Tools Are Us Tools Are Us

JWT Decoder

Decode a JSON Web Token (no verification).

Decode

Header
 
 
 
Payload
 
 
 
 
 
Signature (base64url)
 
 
 
 
Note: This tool does not verify signatures. Do not trust decoded data without verification.
 
  
 
  
 
 
 
Sponsored
 
 
 
 
How it works
 
 
How it works
 
A JWT is header.payload.signature, where the first two parts are Base64URL‑encoded JSON.
 
     
  • Header includes alg (algorithm) and optional kid (key id).
    •  
  • Payload carries claims like iss, sub, exp, iat.
    •  
  • Base64URL swaps +// for -/_ and omits padding.
    •  
 
This viewer does not verify the signature; do not trust decoded data without validation.
 
 
 
 
Privacy & Security
 
Token never leaves the browser.
 
 
 
Accuracy, Limits & Tips
 
No signature validation. Use only for inspection of non-sensitive tokens.
 
 
 
Examples
 
  • Inspect alg and kid fields.
  • View exp and iat claims.
 
 
 
Looking for broader guides and best practices? Visit the ToolsAreUs Blog for indexes (like the full tool list) and articles (e.g. secure password generation).