snaptxt.app

JWT Decoder

Paste a JSON Web Token. The header, payload, and signature are decoded in your browser — nothing is uploaded.

Valid formatalg: HS256typ: JWT
Header
{
  "alg": "HS256",
  "typ": "JWT"
}
Claims
alg
HS256
Algorithm used to sign the token
typ
JWT
Token type (usually "JWT")
Payload
{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022
}
Claims
sub
1234567890
Subject — who the token is about
name
John Doe
Full name of the subject
iat
2018-01-18T01:30:22.000Z
Issued at
Signature
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Verifying a signature requires the secret or public key used to sign the token. This tool only decodes — it does not verify.

How to use it

  1. 1Paste a JWT into the input field. The three parts (header, payload, signature) are color-coded.
  2. 2The decoded header and payload appear on the right as pretty-printed JSON.
  3. 3Standard claims (exp, iat, nbf, iss, sub, aud) are explained and shown as human-readable dates.
  4. 4On Chrome with the Prompt API enabled, hit Explain to get a Gemini Nano summary of what the token grants and to whom — useful for unfamiliar issuer formats.

Common use cases

  • Quickly check whether a token has expired or is not yet valid.
  • Inspect which algorithm an authentication token uses.
  • Read the claims of a token you received from an API for debugging.
  • Verify that the issuer, audience, or subject match what you expect.
  • Get a plain-English summary of an unfamiliar token's permissions via on-device AI.

Frequently asked questions

Is my token sent anywhere?
No. The token is decoded entirely in your browser — it never leaves your device. Even the optional AI Explain runs on-device via Chrome's Gemini Nano.
Does this verify the signature?
No. Verification requires the secret or public key used to sign the token, so this tool only decodes the contents. Decoding a JWT without the secret is safe and is the standard way to inspect one.
What algorithms are supported?
Any JWT can be decoded regardless of the signing algorithm (HS256, HS512, RS256, ES256, etc.) — the tool reads the `alg` field from the header and displays it.
What if my token isn't a JWT?
The tool expects three Base64URL-encoded segments separated by dots. If the input doesn't match that structure, it'll tell you what's wrong.
How does the AI Explain feature work?
It uses Chrome's built-in Prompt API (Gemini Nano), running the model entirely on your device. The button only shows up if your browser supports it (Chrome 138+); on other browsers the decoder works normally without it.
How does this compare to jwt.io?
jwt.io by Auth0 is the most popular JWT decoder online, but it sends your token to their servers in some configurations and requires trust in a third-party service. snaptxt's JWT Decoder runs entirely in your browser — your token never leaves your device. It also adds on-device AI explanation, color-coded claim highlights, and a built-in generator tool alongside the decoder.