JWT Decoder

Decode a JWT's header and payload locally. Signature is NOT verified — never paste production tokens. Stays on your device.

When you need to peek inside a JWT — what's in the payload, when it was issued, whether it's already expired — paste it into the popup and read the result. Decoding happens entirely in your browser; nothing is sent to a server. Key features: - Paste any compact JWT (`xxxxx.yyyyy.zzzzz`) and instantly see decoded **Header** and **Payload** as pretty JSON - The raw **Signature** segment is shown as-is for reference - Standard claims (`iat`, `exp`, `nbf`) are rendered with a human-readable ISO timestamp plus a relative offset ("3 days ago", "in 14 minutes") - Expired tokens get a prominent red **EXPIRED** badge - Per-section "Copy" buttons for header, payload, and signature - Empty-state hint guides first-time users; invalid JWTs surface a clear error **Important**: this extension only *decodes*. It does **not** verify the signature and cannot tell you whether a token is authentic. Treat it as a read-only viewer, and never paste production tokens into any third-party tool. No data leaves your device.