ConvertiloConvertilo

Compress Image

Shrink image sizes without losing quality

Resize

Resize images for web and social media

Convert

Convert images to any format

Rounding

Round image corners online

Crop

Crop images to the exact composition you need

Remove Metadata

Remove EXIF and GPS data from photos

Aspect Ratio

Find the aspect ratio of an image or screen

Photo Watermark

Watermark on one or many photos

All Tools

Convert to PDF

Create PDFs from images and documents

Merge PDF

Combine multiple PDFs into a single file

Split PDF

Separate documents into the pages you need

Compress PDF

Reduce PDF file size

PDF to Images

Convert PDF to JPG, PNG or WebP

Sign PDF

Sign PDF documents online

All Tools

Numbers to Words

Convert numbers to text

Transliteration Online

Transliterate text

Case Converter

Change text case

Markdown Viewer

View Markdown files

JSON Pretty Print

Format and validate JSON

Trim Spaces

Remove extra spaces

Word Counter

Count characters and words

All Tools

QR Code Generator

Create QR codes

Barcode Generator

EAN-13, Code 128, UPC and more

Barcode Scanner

Decode barcodes from photo or camera

Internet Speed Test

Measure download and upload speed

Password Generator Online

Generate secure passwords

Base64 Encoder

Encode and decode Base64

Color Converter

Convert HEX/RGB/HSL colors

Time Zone Converter

Compare time zones

2FA Token Generator

Google Authenticator codes

All Tools

Percent Calculator

Calculate percentage of a number

Percent of Number

Find percentage ratio

Increase Number by Percent

Increase number by percentage

Decrease Number by Percent

Decrease number by percentage

VAT Calculator 2026

Calculate VAT

Discount Calculator

Calculate discounted price

All Tools

JWT Decoder Online — Decode JWT Tokens

Decode a JWT token and inspect its header, payload, issued-at (iat) and expiration (exp). Decoding happens locally in your browser — your token is not uploaded.

About JWT Decoder

A JWT (JSON Web Token) is a compact token of three dot-separated parts: header.payload.signature. Header and payload are base64url-encoded JSON, so they can be read without a secret. The signature protects the token from tampering and requires a key to verify. This tool only decodes the visible parts — everything happens in your browser, your token is never uploaded.

When you need a JWT decoder

Debugging authentication

Check what your auth server actually puts in the payload: user id, roles, scopes, claims. Compare iat/exp against server time when requests start returning 401.

Expired token

If your app reports "token expired", paste the JWT and instantly see exp in human-readable form — sometimes it's just the client clock that's wrong.

OAuth / OIDC payloads

When integrating with OAuth2 / OpenID Connect — see which claims your provider actually emits (sub, iss, aud, scope) and whether they match what you expect.

Reading id_token on the frontend

From id_token you often need to extract email, name or roles — the decoder shows the JSON you can later parse in code via atob.

FAQ

Is it safe to paste a JWT into this tool?

Decoding runs in your browser in JavaScript, the token is not sent to convertilo. Still, for production secrets prefer local utilities — public online tools are best avoided for live tokens.

Why isn't the signature verified?

Verifying the signature needs the secret (HS256) or public key (RS256/ES256). The decoder just splits the structure and shows claims — for cryptographic verification use a library (jsonwebtoken, jose, etc.).

Is JWT encryption?

No, a regular JWT (JWS) is signed but NOT encrypted. Anyone holding the token can read the payload. Don't put passwords, card numbers or other secrets inside it.

What do iat, exp, nbf, sub, iss, aud mean?

iat — issued at (unix seconds). exp — expiration. nbf — not before (when it becomes valid). sub — subject (user id). iss — issuer (who minted it). aud — audience (which service it's for).

Can I decode a JWT without the signing key?

Yes — header and payload are public, just base64url-encoded JSON. "Decoding" means base64url-decoding and parsing JSON, which is exactly what this tool does.

Other Tools & Utilities

QR Code2FA Generator2FA VaultQR decoder from imageBarcode ScannerBarcode GeneratorInternet Speed TestBase64Password Generator OnlineTime ZonesWhat Is My IP AddressUnity Log CleanerURL EncoderColor ConverterHash GeneratorUUID GeneratorUnix TimestampExcel date ↔ numberJSON ↔ CSVRegexPastebin

Other Tools

Images

Compress, convert, crop and more

PDF

Merge, split, convert

Text Tools

Convert, format, analyze

Calculators

Percentages, loans, deposits