How to decode a JWT in your browser

JSON Web Tokens (JWTs) are opaque strings at first glance, but decoding them takes less than a second. This guide shows you how to decode a JWT directly in your browser using quickhelp.dev — no library, no terminal, no sign-up required. Just paste your token and you'll see the header algorithm, the payload claims, and the raw signature in a readable JSON format. Ideal for debugging authentication issues, checking token expiry, or inspecting claims from a third-party identity provider.

Step-by-step guide

1. Copy your token: Grab the JWT from your browser's developer tools (Application → Cookies or Network → Authorization header) or from your code.
2. Paste into the decoder: Open the JWT Decoder at quickhelp.dev/jwt-decoder and paste the token into the input field. The header and payload appear instantly.
3. Read the claims: Look for 'exp' (expiry as a Unix timestamp), 'sub' (subject/user ID), 'iss' (issuer), and any custom claims your application adds.

Frequently asked questions

Does decoding a JWT verify it?

No. Decoding only reveals the contents. Verification requires the secret or public key to confirm the signature has not been tampered with.

Is my token sent to a server when I decode it?

The browser-side decoder runs entirely in JavaScript — no network request is made. For API-based decoding, the token is sent over HTTPS and never stored.