Why should I decode JWTs in the browser?

JWTs often contain sensitive user information, session data and authentication claims. Decoding them in the browser ensures this data stays on your machine and is never logged by a third-party server.

What do the iat, exp and nbf claims mean?

iat is the issued-at timestamp, exp is the expiration time and nbf is the not-before time. The decoder converts these Unix timestamps to human-readable dates for easy verification.

JWT Decoder in Your Browser

Inspect JSON Web Tokens without sending them to a third-party service. This browser-based decoder shows you the full header, payload and claims of any JWT, with special formatting for timestamps, expiration and custom claims.

Open JWT Decoder

How to Decode a JWT

Paste the JWT string (the three dot-separated Base64 segments)
View the decoded header showing the algorithm and token type
Inspect the payload with all claims formatted and labeled
Check expiration status with human-readable timestamps

Common Use Cases

Debugging OAuth 2.0 and OpenID Connect flows
Verifying that access tokens contain the expected scopes
Checking if a token has expired before making API calls
Understanding the structure of third-party API tokens

Frequently Asked Questions

Why should I decode JWTs in the browser?: JWTs often contain sensitive user information, session data and authentication claims. Decoding them in the browser ensures this data stays on your machine and is never logged by a third-party server.
What do the iat, exp and nbf claims mean?: iat is the issued-at timestamp, exp is the expiration time and nbf is the not-before time. The decoder converts these Unix timestamps to human-readable dates for easy verification.