JWT Decoder / Verifier
Paste a JWT to view its contents and verify the signature
Features
Decompose header, payload, and signature
Display the three parts of a JWT in formatted form
Convert key claims to human-readable dates
Convert iat / nbf / exp to readable date and time format
Expiration badge
Display green, red, or gray badge based on exp presence and past/future status
Browser-based signature verification
Verify HS256/HS384/HS512/RS256/ES256 using Web Crypto API
How to use
Paste your JWT
Paste a JWT string in xxx.yyy.zzz format into the input field
Verify the contents
Check the displayed header, payload, signature, and key claims
Enter your key
For HS algorithms, paste the secret key; for RS/ES algorithms, paste the public key in PEM format
Run signature verification
Click "Verify signature" to confirm ✅ valid or ❌ invalid
Use cases
Check authentication token contents
Quickly verify the contents of a JWT issued after login
Troubleshoot expiration issues
When a user reports an error, check if the token has expired
Verify key connectivity
During development, confirm that verification works with your intended secret or public key
Learn tamper detection
Understand JWT security by modifying the signature and seeing it become ❌ invalid
Safety and privacy
Runs entirely in your browser
Your input data is processed only within your browser and is never sent externally.
Processing only in your browser
JWT decoding and signature verification is processed entirely within your browser, and input data is not sent to any server.
Communications encrypted with HTTPS
Page loading is also encrypted by TLS, and content cannot be read by third parties.
No transmission to third parties
Input content is not sent to external services such as ad networks or trackers.
No automatic saving of results
JWT and keys and input suggestions are not stored on the server.
Updates
- update #67
Add new tool "JWT Decoder"
New Tool AddedJWT Decoder / Verifier