Paste a JWT (JSON Web Token) and instantly see its decoded header, payload, and signature. View claims with tooltips for standard fields (iss, sub, aud, exp, iat, jti, nbf), expiration status (with countdown), token age, and the signing algorithm. Everything runs in your browser - your tokens are never sent to any server.
When to use this
Use when: debugging authentication flows in your app, inspecting a JWT issued by Auth0 / Cognito / Firebase / Supabase, checking why a token is being rejected (expired? wrong audience? wrong issuer?), exploring what's inside a token from your bug-report screenshots.
Frequently Asked Questions
Is my JWT stored or logged?
No - decoding happens entirely in your browser using simple base64 decoding. The token never leaves your device, isn't stored, isn't logged. You can verify by checking your network tab while decoding - no requests are made to any server.
Can I copy individual claims?
Yes - click any value in the decoded view to copy it to your clipboard. Useful for copying user IDs, expiry timestamps, or specific custom claims into other tools or scripts.
Powered by JWT Decoder.