Vaulted

JWT Decoder & Inspector

Decode JSON Web Tokens to inspect claims, check expiration, and spot security issues.

Your token never leaves your browser. Decoding happens 100% client-side.

What is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and authorization. It contains three base64-encoded parts: a header (algorithm and type), a payload (claims like user ID and expiration), and a signature.

What does this tool check?

The decoder warns about expired tokens, missing standard claims (issuer, expiration), and the dangerous algorithm "none" which disables signature verification entirely. Timestamp claims are shown with relative times for quick debugging.

Need to share a JWT securely?

JWTs often contain sensitive claims. Share them via an encrypted, self-destructing link instead of pasting in chat.