Skip to content
epitometool

JWT decoder

Encoders & decoders

Decode and inspect JSON Web Tokens — no network calls.

Updated

JWT

This tool decodes only — it never asks for or transmits a verification key. Use your auth library to verify signatures in production.

  • KClear input

Quick start

How to decode a JWT

Paste a token to see its header, payload and signature broken out — no key required, no server contact.

  1. Step 1
    Paste your JWT

    Drop the three-segment token into the input. Production tokens are safe — decoding never touches the network.

  2. Step 2
    Inspect header & payload

    Header shows the algorithm and key id. Payload shows your claims; iat / nbf / exp are rendered as human-readable times with expired-token warnings.

  3. Step 3
    Verify elsewhere

    We never accept signing keys. Use your auth library (jose, jsonwebtoken, pyjwt) with your JWKS endpoint to verify signatures in production.

In-depth guide

JWT decoder: inspect tokens without trusting a server

Paste a JSON Web Token and see its header, payload and signature broken out, with friendly renderings of iat, nbf and exp claims. Decoding happens entirely in your browser — your tokens never leave the page.

Anatomy of a JWT

A JWT is three URL-safe base64 segments separated by dots:

header.payload.signature
  • Header — JSON describing the algorithm (alg) and token type (typ). Often also kid (key id) for rotation.
  • Payload — JSON claims. Registered claims (iss, sub, aud, exp, nbf, iat, jti) plus any private claims your app adds.
  • Signature — raw signature bytes, base64url-encoded. Verifies the header + payload haven't been tampered with.

The header and payload are encoded, not encrypted. Treat anything you put in the payload as public.

Why we don't verify signatures

If a different "JWT debugger" asks you to paste your signing secret, leave the page. Decoding does not require it; only signing or verification does.

Signature verification requires the issuer's signing key:

  • HS256/384/512 — symmetric. The same secret signs and verifies. Pasting it into a browser tool gives that tool the ability to forge any token from your issuer.
  • RS256, PS256, ES256, EdDSA — asymmetric. The verifier needs only the public key, usually exposed via a JWKS endpoint.

For HS-family algorithms, asking users to paste their secret would create a credential harvesting vector. We refuse to do it. For real verification use jose (Node / browser), jsonwebtoken (Node), pyjwt (Python) or your framework's equivalent — and always fetch keys from your trusted JWKS endpoint over HTTPS.

Registered claim cheat-sheet

ClaimMeaningNotes
issIssuerShould match the expected auth server URL.
subSubjectUsually a user ID. Should be a stable opaque identifier.
audAudienceWhich API this token is for. Reject if it isn't yours.
expExpires atUnix seconds. Tokens past this MUST be rejected.
nbfNot beforeUnix seconds. Tokens before this MUST be rejected.
iatIssued atUseful for sanity-checking clock skew.
jtiToken IDUnique per token. Required for replay protection.

Algorithm pitfalls

  • alg: none — unsigned tokens. Several libraries historically accepted them as valid, leading to trivial bypass. Always reject.
  • alg confusion — verifier expects RS256 (public key) but accepts HS256 with the public key used as the HMAC secret. Pin the expected algorithm in your verification call.
  • kid injection — the kid header tells the verifier which key to use. Validate it against your JWKS, never use it to look up arbitrary files.

Frequently asked questions

Does my JWT get sent anywhere?

No. Decoding happens entirely in your browser using base64url-decode and JSON.parse. You can paste production tokens with confidence — DevTools → Network will show zero requests.

Why don't you verify the signature?

Verification requires the issuer's signing key (a shared HMAC secret, or a public key from a JWKS endpoint). Asking users to paste secrets into a third-party page is a phishing pattern we refuse to enable. Use your auth library (jose, jsonwebtoken, pyjwt) for verification.

What does a JWT actually contain?

Three dot-separated base64url segments: header (algorithm + token type), payload (your claims like sub, iat, exp), signature (cryptographic seal over the first two). The header and payload are not encrypted — anyone can read them.

What are iat, nbf and exp?

Registered claims (RFC 7519). iat = issued-at time, nbf = not-valid-before, exp = expiration. All are Unix seconds (not milliseconds). The tool humanises each into an ISO timestamp plus relative time and flags expired tokens.

What's the 'none' algorithm and why do you warn about it?

`alg: none` produces an unsigned token. Several historical libraries accepted such tokens as valid when used naively, leading to trivial auth bypasses. Reject any token with `alg: none` server-side.

Why does my long token look truncated in the UI?

It isn't — the input area scrolls and the header / payload / signature panels each show the full decoded content. Hit Copy on any panel to grab the entire value.

Keep exploring

More tools you'll like

Hand-picked utilities that pair well with the one you're on — all free, client-side, and zero-signup.

More encoders & decoders

See all →

Popular across EpitomeTool

Browse all →
Browse all 59+ free tools