JWT Encoder/Decoder
Free online JWT decoder tool, generate signed tokens with HMAC
About JWT Decoder
Inspect the contents of a JSON Web Token by decoding its three dot-separated parts. The header and payload are parsed from base64url into formatted JSON, and the signature segment is shown verbatim. Decoding is purely local — the token never leaves your browser, and no signing or verification is performed.
How to Use
1. Paste the JWT (typically starting with eyJ) into the input field.\n2. Click Decode.\n3. Read the Header (red), Payload (purple), and Signature (blue) cards, each with a Copy button.\n4. Use Clear to reset. A toast confirms a successful decode or reports a parse error.
JWT Structure & Validation
A JWT must contain exactly three dot-separated segments. The tool first checks the segment count, then decodes header and payload by mapping base64url -/_ to +//, adding = padding, and running atob, finally parsing the result as JSON. The signature is displayed as-is without verification. Errors are surfaced for wrong segment counts, malformed header JSON, or malformed payload JSON. Common payload claims like exp, iat, and sub appear as ordinary JSON fields and are not specially interpreted.
▶Does this tool verify the signature?
▶Can I generate or sign a new JWT here?
▶Why does decoding fail on my token?
▶Is anyone able to read a JWT's contents?
If this tool has been helpful to you, consider buying me a coffee.
Buy me a coffee