Does this verify the signature?

No — it only decodes the Base64url segments. Verification needs the signing key and is intentionally out of scope.

Are the timestamps converted?

Yes — iat, nbf and exp claims are shown as readable UTC times when present.

Decode a JWT

Paste a JSON Web Token to decode its header and payload and see the issued/expiry times in plain UTC. The signature is not verified, so never trust a decoded token for authorization. The result is stored privately in your account.

No sign-up needed — runs instantly in your browser.

JWT

How it works

1Paste your token
2Press Run
3Download the decoded header and payload or find it in your files

Frequently asked questions

Does this verify the signature?: No — it only decodes the Base64url segments. Verification needs the signing key and is intentionally out of scope.
Are the timestamps converted?: Yes — iat, nbf and exp claims are shown as readable UTC times when present.

Related tools

Base64 Decode

Paste Base64 to decode it back to readable text. Both standard and URL-safe Base64 are accepted. The result is stored privately in your account.

Developer

JSON Formatter

Paste JSON to pretty-print, minify or validate it. Choose the indentation, optionally sort keys, and your formatted file is stored privately in your account.

Developer

Hash Generator

Paste text to compute its cryptographic hash. Pick the algorithm — MD5, SHA-1, SHA-256 or SHA-512 — and the digest is stored privately in your account.

Developer

Base64 Encode

Paste any text to convert it to Base64. Enable URL-safe output for tokens and query strings. The result is stored privately in your account.

Developer