XowiaScan
Home Tools Pricing API Docs About Sign in Get started
← All tools

JWT Decoder

Converters

Decode and inspect a JWT’s header, claims and expiry without sending it anywhere.

What is JWT Decoder?

JWT Decoder splits a JSON Web Token into its header and payload, decodes the Base64URL segments and presents the claims in readable form — including human-friendly expiry and issued-at times.

It runs entirely in your browser, so even live session tokens are safe to inspect.

What it shows

  • Header — algorithm and token type, plus risky-header awareness.
  • Claims — the full decoded payload in readable JSON.
  • Timestamps — exp, iat and nbf converted to human dates.
  • Local-only — the token never leaves your browser.

Where it fits in your workflow

  • Read what a captured token actually contains and when it expires.
  • Spot weak algorithms and over-broad claims at a glance.
Use JWT Decoder

Free, in-browser — no sign-up needed to try.

Create free account Sign in

At a glance

CategoryConverters
RunsIn your browser
Token cost Free — no tokens
AccessFree · no login to try
Status● Live

Frequently asked questions

Does it verify the signature?

It decodes and inspects the token (no secret needed). For offline secret cracking and signature attacks, use the Vulnerability Scanner’s server-side JWT engine.

Explore more tools →