JWT Decoder
Decode a JWT header and payload locally, with issued-at and expiry status.
The signature is never verified here. A decoded JWT is not a trusted JWT — always verify the signature server-side with your secret or public key before relying on any claim.
Runs in your browser. Your input is not uploaded to PayloadIQ.
A JWT is three Base64URL segments joined by dots: a header, a payload of claims, and a signature. This tool splits the token and decodes the first two segments so you can read the algorithm, the claims, and human-readable issued-at and expiry timestamps — all in your browser, with the signature left untouched.
One caveat worth repeating: decoding is not verification. Anyone can read a JWT's payload, and the expstatus shown here is only informational. Always verify the signature server-side with your secret or public key before trusting a token's claims.