Tools

JWT Decoder

Decode JSON Web Tokens instantly, inspect claims, and verify HMAC signatures without leaving the browser.

Everything happens locally in your browser. Paste a JWT to decode each segment. Provide a shared secret to verify HS256/HS384/HS512 signatures via the Web Crypto API.

Paste or type your JWT

Tokens consist of header, payload, and optional signature segments separated by periods. Invalid or incomplete tokens will surface errors below.

Shared secret (optional)

Supports verification for HS256, HS384, and HS512. Secrets never leave your device.

Verification status

Awaiting token…

Header

Base64URL decoded JSON

Payload

Claims as pretty JSON

Signature

Raw Base64URL segment (third part)

Tokens without signatures have only two segments. Supply a third segment to inspect it here.