Tool

JWT Decoder

Decode JWT header and payload without a secret. Inspect claims and expiration client-side.

Last updated July 1, 2026

Runs entirely in your browser — no data sent to servers. Privacy policy

How to Use This Tool

Paste your JWT token into the input field. The tool immediately decodes the Base64URL-encoded header and payload — no secret required.

Review the decoded JSON for algorithm (alg), expiration (exp), subject (sub), and other claims.

Optionally enter your HS256 secret to verify the signature. For full validation workflows, use the JWT Validator.

Never paste production tokens on shared machines. All decoding happens in your browser.

Code Examples

const jwt = require('jsonwebtoken');
// Decode without verifying (insecure alone)
const decoded = jwt.decode(token, { complete: true });
console.log(decoded.header, decoded.payload);
// Always verify in production:
const verified = jwt.verify(token, secret, { algorithms: ['HS256'] });

Frequently Asked Questions

Can anyone decode my JWT?

Yes. JWT payloads are only Base64URL-encoded, not encrypted. Anyone with the token can read the claims. Never store passwords or sensitive PII in JWT payloads.

Does decoding verify the token?

No. Decoding reads the contents without checking the signature. Only verification with your secret or public key proves authenticity.

Is it safe to paste tokens here?

Decoding runs entirely in your browser. No data is sent to a server. Avoid pasting production tokens on untrusted machines.

Can you decode a JWT without a secret?

Yes. JWT payloads are Base64URL-encoded, not encrypted. Anyone with the token string can read claims. Decoding does not prove the token is authentic — verification requires the secret or public key.

Is decoding a JWT the same as verifying it?

No. Decoding only reads header and payload. Verification checks the cryptographic signature and typically validates exp and other claims. Never authorize requests based on decode alone.

Related Guides

Related Tools

Related Glossary Terms

Related Comparisons

Algorithm Guides

JWT Security Resources

FAQs, RFC specifications, library directory, and step-by-step guides for JWT authentication.

Browse all resources →