Paste a JSON Web Token, see the header and payload, check expiry against now, and verify the signature for HS256 with a key. Runs entirely in your browser.
Issued at
Thu, May 16, 2024, 12:53 PM (730d ago)
Expires
Expires in 3078d (Thu, Oct 19, 2034, 09:46 AM)
Header
{
"alg": "HS256",
"typ": "JWT"
}Payload
{
"sub": "user_8a91",
"email": "ada@example.com",
"role": "admin",
"iat": 1715864000,
"exp": 2044864000
}Signature (HS256)
Everything runs in your browser. The secret never leaves your machine.
iat, nbf, and exp resolved to your local time with colour-coded status — no math required.
Paste a secret to check the signature using the browser's Web Crypto API. RS256 / ES256 verification deliberately not done client-side — keep those keys in your backend.
Tokens and secrets are processed entirely in the browser. Paste production tokens without paranoia.