flashman
← All tools

Jwt

jwt • decode • debug

Decoding only (no signature verification).

Header
Payload
About this tool
Inspect JSON Web Token headers and payloads without verifying signatures. Useful for debugging authentication flows when you already trust the token source.
Your input is processed in the browser. We do not upload tool payloads to our servers.
Common use cases
  • Read claims such as exp, sub, and aud during OAuth debugging.
  • Compare token payloads between environments.
  • Explain JWT structure to teammates without external tools.
Examples
Three-part structure
A JWT has header.payload.signature separated by dots. This tool decodes the first two parts only.
FAQ
Does this verify signatures?
No. Decoding is not verification. Never trust a token based on decoding alone.
Is it safe to paste production tokens?
Tokens may contain sensitive claims. Prefer test tokens; processing stays local in your browser.
Related guide
Learn JSON Web Token structure, common claims, and why decoding is not the same as verification.
Read: JWT explained: how to decode tokens safely