Paste a JWT, inspect the claims. Nothing leaves your browser.
JWTs are everywhere — auth tokens, OAuth flows, session cookies, signed URLs — and being able to peek at the claims is a daily debugging task. Paste a token and this decoder splits it into header and payload, parses the base64url segments, pretty-prints the JSON, and shows you the issued-at, expiry, and audience claims so you can spot a mismatched issuer or an expired token in seconds. Note: this tool does not verify the signature — that requires the issuer's public key and is a separate concern. The decode itself runs entirely in your browser, so you can safely drop production tokens here without worrying about logs on a third-party server. Sign in to save common tokens as snippets in your sidebar.