Formalint

Browser-based developer tools

JWT Decoder

Decode token headers and payloads, inspect common claims and check expiration times locally in the browser.

Open Regex tester

Token

0 bytes

Decoding is not signature verification. Never trust a JWT only because it can be decoded.

Decoded

Ready

JSON FormatterValidate and inspect JSON Regex TesterPattern matching and groups Timestamp ConverterUnix time and ISO dates

Reference notes

JWT inspection without a backend

Header and payload

JWTs are split into header, payload and signature sections. Formalint decodes the readable JSON sections so claims are easier to inspect.

Expiration claims

Common numeric date claims such as exp, iat and nbf are converted into ISO timestamps to make debugging authentication flows easier.

No verification

A decoded JWT can still be forged. Production systems must verify the signature, issuer, audience and expiration using trusted server-side code.