Encoding
Base64 Encoder & Decoder
Encode text to Base64 or decode Base64 values instantly.
Security
Decode JWT headers, payloads and expiration data.
{
"alg": "HS256",
"typ": "JWT"
}{
"sub": "1234567890",
"name": "BigForgeKit",
"iat": 1516239022
}Expiration
This token does not contain an expiration claim.
Token security
This tool decodes the token but does not verify its cryptographic signature.
Your JWT is decoded locally in the browser.
About this tool
A JWT decoder separates a JSON Web Token into its header and payload so you can inspect algorithms, claims, identifiers and expiration information. BigForgeKit performs this decoding locally and does not send your token to a server.
Features
Frequently asked questions
No. Decoding only reveals the token header and payload. Signature verification requires the appropriate secret or public key and knowledge of the expected algorithm.
The decoder runs locally in your browser and does not upload the token. Even so, avoid exposing production credentials on untrusted or shared devices.
The exp claim contains a Unix timestamp indicating when the token expires. After that time, applications should normally reject the token.
JWT header and payload sections are encoded, not encrypted. Anyone can decode them. Security comes from verifying the cryptographic signature.
Related tools