🪙
decoder Free Forever No Login No Ads

JWT Decoder

Decode and inspect JWT tokens. View header and payload.

JWT Token
💡

A JWT token has 3 parts separated by dots. The middle part (payload) is just Base64 encoded — not encrypted! Never store passwords there.

How to use the JWT Decoder

Paste any JWT token (the three-part eyJ... string) and click Decode. The tool splits the token into its Header, Payload, and Signature sections. The header shows the algorithm used. The payload shows all claims including sub, iat, and exp. The tool automatically parses the exp and iat timestamps into human-readable dates and shows whether the token is expired.

Step-by-step guide

  1. 1
    Paste JWT token

    Paste your full JWT string (starting with eyJ...) into the token input area.

  2. 2
    Click Decode

    Press 🔍 Decode Token to split and decode all three parts of the JWT.

  3. 3
    Inspect claims

    Review the header for algorithm, the payload for claims, and the smart badges for expiry status.

  4. 4
    Load sample

    Use the 'Load Sample' button to see a working example if you don't have a token ready.

What can you do with this tool?

  • Inspect JWT payloads during API development and debugging
  • Check token expiry timestamps without writing code
  • Verify the algorithm and type declared in the JWT header
  • Read user claims (sub, email, roles) from an auth token
  • Debug authentication issues in OAuth 2.0 and OIDC flows
  • Inspect JWTs from Auth0, Firebase, AWS Cognito, and Supabase

Why use STB's JWT Decoder?

STB's JWT Decoder is completely free — no account, no email, no credit card. It runs entirely in your browser so your data never leaves your device. Whether you're a developer, student, or just someone who needs a quick jwt decoder, open this tool and get results in seconds. No ads, no rate limits, no paywalls — just a fast, clean tool from Software That Benefits, a studio dedicated to free tools for developers and students.

Frequently Asked Questions

Is it safe to paste my JWT into this tool?

This tool runs entirely in your browser — your JWT token is never sent to any server. That said, JWTs can contain sensitive user data. As a best practice, avoid pasting production tokens with real user PII into any online tool. Use test tokens when possible.

Can this tool verify the JWT signature?

No. Signature verification requires your secret key or RSA public key, which you should never share with any online tool. This tool only decodes the header and payload — which are base64url-encoded, not encrypted. Use your backend or a trusted library to verify signatures.

What does 'exp' mean in a JWT?

exp (expiration time) is a Unix timestamp (seconds since January 1, 1970) indicating when the token expires. This tool automatically converts it to a human-readable date and tells you whether the token is still valid.

What is the structure of a JWT?

A JWT consists of three Base64URL-encoded parts separated by dots: Header.Payload.Signature. The header declares the token type and algorithm. The payload contains claims (data). The signature verifies the token hasn't been tampered with.

Looking for more free tools?

Browse All Free Tools →
// try other free tools View all →
🔗 URL Encoder / Decoder Free 🔧 JSON Formatter Free 🔐 Base64 Encoder / Decoder Free 🔍 Regex Tester Free 🎨 Color Converter Free 🖼️ Image Compressor Free
← All Free Tools // free forever