JWT Decoder
Paste a JSON Web Token. The header, payload, and signature are decoded in your browser — nothing is uploaded.
Valid formatalg: HS256typ: JWT
Header
{
"alg": "HS256",
"typ": "JWT"
}Claims
- alg
- HS256Algorithm used to sign the token
- typ
- JWTToken type (usually "JWT")
Payload
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022
}Claims
- sub
- 1234567890Subject — who the token is about
- name
- John DoeFull name of the subject
- iat
- 2018-01-18T01:30:22.000ZIssued at
Signature
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Verifying a signature requires the secret or public key used to sign the token. This tool only decodes — it does not verify.
How to use it
- 1Paste a JWT into the input field. The three parts (header, payload, signature) are color-coded.
- 2The decoded header and payload appear on the right as pretty-printed JSON.
- 3Standard claims (exp, iat, nbf, iss, sub, aud) are explained and shown as human-readable dates.
- 4On Chrome with the Prompt API enabled, hit Explain to get a Gemini Nano summary of what the token grants and to whom — useful for unfamiliar issuer formats.
Common use cases
- Quickly check whether a token has expired or is not yet valid.
- Inspect which algorithm an authentication token uses.
- Read the claims of a token you received from an API for debugging.
- Verify that the issuer, audience, or subject match what you expect.
- Get a plain-English summary of an unfamiliar token's permissions via on-device AI.
Frequently asked questions
- Is my token sent anywhere?
- No. The token is decoded entirely in your browser — it never leaves your device. Even the optional AI Explain runs on-device via Chrome's Gemini Nano.
- Does this verify the signature?
- No. Verification requires the secret or public key used to sign the token, so this tool only decodes the contents. Decoding a JWT without the secret is safe and is the standard way to inspect one.
- What algorithms are supported?
- Any JWT can be decoded regardless of the signing algorithm (HS256, HS512, RS256, ES256, etc.) — the tool reads the `alg` field from the header and displays it.
- What if my token isn't a JWT?
- The tool expects three Base64URL-encoded segments separated by dots. If the input doesn't match that structure, it'll tell you what's wrong.
- How does the AI Explain feature work?
- It uses Chrome's built-in Prompt API (Gemini Nano), running the model entirely on your device. The button only shows up if your browser supports it (Chrome 138+); on other browsers the decoder works normally without it.
- How does this compare to jwt.io?
- jwt.io by Auth0 is the most popular JWT decoder online, but it sends your token to their servers in some configurations and requires trust in a third-party service. snaptxt's JWT Decoder runs entirely in your browser — your token never leaves your device. It also adds on-device AI explanation, color-coded claim highlights, and a built-in generator tool alongside the decoder.
Try next
JWT Generator
Sign JSON Web Tokens with HS256/384/512, RS256/384/512, or ES256/384. In-browser key generation, no server.
Base64 Encode / Decode
Encode and decode text and files to and from Base64.
X.509 Certificate Decoder
Paste a PEM-encoded X.509 certificate — inspect subject, issuer, validity, SANs, key usage, and SHA fingerprints. Free, in your browser.