Skip to content
BEAD

JWT Decoder

Decode and inspect a JSON Web Token's header, payload, and expiry.

DeveloperEncoding
Valid for 8219876003s longer (until 11/20/2286, 5:46:39 PM).
Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Payload
{
  "sub": "1234567890",
  "name": "Jane Doe",
  "iat": 1730000000,
  "exp": 9999999999
}
Claims
sub"1234567890"
name"Jane Doe"
iat1730000000 → 2024-10-27T03:33:20.000Z
exp9999999999 → 2286-11-20T17:46:39.000Z
SignatureQGzM_oo3zPL-Hg-aV0c5cBKYNjFcLG-3vKlGZ3yYRZwSignature is not verified by this tool.

🔒 Tokens are decoded entirely in your browser. Nothing is sent over the network.

About JWTs

A JSON Web Token has three Base64URL-encoded parts joined by dots:header.payload.signature. This tool decodes the first two — it does notverify the signature, which requires the issuer's public key or secret.

Common payload claims: iss (issuer), sub (subject), aud (audience), exp (expires), iat (issued at), nbf (not before). All numeric times are Unix seconds.

Frequently asked

Does this verify the signature?

No. The decoder only base64-decodes the header and payload so you can read them. Use JWT Secret Strength or your server-side library to verify the signature against a key — never trust a decoded JWT's claims without verification.

Is it safe to paste a real token in here?

The decoding runs entirely in your browser — the token is never sent to a server. Even so, treat production tokens like passwords: don't paste them on shared computers, and revoke the token if you suspect any leak.

Can I check if a token is expired?

Yes. After decoding, look at the payload's exp claim (Unix timestamp in seconds). If it's less than the current time, the token has expired. Many BEAD chains use the JWT Decoder workflow followed by Timestamp Converter.

You might also like

Used in these workflows