Developer tool

JWT Decoder

Decode JWT headers and payloads locally without sending tokens to a server.

Practical guide

How to use JWT Decoder

JWT Decoder reveals the readable header and payload inside a JSON Web Token. It helps developers inspect algorithms, subjects, issuers, audiences, and expiration claims without sending a token to a remote decoder.

Step by step

  1. Paste a three-part JWT into the token field.
  2. Select Decode token.
  3. Inspect the JSON header, payload, and any expiration message without treating the result as verified.

Example

InputeyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI3NyJ9.signature
ResultHeader algorithm: HS256; payload subject: 77

How it works

JWT header and payload sections use Base64URL encoding. The tool decodes those two sections as UTF-8 JSON; it does not possess the signing key or validate the cryptographic signature.

Important limitations

  • Decoded claims can be forged and must not be trusted without signature verification.
  • Avoid pasting active production tokens on shared or untrusted devices.

Frequently asked questions

Does a successful decode mean the token is valid?

No. Decoding only reveals claims. Your application must verify the signature, issuer, audience, expiry, and other rules.

Is the token uploaded?

The decoder runs in the current browser tab and does not send the token to a 77 Toolkit backend.