jwt-decode
JWT Decode
Decode a JWT by base64url-decoding its header and payload. Does NOT verify signatures — use jwt-validate for that.
Steps
- Split the token on
.into three parts (header, payload, signature). - Base64url-decode and parse parts 1 and 2 as JSON.
- Display header, payload (with all claims), and the raw signature string.
- For
exp,nbf,iat— show both the Unix timestamp and human-readable UTC. Ifexpis past, note expired and by how long. - Run security checks (see below).
Output Format
## Header
{ "alg": "RS256", "typ": "JWT", "kid": "abc123" }
More from jsonwebtoken/jwt-skills
jwt-encode
Create and sign JSON Web Tokens (JWTs) for testing and development. Use when the user wants to generate, create, build, or sign a JWT — e.g. "create a JWT", "generate a test token", "sign this payload", "make a JWT with these claims", "build an access token". Supports HMAC, RSA, and ECDSA algorithms.
129jwt-validate
Verify and validate JSON Web Tokens (JWTs) by checking signatures, expiration, claims, and structure. Use when the user wants to verify, validate, or check a JWT — e.g. "verify this token", "is this JWT valid", "check the signature", "validate this token against my JWKS", "is this token expired". Supports HMAC, RSA, and ECDSA with secrets, PEM keys, or JWKS endpoints.
124