MAKS Consulting Services
← All tools

JWT Decoder

Decode a JWT to inspect its header and payload. Runs locally.

Decoding happens locally in your browser. Never paste production secrets. This tool does not verify the signature.
Issued at (iat)
11/14/2023, 10:13:20 PM
Expires (exp)
5/18/2033, 3:33:20 AM — valid
Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Payload
{
  "sub": "1234567890",
  "name": "MAKS Demo",
  "iat": 1700000000,
  "exp": 2000000000
}

Decoding is local to your browser and does not verify signatures. Never paste production secrets or sensitive tokens into online tools.

About the JWT decoder

A JSON Web Token (JWT) has three Base64URL-encoded parts: a header, a payload, and a signature. This tool decodes the header and payload so you can inspect the claims, and converts timestamp claims like exp into readable dates.

It does not check the signature — verification requires the secret or public key and should be done server-side.

Frequently asked questions

Does this verify the JWT signature?
No. This tool only decodes the header and payload for inspection. It does not verify the signature, which requires the signing secret or public key.
Is it safe to paste a token here?
Decoding runs entirely in your browser and nothing is uploaded. Even so, never paste production tokens or secrets into any online tool you don't fully control.
What do iat, exp, and nbf mean?
They are standard JWT claims: iat (issued at), exp (expiry), and nbf (not valid before). This tool converts them to readable dates and flags expired tokens.