JWT Decoder & Verifier
Decode a JSON Web Token, read its claims, and verify its signature.
Everything runs in your browser. Your token, secret, and keys never leave this page.
Header
{
"alg": "HS256",
"typ": "JWT"
}Payload
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}Decoding and verifying JSON Web Tokens
What is a JWT made of?
A JSON Web Token (JWT) is three base64url-encoded parts separated by dots: a header that names the signing algorithm, a payload of claims such as sub, iat, and exp, and a signature. This tool parses the header and payload locally, interprets the standard claims, and shows the token's expiry status.
How is decoding different from verifying?
Decoding only reads the encoded header and payload — anyone can do it, and it proves nothing about authenticity. Verifying checks the signature against a secret or public key, which confirms the token was issued by a trusted party and has not been altered. Signature verification here uses compactVerify, so it is checked independently of the exp claim: an expired but otherwise valid token still verifies, with expiry reported separately.
Which algorithms and keys can it verify?
HMAC tokens (HS256, HS384, HS512) are verified with the shared secret used to sign them. RSA (RS*), RSA-PSS (PS*), and ECDSA (ES*) tokens are verified with the matching public key, supplied as PEM or JWK.
Is it safe to inspect sensitive tokens?
Yes. Everything runs in your browser. Your token, secret, and keys are never uploaded or stored, so you can safely inspect production or otherwise sensitive tokens. You can also prefill the decoder by passing a token in the ?token= query parameter.
- Is it safe to paste my token here?
- Yes. Decoding and signature verification run entirely in your browser using the Web Crypto API. Your token, secret, and keys are never uploaded or stored, so it is safe to inspect sensitive or production tokens.
- What is the difference between decoding and verifying a JWT?
- Decoding reads the base64url-encoded header and payload so you can see the claims — it does not prove the token is genuine. Verifying checks the signature against a secret or public key, which confirms the token was issued by a trusted party and has not been tampered with.
- Which signature algorithms are supported?
- HMAC (HS256/HS384/HS512) with a shared secret, and RSA (RS256/384/512), RSA-PSS (PS256/384/512), and ECDSA (ES256/384/512) with a public key in PEM or JWK format.
- Can it verify the signature of an expired token?
- Yes. Signature verification uses compactVerify, which checks the signature independently of the exp claim, so an expired-but-otherwise-valid token still verifies. Expiry is reported separately as token status.
- Do I need a secret or a public key?
- It depends on the algorithm. HMAC tokens (HS256/384/512) are verified with the shared secret used to sign them. RSA, RSA-PSS, and ECDSA tokens (RS*/PS*/ES*) are verified with the matching public key in PEM or JWK format.
- Does it store my token or keys?
- No. Nothing is uploaded to a server or saved. Everything stays in the current browser tab and is discarded when you close it.