How it works
JWT decoding is not verification. The signature is not checked and the token may contain sensitive claims; use only safe test tokens.
Split token into three base64url segments and JSON-decode the first two.
Common questions
Does this verify a JWT?
No. It only decodes readable segments; never treat the result as trusted.
Is my token stored?
No server upload is used, but the token can appear in the URL after running the tool. Use a test token.
Independent developer utility. Review output before using it in production.