Skip to tool
All tools
FeuTex · free tools runs in-browser no bloat built by LiMiT

JWT Formatter

Decode a JSON Web Token (JWT) into readable JSON. This tool pretty-prints the header and payload, checks the token structure, and highlights common timestamp claims (exp/iat/nbf). Everything runs locally in your browser.

Category: Developer · URL: /tools/jwt-formatter.html
JWT Input
Output (decoded JSON)
Notes: This tool does not verify signatures. It decodes base64url and parses JSON locally.
Related tools
JSON Formatter YAML Tool Like jq XML Tools Notepad++ Online Regex Checker C# Cron Formatter Hash Formatter Ruby Hash Formatter XML Checker SEPA
Privacy: runs locally in your browser. No uploads, no tracking scripts.

How to use

Use this JWT formatter to quickly inspect what a token contains.

  1. Paste the JWT (optionally starting with Bearer) into the input box.
  2. Select an output mode (full/header/payload) and optionally enable key sorting.
  3. Click Decode & Format to pretty-print the result.
  4. Use Copy to copy the output or Minify Output to compress it.
Keywords this page targets (natural cluster): jwt formatter, jwt formatter online, jwt decoder, decode jwt token, pretty print jwt, jwt header formatter, jwt payload formatter, jwt parse token, jwt exp iat nbf viewer, jwt claims inspector, jwt structure validator, base64url decode jwt, bearer token decoder, extract jwt payload, extract jwt header, jwt json pretty print, jwt token checker, jwt debug tool, jwt decode without verify
Secondary intents covered: Decode a JWT into header and payload JSON, Pretty-print and optionally sort keys for readability, Validate a JWT has 2 or 3 dot-separated parts, Extract only the payload or only the header, Inspect exp/iat/nbf timestamps as human-readable dates, Copy the decoded JSON for debugging or logging, Troubleshoot malformed/base64url-invalid tokens, Minify the decoded output JSON for compact sharing

FAQ

Does this JWT formatter verify the signature?

No. It decodes base64url and parses JSON; signature verification requires a key/secret and is out of scope here.

Is my token sent to a server?

No. The decoder runs locally in your browser and makes no network requests.

What JWT formats are supported?

Standard JWS-style JWTs with 2 or 3 parts (header.payload[.signature]). It does not decrypt JWE tokens.

Why do I get “non-base64url characters”?

The token contains characters outside base64url (A–Z, a–z, 0–9, _ and -). Remove quotes/whitespace and paste the raw token.

How are exp/iat/nbf shown?

If present and numeric, they’re converted from Unix seconds to ISO and local date strings in the output.

Can I extract only the payload?

Yes—switch the output mode to Payload only to print just the decoded payload JSON (plus small metadata).

Why does the output say the signature is not verified?

Decoding only shows what’s inside the token; it does not prove who created it or whether it was tampered with.