JSON Web Token (JWT) Debugger & Decoder
Decode, inspect, verify, and validate JWT parameters locally. All translations are done securely in-browser.
Encoded Token
Format:
[header].[payload].[signature] (periods separate base64url sections).
Decoded Details
No TokenHeader (Algorithms & Types)
{}
Payload (Claims & User Data)
{}
Verify Signature
Frequently Asked Questions
What is a JSON Web Token (JWT)?
A JSON Web Token is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
Why does this tool run entirely client-side?
JWTs often contain sensitive identity information, roles, scope permissions, and credentials. Sending them to a remote server poses a security risk. By performing all decryption/decoding operations client-side, your data remains secure in your browser.
Can this tool decrypt encrypted tokens (JWE)?
No. This tool decodes standard Signed JSON Web Tokens (JWS). If a token is encrypted using JSON Web Encryption (JWE), it cannot be unpacked without the correct private decryption key.
How are timestamp values translated?
JWT specifications express time fields like Expiration (exp), Issued At (iat), and Not Before (nbf) in Unix epoch seconds. This tool decodes these timestamps, checks them against your system clock, and renders human-readable dates and relative timing status.