chaitanya.dev / Tools / JWT Decoder
Web tool v1.0 Updated Apr 21, 2026

JWT Decoder

Paste a JSON Web Token and see its header, payload, and expiry decoded locally. Nothing ever leaves your browser.

Decode a JWT without sending it anywhere

Pasting tokens into random decoder sites is how secrets leak. This one runs entirely in your browser — no network calls, no logging, no cache. Close the tab and the token is gone.

Notes

  • The signature cannot be verified here. Verification requires the signing secret (HMAC) or public key (RSA/ECDSA), which you should never paste into a web tool. Use your own service or a trusted SDK for verification.
  • Standard claims shown: iss (issuer), sub (subject), aud (audience), iat (issued at), nbf (not before), exp (expires), scope, plus header fields alg, typ, kid.
  • Dates are rendered in UTC. The expiry pill turns amber if the token has already expired.