Paste a JSON Web Token to decode its header and payload. Optionally verify signatures with HMAC, RSA, ECDSA, or RSA-PSS keys.
All decoding and verification happens in your browser — tokens are never sent to a server. Be careful where you paste JWTs as they may grant access to resources.