JWT Decoder / Verifier

Decode JWTs, inspect claims and verify HMAC locally without sending tokens or secrets.

HeadereyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

PayloadeyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ

SignatureSflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Compact JWT

Header JSON

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload JSON

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}

Token and secret stay in your browser. Do not share real JWTs through URLs, analytics or support channels.

Details below

About this tool

A privacy-first JWT debugger.

The tool follows JWS compact serialization: base64url(header).base64url(payload).base64url(signature). This v1 decodes JWTs and verifies HMAC signatures locally for HS256, HS384 and HS512.

How to use

Paste, inspect claims and verify when you have the secret.

Paste a compact JWT in the main field.
Review header, payload and claims such as exp, nbf and iat.
Enter the secret only if the algorithm is HMAC and you want to verify the signature.

Digital security

Authentication platform

JWTs are part of broader identity, session and authorization architecture.

This fits here because it turns a point-in-time check into ongoing protection for accounts, credentials and day-to-day digital habits.

Affiliate link recommendation · About

Explore solution →

FAQ

Frequently asked questions

Does decoding a JWT prove it is trusted?

No. Decoding only reads content. Trust depends on a valid signature and issuer/audience/time checks in the right system.

Is the token sent to a server?

Which algorithms are verified?

Does it support encrypted JWE?

Security

A privacy-first JWT debugger.

Paste, inspect claims and verify when you have the secret.

An extra layer for passwords, identity and digital hygiene

Authentication platform

Frequently asked questions

Related tools

Privacy and ads