JWT Decoder
Paste a JWT to decode its header and payload and check whether it has expired — nothing leaves your browser. This free online developer calculator runs entirely in your browser — no signup, no data sent anywhere.
Inputs
Results
How It Works (Formula & Method)
A JSON Web Token has three Base64URL-encoded parts separated by dots: a header (algorithm and token type), a payload (the claims), and a signature. This tool Base64URL-decodes the first two parts and parses them as JSON, then reads the exp claim (a Unix timestamp) to tell you whether the token has expired.
Decoding is not the same as verifying. Anyone can read a JWT's contents — the signature is what proves the token was issued by a trusted party and has not been tampered with. This tool deliberately does not verify the signature, because doing so requires the secret or public key.
Worked Example
Tips & Considerations
Because the payload is only encoded, never put secrets in a JWT that a client can read. Everything runs locally here, so it is safe to paste tokens — but never paste production tokens into online decoders you do not trust. To fully validate a token you must verify its signature server-side with the signing key.
Frequently Asked Questions
Does decoding a JWT verify it?
No. Decoding only reveals the header and payload, which are merely Base64URL-encoded and readable by anyone. Verification means checking the cryptographic signature against the signing key, which confirms authenticity and integrity — a separate step this tool does not perform.
Is it safe to paste a JWT here?
This decoder runs entirely in your browser and never transmits the token anywhere, so it is safe. As a general habit, avoid pasting production tokens into any online tool whose privacy behaviour you have not confirmed.
What does the JWT Decoder compute?
The JWT Decoder takes 1 input value and returns 4 results. Decode a JSON Web Token (JWT) to inspect its header and payload claims and check the expiry, entirely in your browser — the token is never sent anywhere.
Is my data sent to a server?
No. The JWT Decoder runs entirely in your browser using static JavaScript. Your inputs are never transmitted to CalculatorHive or any third party, and nothing is stored after you close the page.