JWT Decoder

Inspect the header and payload of a JSON Web Token without sending it anywhere.

How it works

JWT decoding is not verification. The signature is not checked and the token may contain sensitive claims; use only safe test tokens.

Split token into three base64url segments and JSON-decode the first two.

Common questions

Does this verify a JWT?

No. It only decodes readable segments; never treat the result as trusted.

Is my token stored?

No server upload is used, but the token can appear in the URL after running the tool. Use a test token.

Independent developer utility. Review output before using it in production.