ConverTools - Free Online Utilities & Converters

JWT Decoder

Paste JWT (header.payload.signature)

Header (base64)

(none)

Invalid or empty header

Payload (base64)

(none)

Invalid or empty payload

Signature

(none)

Verify — enter HMAC secret (raw) or RSA public key (PEM)

Notes:

Private Key, Public Key, Secret and Encoded tokens stay in your browser only.
Decoder supports base64url decoding and pretty-printing of header & payload.
Verification supports HMAC algorithms (HS256/384/512) and RSA (RS256/384/512) using Web Crypto — no external library required.
For RSA, paste the public key in PEM (SPKI) form. RSA verification uses RSASSA-PKCS1-v1_5 as commonly used by JWT RS algorithms.
Verification for EC (ES256/ES384...) or complex use-cases may require additional handling and is not included here.