JWT Decoder
Paste a JWT to instantly read its header and payload and see whether it has expired. Decoded locally — never uploaded.
Expires
Paste a full JWT (three dot-separated parts) to decode it.
How it works
The token's three parts are split on the dots; the header and payload are Base64URL-decoded and pretty-printed, and the exp claim is compared to the current time — locally in your browser.
100% client-side — nothing you paste is ever uploaded.
Frequently asked questions
Is my token uploaded?
No. The token is Base64URL-decoded entirely in your browser, so it's safe to inspect real tokens.
Does it verify the signature?
No — this decodes and displays the claims (header and payload) and checks the
exp claim. It does not verify the cryptographic signature, which needs the secret or public key.