JWT Decode Online — Header, Payload & Signature
Paste a JWT token to inspect its header and payload as formatted JSON. The signature is shown separately — we do not verify signatures or send your token to any server.
How JWT decode works here
Paste the full token (three Base64URL segments separated by dots). Header and payload render as formatted JSON; the signature segment is shown as raw text. Decoding is not verification — anyone can read JWT claims. Never treat decoded content alone as proof of authenticity.
Privacy & limits
Tokens never leave your browser tab. We do not fetch JWKS keys, validate exp/nbf, or accept shared secrets in Wave A. Pair with the Base64 tool if you need to inspect individual segments manually.
Typical workflow
OAuth access token
Sample input
Expected output
Debugging 401 errors
Sample input
Expected output
Related encode utilities
Percent-encode redirect URLs with the URL encoder or inspect Base64 fragments via the Base64 tool.
JWT decode FAQ
Decode ≠ verify
Does this verify signatures?
No. We only Base64URL-decode header and payload. Use your auth server or a verifier with the correct keys for trust.
Is my token sent to FastMinify?
Never — decoding runs entirely in your browser.
Can I paste refresh tokens safely?
Processing stays local, but treat tokens as secrets — avoid screen sharing and clear the field when done.
Looking for converters, encoders, formatters, and minifiers in one place? Developer tools hub Open the curated developer tools catalogue.