Paste a JWT token — the service decodes the header, payload and shows expiration times.
JSON Web Token (JWT) is a compact format for transferring claims between parties. A token consists of three Base64url-encoded parts separated by dots: Header, Payload, and Signature.
iss — Issuer: who issued the token;sub — Subject: who the token was issued to;aud — Audience: intended recipient;exp — Expiration Time: token expiry (Unix timestamp);nbf — Not Before: token is not valid before this time;iat — Issued At: time the token was issued.No, this tool does not verify the token signature and cannot confirm its authenticity. It only decodes the header and payload, showing the expiration time (exp) and other claims. Full token verification requires the secret key or the issuer's public key and must be done server-side.
Make sure you copied the complete JWT including the signature (all three parts separated by dots). The token must be a valid Base64url-encoded string. If the error persists, the token may contain invalid characters or be corrupted. Try generating a fresh test token to confirm the issue.
No, this tool is designed for signed JWT (JWS) only. If the token is encrypted (JWE), the decoder cannot decrypt the payload because a private key is required. In that case only the header will be visible, while the payload will appear as an opaque encrypted string.