JWT Decoder
Decode JSON Web Tokens instantly. Inspect claims, check expiry. Nothing leaves your browser.
iss — Issuer. Who created and signed the token.
sub — Subject. Who the token refers to (usually a user ID).
aud — Audience. Who the token is intended for.
exp — Expiration time (Unix timestamp in seconds). Token must be rejected after this time.
nbf — Not Before (Unix timestamp). Token must not be accepted before this time.
iat — Issued At (Unix timestamp). When the token was created.
jti — JWT ID. A unique identifier for the token (prevents replay attacks).
alg (Header) — Signing algorithm: HS256, RS256, ES256, etc.
typ (Header) — Token type, typically JWT.
About JWT Decoder
JWT Decoder decodes JSON Web Tokens (JWTs) entirely in your browser — the token never leaves your device. Paste any JWT and instantly see the decoded Header, Payload, and Signature. It detects expired tokens, visualises standard claims (iat, exp, nbf, sub, iss, aud), converts Unix timestamps to human-readable dates, and lets you copy each section as clean JSON. No libraries, no server, no tracking.