AAG Tool Kit

JWT decoder

Paste a JWT to decode and inspect the header and payload. Standard claims like expiry and subject are highlighted for quick review. Signature is not verified — see the note in the tool.

runs on-device

How it works

What is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe token format used to transmit claims between parties. It has three base64url-encoded sections separated by dots: header (algorithm and token type), payload (claims), and signature (used to verify the token hasn't been tampered with).

Why does this tool only decode, not verify?

Verifying a JWT signature requires the secret key or public key that was used to sign it. This tool only has access to what's in the token itself — it can read the header and payload but cannot confirm the signature is valid without the signing key.

Which standard claims are highlighted?

exp (expiration time), iat (issued at), sub (subject), and iss (issuer) are displayed in a summary panel with human-readable dates. The full payload is also shown as formatted JSON.

Is the token sent to a server?

No. Decoding is done entirely in your browser using the native atob function. Nothing you paste here leaves your device.