Utilko logo Utilko

JWT Decoder

Decode and inspect JSON Web Tokens (JWTs) instantly. View header, payload, and signature without a secret key. Debug authentication tokens safely.

Used 53.1K times today

How to Use JWT Decoder

  1. 1

    Paste your JWT

    Copy your JWT token (the three-part dot-separated string) and paste it into the input field.

  2. 2

    Inspect decoded sections

    The tool splits the JWT into Header, Payload, and Signature, formatting each as readable JSON.

  3. 3

    Check claims and expiry

    Review standard claims like iss, sub, aud, exp, and iat. Expiry times are shown in human-readable format.

Frequently Asked Questions

Can this tool verify a JWT signature?
JWT decoding (reading the payload) requires no secret. Signature verification requires the secret or public key, which is not supported here for security reasons. This tool is for inspection and debugging only.
Is it safe to paste my JWT here?
All decoding happens in your browser — the token is never sent to any server. However, be cautious pasting production tokens in shared or monitored environments.
What is the exp claim?
The exp (expiration) claim is a Unix timestamp indicating when the token expires. This tool converts it to a human-readable date and flags whether the token has expired.
Does it support all JWT algorithms?
JWT decoding does not require knowledge of the algorithm. The header and payload are simply Base64Url decoded, so this tool works with HS256, RS256, ES256, and any other algorithm.

About JWT Decoder

The JWT Decoder instantly breaks apart a JSON Web Token into its three components: the Header (algorithm and token type), the Payload (claims), and the Signature. This is invaluable when debugging authentication flows, inspecting OAuth tokens, or verifying that a token contains the expected user claims and permissions.

Standard JWT claims such as subject (sub), issuer (iss), audience (aud), and expiry (exp) are displayed with clear labels, and expiry timestamps are converted to human-readable date and time. Since JWTs are merely Base64Url-encoded, no secret key is needed for decoding — the tool works entirely client-side with no data transmission.

More Developer Tools Tools

JSON Formatter

Format, beautify, and validate JSON instantly. Paste raw JSON and get a clean, indented, human-readable output with syntax error detection.

JSON Minifier

Minify and compress JSON by removing whitespace and comments. Reduce JSON payload size instantly for faster API responses and smaller storage footprint.

JSON to CSV Converter

Convert JSON arrays to CSV format instantly. Transform nested JSON data into spreadsheet-ready CSV files with automatic header detection.

JSON to YAML Converter

Convert JSON to YAML format instantly online. Transform JSON config files, API schemas, and data structures into clean, readable YAML syntax.

Base64 Encoder / Decoder

Encode text or decode Base64 strings instantly online. Convert between plain text and Base64 encoding for data URLs, authentication headers, and API tokens.

URL Encoder / Decoder

Encode or decode URLs and query strings instantly. Convert special characters to percent-encoding and back for safe URL transmission and debugging.

HTML Encoder / Decoder

Encode special characters to HTML entities or decode HTML entities back to plain text. Prevent XSS and display HTML code safely in web pages.

UUID Generator

Generate UUID v1, v4, and v5 universally unique identifiers instantly. Create single or bulk UUIDs for databases, APIs, and distributed systems.