JWT Decoder

A JWT (JSON Web Token) is a compact, URL-safe token used for authentication. It contains three Base64-encoded parts — header, payload and signature — separated by dots.

Everything runs in your browser — nothing is sent to any server. However, avoid pasting tokens from live production systems. Use test or expired tokens when possible.

Signature verification requires the secret key that only the server knows. This tool decodes the visible parts of the token — header and payload — but cannot verify authenticity without the secret.