Orbitautil
Token inspection

JWT decoder

Paste a JWT and inspect the readable header and payload claims without sending the token to an Orbitautil server.

Portuguese versionSearch all tools

How it works

  1. Paste a JWT token.
  2. Decode the header and payload.
  3. Review claims such as exp, iat, iss, aud and scopes.

Result

Fill in the fields to see the result

The processed output appears here after you run the tool.

Decode, not verify

JWT header and payload are Base64URL-encoded and readable. Signature verification requires the correct key and is outside this browser utility.

Handle tokens carefully

Tokens can act like credentials. Prefer test tokens and avoid sharing decoded values in screenshots or tickets.

Useful claims

Look at exp for expiration, iss for issuer, aud for audience and scope or roles for authorization context.

Common use cases

  • Debug authentication during API integration.
  • Check token expiration while developing.
  • Inspect claims from test tokens.

Limitations

  • This tool does not validate the signature.
  • Do not paste production secrets unless you understand the risk.
  • Encrypted or non-JWT tokens are not decoded.

Frequently asked questions

Does this validate the JWT signature?

No. It only decodes the visible header and payload.

Is the JWT uploaded?

No. Decoding runs in your browser.

Can I use a real production token?

Prefer test tokens. Real tokens should be treated as credentials.

Related English tools

English

JSON Formatter Online

Format, validate, pretty print, sort and minify JSON locally in your browser with clear parse errors.

English

JSON to TypeScript

Generate TypeScript interfaces from a JSON example directly in your browser.

English

Regex tester workflow

Prepare text samples and test regular expression patterns carefully before using them in code.