Is it safe to paste my JWT token here?

Yes. All decoding happens locally in your browser using JavaScript's built-in atob() function. Your token is never transmitted to any server.

Can this tool verify the JWT signature?

This tool decodes and inspects the token content. Signature verification requires the signing secret or public key, which is a server-side operation.

What JWT algorithms are supported?

The decoder works with any JWT regardless of algorithm (HS256, RS256, ES256, etc.) since it only decodes the Base64 content without verifying the signature.

Why is it important to debug JWTs locally?

JSON Web Tokens often contain sensitive user information (like emails, roles, and IDs). Decoding them on a third-party server exposes that data to potential logging or interception.

Can I edit the payload and re-sign the token?

No, this tool is strictly for decoding and inspection. To re-sign a token, you must have access to the original private key or secret used by your authentication server.

What does a JWT signature do?

The signature guarantees that the token hasn't been tampered with. If an attacker modifies the payload, the signature will no longer match, and the receiving server will reject the token.

JWT Debugger - Decode Tokens Offline

Decode and inspect JSON Web Tokens securely in your browser. View header, payload, and expiration status without any server requests.

Token Inspector

lock Processing Locally

Paste JWT Token

Header Payload Signature

Header (JOSE)

Header will appear here...

Payload (Claims)

Payload will appear here...

info

About JWT Debugger

Our JWT Debugger is a free, offline token inspector that lets you decode and inspect JSON Web Tokens without sending them to any server. Developers frequently need to check the payload of a JWT but are hesitant to paste active session tokens into random websites. This tool decodes the Base64 token locally to show the header and payload data without ever making a network request.