KoguNavi

JWT / OIDC Token Decoder

Paste a JWT to inspect its header, payload, common OIDC claims, and expiration timing. This decodes only; it does not verify signatures.

Developer tools

What it helps with

  • Inspect OIDC claims while debugging login flows
  • Check token expiration before testing an API call
  • Copy issuer, audience, subject, scope, or group values

How to use

  1. Paste a JWT into the input area.
  2. Decode it to inspect header, payload, and common claims.
  3. Copy the decoded JSON or individual values you need for debugging notes.

Examples

OIDC-style token

Input

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2lzc3Vlci5leGFtcGxlIiwic3ViIjoidXNlci0xIiwiYXVkIjoiY2xpZW50LTEiLCJzY29wZSI6Im9wZW5pZCBlbWFpbCIsImV4cCI6MTgwMDAwMDAwMCwiaWF0IjoxNzAwMDAwMDAwfQ.signature

Output

iss, sub, aud, scope, exp, iat

Cognito groups

Input

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb2duaXRvOmdyb3VwcyI6WyJhZG1pbiIsIm9wcyJdLCJ1c2VybmFtZSI6InJpbiIsImV4cCI6MTgwMDAwMDAwMH0.signature

Output

admin, ops

Good to know

  • Decodes only; does not verify signatures.
  • Does not fetch JWKS or call any identity provider.
  • Do not paste production secrets or sensitive live tokens into any website.
  • Encrypted JWT/JWE tokens are not supported.

FAQ

Does this verify the JWT signature?
No. It decodes header and payload only. Signature verification requires trusted keys and is intentionally out of scope.
Does it call a JWKS or identity-provider API?
No. It does not make network calls for token processing.
Should I paste production tokens?
Avoid pasting live secrets or sensitive production tokens into any website. Use redacted or test tokens when possible.

Nearby utilities from the KoguNavi toolbox.

Browse all tools