JWT Debugger / Decoder
Decode the header, payload, and signature of a JSON Web Token.
Paste your JWT. Header and payload are base64url-decoded; signature is shown raw.
Header
{
"alg": "HS256",
"typ": "JWT"
}Payload
{
"sub": "1234567890",
"name": "Jane Doe",
"iat": 1700000000
}Signature
FQ-fH_yKHv0fHxdTGYj3T4-_kGmNvJ7iGmJj9hWmzPI
Signature is shown raw. This tool does NOT verify signatures — that requires the secret or public key.
About this tool
Pure client-side base64url decoding. Decoder does NOT verify the signature. To verify HS256 you need the shared secret; for RS256 / ES256 you need the issuer's public key. Never paste production tokens into untrusted online debuggers; even local ones can leak via browser history. On infoz, your token never leaves the page — but use a local CLI for sensitive secrets.
All processing happens entirely in your browser — no input is sent to our servers.