JWT Decoder & Verifier
Decode and verify JWT tokens locally using WebCrypto. No uploads.
What is a JWT Decoder?
A JWT decoder lets you inspect the header and payload of a JSON Web Token without sending it to a server. JWTs are compact, URL-safe tokens used for authentication and authorization in web and mobile applications.
How a JWT is structured
A JWT has three Base64URL-encoded parts separated by dots: header.payload.signature. The header specifies the algorithm, the payload carries the claims, and the signature proves the token's integrity.
Decode vs Verify
Decoding only Base64-decodes the header and payload so you can read the claims — it does not prove the token is valid. Verification requires checking the signature with the correct secret or public key, plus validating iss, aud, and exp. Your backend should always do full cryptographic verification.
Supported algorithms
HS256– HMAC using SHA-256 (shared secret)RS256– RSASSA-PKCS1-v1_5 using SHA-256 (RSA key pair)ES256– ECDSA using P-256 and SHA-256 (elliptic curve)
Is this JWT Decoder secure?
Yes — all decoding and verification runs entirely in your browser. Tokens are never uploaded to any server, making this tool safe for test and development tokens.
Related tools
- Base64 Encoder / Decoder – inspect encoded payloads
- JSON Formatter – pretty-print token payloads
- Regex Tester – build validation rules for claims