Authentication debugging
Decode payloads to review claims such as exp, aud, or scopes during sign-in troubleshooting.
Decode JWT headers or payloads without verifying the signature.
Result
Run the tool to see the result here
Overview
Inspect JSON Web Tokens by decoding the header or payload in isolation. JWT Inspector never touches the signature, making it safe to debug tokens copied from production.
Use Cases
Metadata review
Inspect header fields like alg or kid to confirm the algorithm and key identifiers being used.
Security audits
Verify that tokens issued by different services contain the expected claims and structures.
How to Use
Paste a full token
Provide the complete header.payload.signature string. Only the selected segment is decoded.
Pick header or payload
Switch segments instantly to compare metadata and claim contents without re-running the tool.
Share safely
Copy decoded JSON when filing issues or sharing context—never expose the signature itself.
Frequently Asked Questions
Does the tool verify signatures?
No. JWT Inspector only decodes Base64URL strings. Always verify signatures within your application when security matters.
Why do I get an invalid token error?
Ensure the token contains three dot-separated segments. Signed tokens missing the signature or copied with whitespace will fail to decode.