JWT decoder 🪪

Paste a token and see what it is actually saying: the header, the payload, the dates spelled out, and whether it has gone off. The token stays here with you. (decoding happens in your browser, not on some server having a nosy.)

Your token

no expiry setHS256

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "Thomas 🖍️",
  "iat": 1516239022
}

The dates, spelled out

iat (issued)Jan 18, 2018, 1:30:22 AMThu, 18 Jan 2018 01:30:22 GMTraw: 1516239022

Check the signature

This token is signed with HS256, which is the one kind I can actually check here. Paste the secret and I will run the maths.

Handy for squinting at a token without trusting it to a website. (this one genuinely cannot phone home. there is no home to phone.)