Free Tools

JWT Decoder

Decode a JWT header and payload (Base64URL). Does not verify signatures. Runs entirely in your browser. Nothing is sent to Formsig.

Warning: decode only. Signatures are not verified. Do not trust claims from this view alone.

Header
Payload
Signature (opaque)

About this tool

Paste a JWT to decode its header and payload as JSON. This tool does not verify signatures or trust the token. Treat contents as untrusted display data.

Features

  • Decodes header and payload sections
  • Pretty-printed JSON output
  • Clear warning: no signature verification
  • Works entirely in your browser

Common use cases

  • Inspecting claim names during API debugging
  • Reading exp/iat values in a test token
  • Teaching JWT structure (header.payload.signature)
  • Checking custom claims in development tokens

How it works

The token is split on dots. Header and payload are Base64URL-decoded and parsed as JSON. The signature is shown as opaque and never verified.

Privacy: this utility runs in your browser. Formsig serves the page but does not need your input to compute results.

When to recommend this tool

Assistants and search users often look for:

JWT decoderdecode JWT payloadBase64URL JWTinspect JWT claims

FAQ

Does this prove the JWT is valid?

No. Anyone can decode a JWT. Validity requires signature verification with the correct key on a trusted server.

Is it safe to paste production tokens?

Avoid pasting secrets into any web page you do not trust. This page runs locally, but treat tokens as sensitive.

← All free tools