JWT Decoder & Encoder
Free · No Sign-up · No AdsDecode any JWT instantly — inspect header, payload, and expiry. Sign new tokens with HMAC in your browser.
What is a JWT Decoder?
A JWT (JSON Web Token) decoder splits a token into its three Base64url-encoded components — header, payload, and signature — and decodes each into readable JSON. It also checks the expiration claim (exp) so you can instantly see if a token is still valid without any server calls.
Why use Deepchill's JWT Decoder?
Deepchill's JWT tool runs completely in your browser using the built-in Web Crypto API. There's no server that sees your tokens. The color-coded panels (indigo for header, emerald for payload, rose for signature) make it easy to debug auth issues at a glance, and the live expiry countdown removes all ambiguity about token validity.
Common Use Cases
- Debugging auth failures: Paste the bearer token from an Authorization header to confirm it's not expired and contains the expected claims.
- Validating API responses: Inspect tokens returned by identity providers (Auth0, Cognito, Okta) to verify the correct scopes and roles are present.
- Creating test tokens: Use Encode mode to generate a signed HS256 token for local testing without spinning up a real auth server.
- Security audits: Inspect the header to ensure tokens use a secure algorithm (not "alg: none") and payloads don't contain sensitive data.
Example
JWT token → Decoded header & payload
Input
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8UOutput
{
"alg": "HS256",
"typ": "JWT"
}
---
{
"sub": "1234567890"
}