Encoded JWT
JWT Decoder & Validator
Inspect JWT header, payload, expiry, and supported HMAC signatures in a browser-only developer workspace.
Ready
1
JWT is decoded locally in your browserNo token is sent to any serverSupported HMAC checks happen locally
Frequently asked questions
Is JWT encrypted?
No. A standard JWT is signed, not encrypted. Anyone with the token can decode and read the header and payload.
Can I trust a decoded JWT?
Not by decoding alone. You should also verify the signature and validate claims such as issuer, audience, and expiry.
Does this tool upload my JWT?
No. Decoding and supported HMAC verification run locally in your browser.