Decode, annotate, and verify JSON web tokens. Tokens never leave your browser.
alg: none accepts an unsigned token. Never use in production.
Paste a token to inspect the header, payload, and signature without sending it to another service. That makes it useful for debugging auth issues quickly and locally.
If you already have the secret or public key, the verify action gives you a direct yes-or-no signature check on the same screen.
Expired and unsafe tokens are called out directly, and suspicious HTML-like content is shown as plain text instead of behaving like live page content.
