TetraKits
The TetraKits JWT Decoder runs entirely in your browser — free, private, and ready on mobile or desktop.
Overview
OAuth flows, API debugging, and session troubleshooting all require reading JWT claims — but pasting production tokens into third-party sites is a security risk. This browser decoder parses header and payload locally without uploading your token.
How to use the jwt decoder
Paste a JSON Web Token to decode the header and payload sections as formatted JSON — inspect claims, expiration, and issuer without sending the token to any server.
Common use cases
Paste a JSON Web Token to decode the header and payload sections as formatted JSON — inspect claims, expiration, and issuer without sending the token to any server. Bookmark the tool for quick access during projects.
FAQ
Does this verify JWT signatures?
No. This decoder only reads header and payload. Signature verification requires the secret or public key.
Why is my token invalid?
JWTs must have exactly three Base64url parts. Check for truncation or extra whitespace.
Can I decode expired tokens?
Yes. Decoding works regardless of expiration — check the exp claim in the payload.
Is decoding a JWT secure?
JWT payloads are not encrypted — anyone with the token can decode them. Do not put secrets in payloads.
Is this JWT decoder free?
Yes. Unlimited decoding with no signup; tokens stay on your device.
