JWT Decoder
Decode JWT header and payload (no verification)
Start
Header
Invalid or missing header
Payload
Invalid or missing payload
Description
Paste a JSON Web Token (JWT) to decode its header and payload without verifying the signature. Useful for inspecting claims quickly.
Key features
- Base64URL decoding of header and payload
- Pretty‑printed JSON panels
- Local, offline decoding
Security note: This tool does not validate signatures. Never trust decoded content without verification.
How to Use
- Paste a JWT (three dot‑separated parts) into the input.
- Read the decoded header and payload JSON panels.
- Validate the token in your backend or with trusted libraries.
Example
Example
Header output shows algorithm and type; payload shows claims like sub, exp, iat.
FAQ
Does this verify tokens?
No. It only decodes. Always verify signatures server‑side.
Why is payload empty?
Token may be malformed or not using standard Base64URL encoding.
Encrypted JWTs?
JWE is not supported; this tool targets JWS‑style compact tokens.