JWT Decoder / Verifier

Paste a JWT to view its contents and verify the signature

Features

Decompose header, payload, and signature

Display the three parts of a JWT in formatted form

Convert key claims to human-readable dates

Convert iat / nbf / exp to readable date and time format

Expiration badge

Display green, red, or gray badge based on exp presence and past/future status

Browser-based signature verification

Verify HS256/HS384/HS512/RS256/ES256 using Web Crypto API

How to use

1

Paste your JWT

Paste a JWT string in xxx.yyy.zzz format into the input field

2

Verify the contents

Check the displayed header, payload, signature, and key claims

3

Enter your key

For HS algorithms, paste the secret key; for RS/ES algorithms, paste the public key in PEM format

4

Run signature verification

Click "Verify signature" to confirm ✅ valid or ❌ invalid

Use cases

Check authentication token contents

Quickly verify the contents of a JWT issued after login

Troubleshoot expiration issues

When a user reports an error, check if the token has expired

Verify key connectivity

During development, confirm that verification works with your intended secret or public key

Learn tamper detection

Understand JWT security by modifying the signature and seeing it become ❌ invalid

Safety and privacy

Runs entirely in your browser

Your input data is processed only within your browser and is never sent externally.

Processing only in your browser

JWT decoding and signature verification is processed entirely within your browser, and input data is not sent to any server.

Communications encrypted with HTTPS

Page loading is also encrypted by TLS, and content cannot be read by third parties.

No transmission to third parties

Input content is not sent to external services such as ad networks or trackers.

No automatic saving of results

JWT and keys and input suggestions are not stored on the server.

Updates

Related Tools