JWT Decoder: Inspect and Verify Tokens

Paste a JSON Web Token to decode its header and payload, highlight key claims, and optionally verify HS256 signatures with a shared secret.

JWT input

Paste or type the full JWT. The tool decodes it automatically.

Structure valid

Signature secret (optional)

Not verified
Sample secret:a-string-secret-at-least-256-bits-long

Decoded output

Inspect the structured header and payload of the JWT.

Decoded header

alg: HS256
{
  "alg": "HS256",
  "typ": "JWT"
}

Decoded payload

{
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true,
  "iat": 1516239022
}

Signature

Not verified
KMUFsIDTnFyg3nM1GM6H9FNFUR0f3wh7SmaqJp-QV30

JWT debugging tips

Use signature checks and claim introspection to troubleshoot authentication issues faster.

  • Redact sensitive fields before sharing tokens; test inside a safe local environment whenever possible.
  • If signature verification fails, confirm the algorithm and secret first, then review exp/iat timestamps.
  • Practice with the sample token and secret before working with production tokens to avoid live incidents.

Tokens and secrets stay on this device; nothing is uploaded, making it safe for sensitive credentials.

Execution ModeRuns entirely in the browserTokens are decoded locally and optional HS256 checks never leave the browser.