DevForge

JWT Decoder

Decode a JSON Web Token's header and payload instantly in your browser, with issue/expiry times shown as human-readable dates. This is a decoder, not a verifier — it never checks the signature against a key.

Encoded Token
Header
Payload
Signature
Not verified — shown as-is, never checked against a key.

Decode, Not Verify

Reads the header and payload only. Signature verification is intentionally out of scope, so it's never claimed.

Human-Readable Timestamps

iat, exp, and nbf claims are shown as real dates, with expired tokens flagged clearly.

Local Processing

Your token never leaves your browser. Privacy first decoding.

Frequently Asked Questions

We use a small amount of analytics to understand how DevForge is used. Nothing you paste into any tool is ever collected — that stays in your browser. Learn more.