SolveBar
All tools
developer

JWT Decoder

Decode and inspect JWT tokens securely in your browser. Your tokens are never sent to a server, ensuring your sensitive authentication data remains 100% private.

🟢
Token validExpires in 95176d
Expires: Nov 20, 2286, 5:46:39 PMIssued: Jan 18, 2018, 1:30:22 AM
HeadereyJhbGciOiJIUzI1NiIsInR5cCI6Ik...
PayloadeyJzdWIiOiIxMjM0NTY3ODkwIiwibm...
SignatureSflKxwRJSMeKKF2QT4fwpMeJf36POk...

Header

"alg": "HS256"
"typ": "JWT"

Payload

"sub": "1234567890"
"name": "John Doe"
"iat": 1516239022// 1/18/2018, 1:30:22 AM
"exp": 9999999999// 11/20/2286, 5:46:39 PM

Signature

SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
⚠ Signature cannot be verified without the secret key

Claims summary

sub
1234567890
name
John Doe
iat
1/18/2018, 1:30:22 AM
exp
11/20/2286, 5:46:39 PM
Token inspected? You can format the JSON payload inside it, or convert timestamps.Private JSON Formatter

🔒 100% Private - Your JWT tokens never leave your browser. No server upload, no tracking, works offline. Decode and inspect any JWT (JSON Web Token) instantly with SolveBar's JWT Decoder. See the header algorithm, all payload claims, expiry status, and issued-at time in a readable format — without installing any tools or writing any code.

What is a JWT and how does it work?

A JSON Web Token consists of three Base64URL-encoded parts: header (algorithm and token type), payload (claims like user ID, expiry, roles), and signature (verification the token has not been tampered with). Anyone can decode the header and payload — only the server holding the secret key can verify the signature.

Important JWT claims explained

The exp claim is the expiry timestamp (Unix time). The iat claim is issued-at. The sub claim is the subject, usually a user ID. The iss claim is the issuer. The aud claim is the intended audience.

JWT security considerations

Never include sensitive data in JWT payloads — they are encoded, not encrypted. Always verify the signature server-side before trusting claims. Use short expiry times (15 minutes to 1 hour) for access tokens and store them in httpOnly cookies rather than localStorage to prevent XSS theft.

Frequently Asked Questions

Does this work offline?

Yes — once loaded, this tool works completely offline. Your JWT tokens are decoded entirely in your browser with JavaScript.

Is it safe to paste my JWT here?

Decoding runs entirely in your browser — no data is sent to any server. However, avoid pasting production tokens from critical systems into any online tool as a general practice.

Can this tool verify JWT signatures?

No — signature verification requires the secret key which only your server should hold. This tool decodes the readable parts (header and payload) only.

Why does my token show as expired?

The exp claim is compared against your browser's current time. If your system clock is wrong, or the token was issued with a past expiry, it will show as expired.

Other Tools

Password Generator

Generate strong, secure random passwords instantly.

Crypto Portfolio Tracker

Track your crypto holdings with live prices and P&L.

Pomodoro Timer

Focus timer with 25/5 sessions, streaks and daily history.

QR Code Generator

Generate and scan QR codes for URLs, text, WiFi and more.

Markdown Editor

Full markdown editor with live preview and document library.

Chart Builder

Build bar, line, pie and scatter charts from CSV data — no signup.

Resume / CV Builder

Build a professional resume and export as PDF — free, no watermark.

Image Compressor

Compress images to reduce file size without losing quality.

Image Format Converter

Convert images between JPG, PNG, WebP and GIF formats.

PDF Merger

Combine multiple PDF files into one.

PDF Splitter

Split a PDF into individual pages or page ranges.

PDF Canvas Builder

Build PDFs from scratch with a drag-and-drop canvas.