JWT Decoder
Paste a JWT above to decode its header and payload
No data leaves your browser
Online JWT Token Decoder & Inspector
io9.me JWT Decoder lets you paste a JSON Web Token and instantly view its decoded header and payload. Check the signing algorithm, inspect claims like sub, iss, aud, iat, and exp, and see whether the token is expired — all without sending your token to any server.
Features
- Decode the JWT header — view algorithm (HS256, RS256, etc.), type, and key ID
- Decode the JWT payload — view all claims with formatted JSON
- Expiry check — see issued-at (iat) and expiration (exp) as human-readable dates
- Visual token validity status — expired, valid, or no expiry set
- Syntax-highlighted JSON output
- 100% client-side processing — your tokens never leave your browser
How to use
- Paste a JWT (the three-part base64 string) into the input field.
- The header and payload are decoded and displayed instantly.
- Check the expiry status and individual claims.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and authorization. It consists of three Base64-encoded parts separated by dots: header, payload, and signature. JWTs are commonly used in OAuth 2.0, OpenID Connect, and API authentication.