// decode · audit · understand JSON Web Tokens

All decoding happens in your browser. Your token never leaves your device.
Header
Base64URL decoded
Payload
Base64URL decoded
Signature

The signature cannot be verified client-side without the secret key.
Always verify on your server using a trusted JWT library.

Security audit