JWT Decoder

A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three Base64-encoded parts separated by dots: a header (algorithm and type), a payload (claims/data), and a signature.

No. This tool only decodes and displays the header and payload. Signature verification requires the secret key or public key, which should never be shared with a client-side tool. Use a backend service for signature verification.

Yes. Everything runs entirely in your browser. The token is never sent to any server. However, be mindful that JWTs often contain sensitive information, so avoid sharing them in screenshots or public channels.

The three parts of a JWT are color-coded: red for the header, purple for the payload, and teal for the signature. This matches the standard JWT visualization convention and helps you identify each section.

The decoder reads the 'exp' (expiration) claim from the payload, which is a Unix timestamp. It compares that to your current system time to determine if the token is expired, and shows a countdown or time-since-expiry.