JWT Parser / Decoder
Your data never leaves your browserDecode and inspect JWT header, payload, and signature without a secret key.
Brie — Bug Reporting Tool
Building secure features?
Brie automatically redacts sensitive data from captures and keeps everything private — no data leaves your control.
About JWT Parser / Decoder
Paste any JSON Web Token (JWT) and instantly decode its header and payload sections. The tool base64url-decodes each part and pretty-prints the JSON so you can inspect claims like iss, sub, exp, and iat. No secret key is required — and no data is sent to any server.
How to use
- Paste a JWT token (the three dot-separated base64url strings) into the input panel.
- The decoded header, payload, and signature reference appear instantly in the output panel.
- Click Copy to share or log the decoded contents.
More Security & Crypto
Frequently Asked Questions
FAQs about JWT Parser / Decoder
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format used to transmit claims between parties. It consists of three base64url-encoded parts separated by dots: header.payload.signature.
Does this tool verify the JWT signature?
No. Verifying the signature requires the secret key or public key used to sign the token. This tool only decodes the header and payload for inspection — it does not validate authenticity.
What common claims can I find in the payload?
Common JWT claims include: sub (subject/user ID), iss (issuer), exp (expiration timestamp), iat (issued at), aud (audience), and nbf (not before).
Why does the expiration time show as a number?
JWT timestamps (exp, iat, nbf) are Unix timestamps — seconds since January 1, 1970 UTC. Use the Unix Timestamp Converter tool to turn them into readable dates.
Is it safe to paste my JWT here?
All decoding is done locally in your browser. No data is transmitted to any server. That said, treat JWTs like passwords — avoid pasting production tokens into any third-party tool.