Decode any JWT to view header, payload, and signature. Free online JWT decoder — browser-based, with expiry and standard-claim inspection. No signature verification.
The Tooloogle JWT Decoder takes any JSON Web Token (JWT) — the format used by OAuth, OpenID Connect, and most modern API authentication systems — and instantly decodes the three parts (header, payload, signature) into readable JSON. Inspect claims, check expiry, and verify the algorithm without leaving your browser.
Header — algorithm (HS256, RS256, ES256, etc.) and token type.
Payload — standard claims (iss, sub, aud, exp, iat, nbf, jti) plus any custom claims.
Signature — the raw signature bytes (Base64-URL).
Expiry status — visual indicator showing whether exp is in the past, present, or future, with relative time (e.g. “expires in 47 minutes”).
Issued / not-before time — iat and nbf rendered in your local timezone and ISO 8601.
Paste a JWT (the three Base64-URL parts separated by dots) into the input.
The header, payload, and signature appear immediately, formatted as JSON.
Standard timestamp claims (exp, iat, nbf) are converted to human-readable dates.
Copy individual fields or the full decoded JSON with one click.
This decoder does not verify the signature. Verification requires the issuer's secret (HS*) or public key (RS* / ES*) and must happen in your application server — never trust an unverified token for authentication. The decoder is for inspection and debugging only.
Debugging OAuth and OpenID Connect flows. Inspecting Auth0, Cognito, Okta, Keycloak, or Firebase tokens. Verifying that a token contains the expected claims (user ID, role, scope). Checking why an API call returns 401 when the token "should" be valid (often: expired, wrong audience, clock skew). Teaching JWT structure to engineering teams.
Decoding runs entirely in your browser using JavaScript. Your JWT never leaves your machine. No upload, no logging, no analytics on token contents. Open DevTools and check the Network tab — zero requests fire when you decode.
How to Use JWT Decoder Online - Decode JSON Web Tokens Instantly
Copy your JWT token and paste it into the input box.
The tool instantly decodes your JWT and displays the header and payload.
Check claims like userId, name, email, iat, exp, and other custom fields. The header shows the algorithm and token type.
Decode any JWT to view header, payload, and signature. Free online JWT decoder — browser-based, with expiry and standard-claim inspection. No signature verification.
Tool Use:
39Type:
Free ToolPrivacy:
Client SideConvert byte arrays to strings online. Decode space- or comma-separated bytes (decimal, hex, or binary) to UTF-8 text. Free browser-based byte-to-string converter.
Encode text or files to Base64 and decode Base64 strings back to text. Free, instant, browser-only — no upload, no logging.
Percent-encode strings for safe URL inclusion or decode percent-encoded URLs back to readable text — free and UTF-8 safe.
Convert any image (PNG, JPG, GIF, SVG, WebP) to a Base64 data URI for embedding in HTML, CSS, or JSON.
Decode Base64-encoded image strings back to viewable PNG / JPG / GIF / WebP images — free and instant.