Décodeur JWT

Powered by Arsenal Tools

Paste a JWT and click Decode.

What is JWT Decoder?

JWT Decoder reads the header and payload of a JSON Web Token (JWT) and displays them in readable JSON. Decoding happens entirely in your browser  Ethe token is never sent to any server. Note: this tool decodes only; it does not verify the signature.

How to use

  1. Paste a JWT (three Base64URL-encoded parts separated by dots) into the input.
  2. Click Decode.
  3. The Header section shows the algorithm and token type.
  4. The Payload section shows the claims such as sub, exp, and custom fields.

Notes

  • The signature (third part) is not verified. Do not rely on this tool for authentication or trust decisions.
  • JWTs are Base64URL-encoded, not encrypted. Anyone with the token can decode the payload.
  • Avoid pasting production tokens containing sensitive user data into any online tool.

FAQ

What does a JWT look like?
A JWT is three Base64URL strings joined by dots: xxxxx.yyyyy.zzzzz. The first is the header, the second is the payload, and the third is the signature.
Can this tool verify a JWT signature?
No. Signature verification requires the secret key or public key used when the token was signed. This tool only decodes the Base64URL-encoded parts.
What is the exp field?
The exp claim is a Unix timestamp indicating when the token expires. Compare it to the current time to check validity.