Debugbits

JWT Decoder

Decode and verify JSON Web Tokens.

Paste a token to see header/payload JSON, expiration details, and signature validity. We never store or transmit your data.

Supports HS256 / HS384 / HS512
Runs Locally in your browser
Output JSON + diagnostics

JWT input

Tip: signature checks only work for HMAC-based tokens. For RSA/ECDSA, use your key material and validation tooling.

Diagnostics

Waiting for token

Header

Payload

--

Signature

--
Expected --

Timestamps

--

Issues

  • Waiting for token input.

JWT decoding tips

Signature mismatch

Use the exact secret, algorithm, and token string. Any whitespace changes the HMAC.

Expired tokens

Check exp/nbf/iat values and compare to the issuer clock for drift.

Algorithm confusion

Ensure the header alg matches your verifier selection and your auth provider settings.

Related tools

OAuth 2.0 Error Explainer

Translate auth errors into clear causes and fix steps.

JSON Schema Validator

Validate payloads and pinpoint schema violations.

Webhook Signature Validator

Verify Stripe, GitHub, Shopify, and Slack signatures.

Base64 Encoder / Decoder

Decode token segments or encode test payloads.

Timestamp / Epoch Debugger

Inspect exp/nbf/iat timestamps quickly.

cURL / Fetch / Axios Converter

Convert auth requests between cURL, Fetch, and Axios.

Regex Editor

Test token parsing patterns and capture groups.

Explore the full toolkit.

Jump into another utility or browse everything in one place.

Browse all tools Back to home Suggest a tool