MagicTools

JWT Decoder

Decode and inspect JSON Web Tokens — header, payload, and expiry status

Valid format
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjk5OTk5OTk5OTl9.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Token valid
Expires: 2286-11-20T17:46:39.000Z (11/20/2286, 5:46:39 PM)
Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Payload
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022,
  "exp": 9999999999
}
Signature
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Standard Claims
Subject1234567890
Expires At9999999999 (11/20/2286, 5:46:39 PM)
Issued At1516239022 (1/18/2018, 1:30:22 AM)

Decoding is done entirely in your browser. Tokens are never sent to any server.
⚠ Do not paste production secrets or sensitive tokens into online tools.

How to use / Why use this tool / FAQ

How to use

Paste a JWT token into the input field. The tool instantly decodes and displays the Header, Payload, and Signature sections. Standard claims (exp, iat, sub, etc.) are shown in a table with human-readable timestamps.

Why use this tool

Inspect JWT tokens during development or debugging without leaving the browser. See expiry status, algorithm, and all claims at a glance. Nothing is sent to any server.

FAQ

Does this tool verify the JWT signature?
No. Signature verification requires the secret/key. This tool decodes (not verifies) the token — use it for inspection only.
Is it safe to paste my JWT here?
Decoding is fully local — no data leaves your browser. However, avoid pasting production secrets or tokens with sensitive scopes into any online tool as a best practice.
What JWT formats are supported?
Standard three-part dot-separated JWTs (header.payload.signature) with base64url encoding.

Related Tools

Base64 Encode/DecodeBase64 encoding and decoding with UTF-8 support. One-click copy and download.Hash GeneratorGenerate MD5, SHA-1, SHA-256, and SHA-512 hashes from any text. All processing is local — nothing sent to servers.