JWT Decoder & Verifier
Decode JSON Web Tokens and verify HS/RS/ES/PS signatures — fully in your browser
—
—
Why people choose us
Private by design
Your input is processed securely and never sold. Client-side tools never leave your browser at all.
Instant & free
No installs, no waiting. Results in seconds, right in your browser, on any device.
Free forever
No sign-up, no watermarks, no limits. All client-side tools are free to use as much as you like.
Frequently asked questions
Is my token sent to a server?⌄
No. Decoding and signature verification happen entirely in your browser using the Web Crypto API. Your token, secret and keys never leave your device, so it is safe to inspect production tokens.
Which signature algorithms can you verify?⌄
HS256/384/512 with a shared secret (UTF-8 or base64url), and the asymmetric families RS256/384/512, PS256/384/512 and ES256/384/512 by pasting the PEM public key. For asymmetric tokens you only need the public key, never the private key.
A JWT is not encrypted — what does that mean?⌄
A standard JWT is only base64url-encoded and signed, not encrypted, so anyone can read its payload. Never put secrets in a JWT. The signature only proves the token was not tampered with by someone without the key.