JWT Decoder

Does this JWT decoder upload my token to any server?

No. The token is decoded locally in your browser using base64url decoding. Nothing is sent, stored, or transmitted anywhere.

Why do I get an error saying the token is invalid?

JWTs must contain at least two dots (header.payload.signature). Missing segments, invalid base64url encoding, or malformed JSON will trigger an error.

What does this tool actually decode?

It decodes the header and payload sections of the JWT. It does NOT verify the signature or check token authenticity.

Can this tool tell if my JWT is expired or not yet valid?

Yes. If the payload contains standard claims like exp, iat, or nbf, the tool displays human-readable timestamps and whether the token is expired or not yet valid.

Why do my dates look incorrect?

JWT timestamps are in Unix seconds. If a timestamp is malformed or not a valid number, formatting may fail and show an empty or incorrect result.

Can I copy the decoded header or payload?

Yes. Each section has its own Copy button, which copies the formatted JSON to your clipboard.

What does the JSON indentation setting do?

It controls whether decoded JSON is shown using 2-space or 4-space indentation. This only affects display formatting.

Does this tool verify the signature?

No. It only decodes base64url and parses JSON. Signature verification requires a secret or public key and is intentionally not performed for safety.

Why does clearing the token remove the decoded fields?

When you clear the input, the tool resets all decoded values, claims information, and error messages to prevent outdated data from appearing.