JWT Decoder

Decode JSON Web Tokens (JWTs) in your browser. This tool decodes the header and payload using Base64URL and formats them as JSON. It can verify HMAC signatures (HS256/384/512) when you provide the shared secret. Do not paste secrets or tokens you do not control.

Decode JWT header and payload instantly.
Inspect claims like exp, iat, aud, iss.
Verify HMAC signatures (HS256/384/512) with a secret.

Token input

Paste a full JWT below in the format header.payload.signature. Only the first two parts are decoded; the signature is shown as-is.

Header

Payload (claims)

Signature (Base64URL)

HMAC secret (HS256/384/512)

Not verified

Algorithm: -

Verification is available for HS256/384/512 when you provide the shared secret. Other algorithms are shown as unsupported.

This tool does not verify the signature, algorithm or claims. Use it for decoding and debugging only.