Free JWT Decoder & Verifier

JWT Decoder & Signature Verifier (HS256 and RS256)

Our free online JWT Decoder allows you to decode, inspect, and verify JSON Web Tokens instantly. This tool supports both HS256 (HMAC SHA-256) and RS256 (RSA SHA-256) algorithms and performs all operations directly in your browser for maximum security and privacy.

Whether you are debugging authentication issues, validating API responses, or inspecting OAuth tokens, this JWT verifier helps you quickly analyze header, payload, expiration time, and signature validity without uploading your token to any server.

What is a JSON Web Token (JWT)?

A JSON Web Token (JWT) is a compact, URL-safe token format used to securely transmit claims between systems. It consists of three parts separated by dots:

• Header – Specifies the signing algorithm (HS256, RS256) and token type.
• Payload – Contains claims such as user ID, expiration (exp), issued time (iat), and roles.
• Signature – Ensures the integrity of the token.

Supported JWT Algorithms

• HS256 – Uses a shared secret to sign and verify tokens (HMAC SHA-256).
• RS256 – Uses a private key for signing and a public key for verification (RSA SHA-256).

If your application uses symmetric signing (HS256), simply enter your shared secret to verify the token. For asymmetric tokens (RS256), paste your public key in PEM format to validate the signature.

JWT Expiration Checker

This tool automatically detects the exp claim and displays:

• Exact expiration date and time
• Live countdown timer
• Expired status with elapsed time

This makes it easy to debug authentication failures caused by expired tokens.

Is This JWT Decoder Secure?

Yes. All decoding and verification happens locally in your browser using the Web Crypto API. Your token, secret, and public key are never sent to any server.

Frequently Asked Questions (FAQs)