Decode a JSON Web Token (JWT) online to read its header and payload claims, including expiry, in your browser.
Paste a JWT to instantly read its header and payload, and see whether it has expired or is not yet valid. Decoding does not need the secret — it just Base64URL-decodes the token, all locally.
No. Anyone can read a JWT's contents; that is why you must never store secrets in it. Use the JWT verifier to check the signature.
exp is the expiry time and nbf the "not before" time, both as Unix seconds. This tool flags expired and not-yet-valid tokens for you.