Why isn't the signature verified?

Verification requires the signing key, which we don't have. Use your server's secret or the JWKS endpoint to verify trust.

Is my JWT secure to paste here?

Tokens can grant access — only paste tokens you're OK seeing, or test tokens. Nothing leaves your browser, but be cautious.

JWT Decoder

Paste a JWT and see the header, payload, expiry, and signature parts decoded. Everything happens in your browser.

JWT token

Header

Payload

Signature is shown but not verified — this tool only decodes. Use your server's secret to verify.

How to use JWT Decoder

Paste a JWT token.
Read the decoded header and payload.
Check the expiry hint.

What is JWT Decoder?

JWTs are three Base64URL-encoded parts separated by dots: header.payload.signature. This tool decodes the first two and shows the third, plus computes expiry from iat and exp claims. The signature is NOT verified — that requires the issuer's secret or public key.

FAQ

Why isn't the signature verified?: Verification requires the signing key, which we don't have. Use your server's secret or the JWKS endpoint to verify trust.
Is my JWT secure to paste here?: Tokens can grant access — only paste tokens you're OK seeing, or test tokens. Nothing leaves your browser, but be cautious.

Related tools

Base64 Encode / Decode
Hash Generator
JSON Formatter / Validator