Skip to content
Kordu Tools

JWT Decoder

Decode and inspect JSON Web Tokens — view header, payload, and expiry claims.

Paste a JWT above to decode it
Loading...

How to use

  1. 1

    Paste your JWT

    Copy a JWT token from your application, API client, or browser developer tools and paste it into the input box.

  2. 2

    Inspect the decoded sections

    View the decoded header (algorithm and token type), payload (all claims), and the raw signature below.

  3. 3

    Check the expiry status

    The tool shows whether the token is currently valid, expired, or has no expiry claim set.

  4. 4

    Copy individual sections

    Use the Copy button next to each section to copy the decoded JSON to your clipboard.

Frequently asked questions

Is it safe to paste my JWT here?
Yes. All decoding is done entirely in your browser using JavaScript. Your token is never sent to any server or stored anywhere.
What information is in a JWT?
A JWT has three parts: the header (algorithm and token type), the payload (claims like user ID, roles, expiry), and the signature (used to verify authenticity). This tool decodes the header and payload — the signature cannot be decoded as it is a cryptographic hash.
Why does my token show as expired?
The exp claim in a JWT is a Unix timestamp. If that timestamp is in the past, the token is expired and most servers will reject it. You need to re-authenticate to get a fresh token.
Can this tool verify a JWT signature?
No. Verifying a JWT signature requires the secret key or public key used to sign it, which should never be shared with a browser tool. This tool is for inspection only.

Paste any JWT and instantly inspect its decoded header, payload, and

signature. View all claims including issuer, subject, audience, and

expiry time. The tool highlights whether a token is still valid or has

expired based on the exp claim. All decoding happens entirely in your

browser — your tokens never leave your device.

Related tools

Base64 Encoder/Decoder

Encode or decode Base64 strings in real time, entirely in your browser.

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes of text or files in your browser.

Password Generator

Generate strong, random passwords with customisable length and character sets.