All tools

Security / JWT Decoder

JWT Decoder

Decode JWT tokens to inspect headers, payloads, and signatures. Expiry is auto-detected.

JWT Token

Invalid Token

Paste a JWT to decode

The token will be split into header, payload, and signature with expiry status.

Tips

Private — Decoded in your browser only

exp / iat — Timestamps auto-detected

Status — Green = active, Red = expired

Claims — sub, iss, aud, and more

Try next

JWT Encoder
Base64
Hash Generator

About JWT Decoder

Decode and inspect JWT (JSON Web Tokens) online without any server-side processing. RAW's JWT Decoder splits tokens into header, payload, and signature sections with syntax highlighting. Automatically detects token expiration and displays claims in a readable format.

How to use

  1. 1Paste your JWT token into the input field.
  2. 2The header, payload, and signature are decoded instantly.
  3. 3Check the expiration status — expired tokens are flagged automatically.
  4. 4Inspect individual claims like iss, sub, aud, exp, and custom fields.

Frequently Asked Questions

Can I decode JWT tokens safely here?
Yes. Decoding happens entirely in your browser. Your token is never sent to any server, making it safe to decode tokens containing sensitive claims or API keys.
Does it verify JWT signatures?
RAW decodes and displays the signature but does not verify it, as that requires the secret key or public key. For signature verification, use the JWT Encoder tool with your signing key.
What JWT algorithms are supported?
The decoder handles all standard JWT algorithms including HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, and PS256. The algorithm is displayed in the decoded header.
Why does my token show as expired?
RAW automatically checks the exp (expiration) claim against the current time. If the expiration timestamp is in the past, the token is flagged as expired with the exact expiry date shown.