Token tools

JWT Decoder & Token Inspector

Decode JWT headers and payloads, inspect exp and nbf claims, and copy token sections locally in your browser.

JWT input

Paste a token to inspect it locally.

This decoder does not verify signatures. Use it to inspect structure and claims before validating the token in your application or identity provider.

Status

Expired

No nbf claim

alg: HS256

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "usr_8f3a2b1c",
  "name": "Alex Chen",
  "iat": 1746053200,
  "exp": 1746056800,
  "scope": "api:read"
}

Signature

signature

Features

Segment Decoder

Separates header, payload, and signature with readable JSON output.

Claim Timing

Highlights expiration and not-before claims against your current browser time.

Verification Boundary

Clearly distinguishes inspection from cryptographic signature verification.

Private Tokens

Token text is decoded locally without a server round trip.

Algorithm View

Shows common header fields such as alg, typ, kid, and custom metadata.

Copyable Output

Copy decoded JSON into tests, bug reports, or auth debugging notes.

Frequently Asked Questions

No. It decodes and inspects JWT segments only. Signature verification requires a trusted secret or public key and should happen in your app or identity provider.

No. The token is parsed in your browser and is not sent to ZPTools servers.

The tool highlights exp and nbf timing, displays the algorithm from the header, and preserves every custom claim in the decoded payload.