JWT Decoder

Decode JSON Web Tokens instantly. Verify HS256/384/512 signatures client-side. Runs entirely in your browser — your token never leaves this page.

Runs entirely in your browser. Your input never leaves this page.

Paste JWT

How the JWT Decoder Works

A JSON Web Token has three base64url-encoded parts separated by dots: header.payload.signature. This tool decodes the header and payload parts using the browser's native atob API (with proper base64url normalization) and parses the resulting JSON.

Signature verification for HS256/HS384/HS512 uses the Web Crypto API (crypto.subtle.verify) with HMAC-SHA. The secret key never leaves your browser — no server calls are made at any point.

Decode Header

Algorithm, token type, key ID and other registered claims.

Decode Payload

Subject, issuer, audience, expiry, and all custom claims.

Verify Signature

HMAC-SHA verification using Web Crypto — zero server calls.