Smart Web Apps JWT Decoder
Category

JWT Decoder

Decode JWT header/payload (base64url). No signature verification is performed.

Paste a JWT, then click Decode.
Decoded
Header (JSON)
Payload (JSON)
Common claims
Formulas

Tool description

A JSON Web Token (JWT) has three parts: header.payload.signature. The header and payload are base64url-encoded JSON. This tool decodes those parts for inspection.

How to use

  1. Paste a JWT (three dot-separated parts).
  2. Decode to view header/payload JSON.
  3. Check exp/iat/nbf claim timestamps if present.

Why it’s useful

  • Debug auth and session issues.
  • Inspect claims and token metadata.
  • Verify token expiry times quickly.

Use cases & interpretation

  • APIs: check audience/issuer claims.
  • Auth bugs: confirm exp is in the future.
  • Integration: compare environments (dev/stage/prod).

FAQs

No. This tool only decodes the base64url parts. Signature verification requires the correct key and algorithm.
Other tools in this category
Generate bcrypt hashes with configurable cost factor (work factor).
Hash Generator New
Hash text using SHA algorithms (SHA-1/SHA-256/SHA-384/SHA-512) with hex/base64 output.
HMAC Generator New
Compute HMAC signatures (SHA-256/SHA-512) with hex/base64 output.
Password Generator New
Generate strong passwords using cryptographic randomness with custom rules.
Password Strength Checker New
Estimate password strength and provide practical improvement tips (client-side).
Generate bcrypt hashes with configurable cost factor (work factor).
Hash Generator New
Hash text using SHA algorithms (SHA-1/SHA-256/SHA-384/SHA-512) with hex/base64 output.
HMAC Generator New
Compute HMAC signatures (SHA-256/SHA-512) with hex/base64 output.
Password Generator New
Generate strong passwords using cryptographic randomness with custom rules.
Password Strength Checker New
Estimate password strength and provide practical improvement tips (client-side).