Decode JWT header and payload claims for free. Inspect issued and expiry times locally without sending tokens to a server.
Decoded locally. This tool does not verify the signature, so never treat decoded claims as trusted.
No. Base64URL decoding happens locally in your browser.
No. Decoding only reveals the header and payload. Your application must verify the signature with the correct trusted key before accepting claims.
They should not. JWT payloads are encoded, not encrypted, and anyone holding the token can usually read them.
exp is the expiry time and iat is the issued-at time, represented as Unix timestamps in seconds.