CorexoTools

JWT Decoder

Decode JSON Web Tokens — inspect header, payload, and expiry. Runs entirely in your browser.

What is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims transferred between two parties. It consists of three base64url-encoded parts separated by dots: a header, a payload, and a signature. JWTs are widely used for authentication and information exchange in REST APIs and single-page applications.

How to Decode a JWT

  1. Copy a JWT from your browser DevTools, Authorization header, or code.
  2. Paste it into the input field above.
  3. Click Decode to see the header, payload, and signature.
  4. Check the exp claim to see when the token expires.

Common JWT Claims

subSubject — the user or entity the token refers to.
issIssuer — who created and signed the token.
expExpiration time — when the token expires (Unix timestamp).
iatIssued at — when the token was created.
nbfNot before — the token is invalid before this time.

Is this tool secure?

Yes. Decoding happens entirely in your browser using standard JavaScript — no token is ever sent to any server. This tool only decodes (base64url-decodes) the token; it does not verify the signature. For signature verification, use your backend with the appropriate secret or public key.