the secret (HS256) or public key (RS256/ES256) — use our JWT Signer tool or verify on your backend.
Is the JWT sent to any server?
No. All decoding happens in your browser via JavaScript — no network request is made.
What if exp is expired?
An expired JWT is invalid. Use the refresh token to get a new JWT, or re-login. Always validate exp on the client side too.
🐛 Found a bug or issue with this tool?

Free to use, no signup. Even just the steps to reproduce are helpful. Reports go directly to the operator and help us fix issues.

* Browser info (UA / screen / language / URL) is sent automatically to help reproduce the issue