Is a JWT payload encrypted?

No. It is only Base64URL-encoded. Do not put secrets in payloads.

Can this tool verify signatures?

Yes. It verifies HS256 and RS256 using a secret or public key.

Is my token sent anywhere?

No. Decoding and verification happen locally in your browser.

📜 JWT Decoder & Verifier

Decode a JSON Web Token (JWT) into Header & Payload and (optionally) verify its signature. Runs locally in your browser.

Tip: payload is not encrypted in JWT. Do not paste secrets into payloads. For signature check, use HS256 secret or RS256 public key.

Input token

Decoded

Header

Payload

Signature (raw, Base64url)

Verify signature

Algorithm will be detected from header (alg). Supported: HS256, RS256.

What is JWT?

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting claims between parties. It is commonly used for authentication in modern web apps.

How to use this JWT tool

Paste your JWT to instantly decode the header and payload.
View claims such as exp, iat, nbf with human-readable dates.
Verify signatures using HS256 secret or RS256 public key.