Can I verify a JWT signature?

Yes. Provide the shared secret (HS256) or public key (RS256) and the tool will verify the signature locally.

Does this tool check token expiration?

Yes. The exp and iat claims are parsed and displayed with a clear expired/valid badge.

Everything runs in your browser. The token is never sent to any server.

Algorithm

HS256

Header alg

Expired

Based on exp claim

Claims

Payload keys

Verify

Not verified

HS256 only

Token Input· Paste a JWT and optionally add a shared secret for HS256 verification.

Session TitleHS256 Secret

Decoded Claims· Header and payload are decoded locally in the browser.

{
  "alg": "HS256",
  "typ": "JWT"
}

{
  "sub": "usr_01",
  "email": "hello@example.com",
  "roles": [
    "admin"
  ],
  "exp": 4102444800
}

Claim Table· Top-level payload claims with a quick expiration readout.

subusr_01

emailhello@example.com

roles["admin"]

exp4102444800