devwrench— browser-based developer tools
Back to tools
devwrench --run jwt-decoder

Free JWT Decoder
for header and payload inspection.

Decode JWT header and payload instantly with this free online JWT decoder. No accounts. No uploads. No telemetry.

JWT input

Decoded result

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "John DevWrench",
  "role": "admin",
  "iat": 1773446048,
  "exp": 1773449648
}

Signature

signature-placeholder

Decoded fields

Algorithm

HS256

Type

JWT

Issued at

2026-03-13 23:54:08 UTC · 2026-03-13 23:54:08

Expires at

2026-03-14 00:54:08 UTC · 2026-03-14 00:54:08

Supported

  • JWT header decoding
  • JWT payload decoding
  • Base64URL token parsing
  • Issued-at and expiration timestamp formatting
  • Local browser-only decoding

Automatically handled

  • Base64URL normalization
  • Pretty-printed JSON output
  • Human-readable UTC and local timestamps for iat and exp
  • Detection of malformed JWT structure

Not supported yet

  • Signature verification
  • Secret or public key validation
  • JWE decryption
  • Claim editing and re-signing

Free online JWT decoder

This tool works as a JWT decoder, a JWT payload viewer, and a quick way to inspect JSON Web Token claims directly in your browser.

Developers often need to inspect fields such as sub, role, iat, exp, iss, and aud when debugging login flows, APIs, sessions, and token-based authorization.

This decoder is useful for quickly reading the header and payload of a JWT, checking token timestamps, and understanding claim contents during development.

Everything runs locally in your browser, so the token is not uploaded or stored anywhere.

Example

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJyb2xlIjoiYWRtaW4iLCJpYXQiOjE3MTA0MjI0MDAsImV4cCI6MTcxMDQyNjAwMH0.signature

Paste a JWT into the decoder above to inspect its header, payload, and common token timestamps instantly.

Decode JWT tokens online

Use this JWT decoder to quickly inspect JSON Web Tokens, read claims, and review header metadata directly in your browser.

Common use cases

  • Inspect claims in authentication and session tokens
  • Check expiration and issued-at timestamps
  • Debug API authorization problems
  • Review JWT header values like algorithm and token type

How it works

A JWT contains three dot-separated parts: header, payload, and signature. The header and payload are Base64URL-encoded JSON values.

This tool splits the token, decodes the first two segments, parses them as JSON, and formats important fields like issuance and expiration times for readability.

The decoder does not verify whether the token is signed with a valid secret or public key. It is for inspection only.

Does decoding a JWT verify it?

No. Decoding a JWT only reveals the contents of the header and payload. It does not prove that the token is authentic or that the signature is valid.

To verify trust, you still need proper signature validation with the correct secret or public key in your application or backend.

FAQ

What is a JWT decoder?

A JWT decoder lets you inspect the header and payload of a JSON Web Token.

Does this tool verify the JWT signature?

No. This tool decodes the token for inspection only and does not verify the signature.

Is this JWT decoder safe?

Yes. Everything runs in your browser and the token is not uploaded.

More developer tools

DevWrench provides a growing collection of browser-based developer tools including JSON utilities, converters, encoders, and debugging helpers. Browse them below.

devwrench.toolsno tracking · no ads · open in browser