JWT Decoder
Decode a JSON Web Token in your browser. Read the header and payload as JSON, see claims as human-readable timestamps, and check expiry at a glance. Decode-only — the signature is never verified and nothing is uploaded.
Decoded in your browser. Signature is not verified.
- Subject
- 1234567890
- name
- John Doe
- Issued at
- 1516239022 · 2018-01-18T01:30:22Z
How It Works
- 1
Paste the token
The raw JWT or a full Bearer header.
- 2
Read the header
See the algorithm and token type.
- 3
Inspect the payload
Claims decoded to JSON, with readable dates.
- 4
Check expiry
An active/expired badge from the exp claim.
Use Cases
Debug auth failures
Confirm which claims a token actually carries when a request is rejected.
Verify expiry
Check exp and nbf to see whether a token is live right now.
Inspect scopes and roles
Read the payload to confirm scopes, roles, or audience are set correctly.
Build API test fixtures
Decode a sample token to model the claims your test doubles should return.
Frequently Asked Questions
Similar tools
All toolsJSON Formatter
NewFormat, validate, and minify JSON. Clean indentation, key sorting, and exact line/column errors.
Text Compare
Side-by-side diff with line, word, and character granularity. Export as unified diff or .patch.
YAML Compare
Diff two YAML files. Normalize mode sorts keys so you only see real changes. Kubernetes, Helm, CI.
XML Compare
Diff two XML files with optional re-indentation. SOAP, RSS, sitemaps, Android layouts, POMs.
Done decoding? Now automate the auth flows behind that token.
Bug0's expert AI agents write end-to-end tests from plain English, auto-heal them when your UI changes, and run them on every deploy. A forward-deployed engineer verifies every result.
From $2,500/mo. Results in 7 days.