JWT

Decode header and payload. Verify HMAC signatures.

jwt

runs in your browser · nothing uploaded

How it works

Paste a JWT. Header and payload are base64url-decoded locally.
For HS256/384/512, paste the shared secret to verify the signature.
Expiry (exp) and issued-at (iat) are formatted as dates.