JWT Debugger
Decode and inspect JSON Web Tokens instantly. 100% client-side privacy - your tokens never leave your browser.
Last updated:
// Header will appear here
// Data claims will appear here
// Signature logic
Key Features
- Instant Decoding: See the Header and Payload of any JWT immediately upon pasting.
- Secure & Private: Processing happens locally. We never see or store your tokens.
- Visual Debugging: Color-coded sections help you distinguish between the Header, Payload, and Signature.
- Syntax Highlighting: Decoded JSON is formatted and highlighted for easy reading.
How to Use This Debugger
- Get a Token: Copy a JWT from your application header, local storage, or API response.
- Paste: Paste the token string into the top input box.
- Inspect: View the decoded Header and Payload JSON below. check user IDs, roles, and expiration times.
Why use a JWT Debugger?
JSON Web Tokens are the standard for modern authentication. They contain encoded information (claims) about the user. Developers need to inspect these tokens to verify:
- Expiration: Is the token expired? (check "exp" claim)
- Identity: Does it contain the correct user ID? (check "sub" claim)
- Permissions: Are the correct roles or scopes included?
Frequently Asked Questions
Is it safe to paste my production tokens here?
Yes. This tool runs entirely in your browser using JavaScript. Your tokens are never sent to our servers or any third party.
Does this tool verify the signature?
No, this is a debugger for inspection only. It does not verify the cryptographic signature against a secret key.
Why does my token say "Invalid"?
A valid JWT must have three parts separated by dots (header.payload.signature) and be Base64Url encoded. Check if you copied the entire string.