Instantly decode both the JWT header (algorithm, token type) and payload (claims, user data) into readable JSON.
Automatically detects the exp claim and tells you whether the token is expired, and how long until it expires.
Your JWT token never leaves your browser. Decoding happens entirely in JavaScript — safe for production tokens.
Works with HS256, RS256, ES256, and all standard JWT signing algorithms for the decode/inspection step.
No. This tool only decodes the header and payload for inspection. Signature verification requires the secret key and should be done server-side.
The decoding is 100% client-side — no data is sent to any server. However, treat JWT tokens as sensitive credentials and regenerate them if you suspect exposure.
The exp (expiration) claim is a Unix timestamp indicating when the token expires. This tool automatically reads it and shows you the human-readable expiry time and whether it has passed.