JWT Decoder
Decode and inspect JSON Web Tokens (JWT) locally. See the header, payload, and standard claims with human-readable dates — your token never leaves your device.
Need to scan documents to real PDFs?
Offline PDF Scanner turns your phone camera into a real PDF scanner — with searchable text, not just photos. Works completely offline.
What is a JWT?
A JSON Web Token (JWT, pronounced "jot") is a compact, URL-safe format for representing claims between two parties. A JWT is three Base64URL-encoded segments separated by dots: header.payload.signature. The header describes the signing algorithm, the payload contains arbitrary claims (usually identity + expiration), and the signature lets the recipient verify the token was issued by a trusted party and hasn't been modified.
What this decoder does
The tool splits the token at the dots, Base64URL-decodes the header and payload, and displays them as formatted JSON. Standard time claims — iat (issued at), exp (expires), nbf (not before) — are parsed as Unix timestamps and shown as local dates. If exp is in the past, the claims panel highlights that the token is expired.
What this decoder does NOT do
It does not verify the signature. Signature verification requires the issuer's public key (or the shared secret for HMAC algorithms), which is specific to the system that created the token. Never trust decoded JWT data as authentic without server-side verification. This tool is purely a debugging aid.
Common JWT claims
iss— issuer (who created the token)sub— subject (usually the user ID)aud— audience (who the token is for)iat— issued-at Unix timestampexp— expiration Unix timestampnbf— not-before Unix timestampjti— unique JWT IDscope/scp/roles— authorization info (vendor-specific)
Privacy
JWTs often carry personally identifiable information (PII) and access rights. This tool decodes everything locally — your token is never sent anywhere, not even for analytics.