Select a Category Select a Tool

Polymorpher

The Utility Factory — Free Developer Tools

Convert, transform, beautify & decode — all in one place.

🛠️ 11+ Tools
🌐 10 Languages
💰 100% Free
🔒 Zero Data Stored

⚡ All Tools

💡 Daily Fact Today
💻

Did You Know?

Select a tool from the sidebar to get started, or explore our free developer utilities.

About this Tool

JWT Token Decoder — Inspect Header & Payload

Decode JSON Web Tokens (JWT) instantly to inspect their header and payload without needing the signing secret. Paste any JWT and see the decoded JSON with proper formatting — algorithm, token type, claims, expiration, issuer, and all custom fields.

Essential for debugging OAuth2 flows, inspecting API authentication tokens, verifying token claims, and understanding JWT structure. The decoder handles both URL-safe Base64 encoding and standard Base64 with automatic padding correction.

Note: This tool decodes but does not verify JWT signatures. Signature verification requires the signing secret/key. Your tokens are never stored or logged — 100% stateless and privacy-safe.

Live Examples

Example 1 — Decode a standard JWT

Input:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Output:

═══ HEADER ═══
{ "alg": "HS256", "typ": "JWT" }

═══ PAYLOAD ═══
{ "sub": "1234567890", "name": "John Doe", "iat": 1516239022 }

═══ SIGNATURE ═══
⚠️ Signature is present but NOT verified (no secret key).
Example 2 — Check token expiration

Look for the exp claim in the decoded payload. The value is a Unix timestamp — use DateTime Converter to see the actual date.

"exp": 1735689600 → January 1, 2025 00:00:00 UTC

Example 3 — Inspect OAuth2 scopes

OAuth2 tokens often include a scope or scp claim listing permitted actions:

"scope": "read:users write:posts admin"

Decode the token to verify which permissions were actually granted.

JWT Structure (RFC 7519)

A JWT consists of three Base64URL-encoded segments separated by dots:

  1. Header — Algorithm (alg) and token type (typ)
  2. Payload — Claims (sub, iss, exp, iat, custom fields)
  3. Signature — Cryptographic signature verifying integrity

Common Claims Reference

ClaimMeaning
subSubject (user ID)
issIssuer (who created the token)
expExpiration time (Unix timestamp)
iatIssued at (Unix timestamp)
audAudience (intended recipient)
scopePermissions / scopes

When to Use

  • Debugging "401 Unauthorized" errors by inspecting token claims
  • Verifying token expiration before sending API requests
  • Checking OAuth2 scopes and permissions
  • Understanding the algorithm used for signing

When Not to Use

  • Signature verification: This tool decodes only — use a JWT library with the secret key for validation
  • Production token handling: Never paste production tokens containing sensitive data into any online tool (this tool is stateless, but be cautious)

Related Tools: Base64 Encoder · Hash Generator · JSON to Classes

How It Works

Three simple steps — paste, transform, copy. No sign-up, no installation, no data stored.

1

Paste Your Input

Select a tool from the sidebar and paste your text, code, or data into the input editor. Polymorpher auto-detects the format.

2

Transform Instantly

Click "Transform" — the result appears in milliseconds. Most tools support reverse transform with the swap button.

3

Copy & Use

One-click copy puts the result on your clipboard. Your input is processed in real-time and immediately discarded — zero data retention.

Frequently Asked Questions

Is Polymorpher really free?

Yes, 100% free with no sign-up, no trial period, and no premium tier. All 12 tools are available without any account or payment.

Is my data safe? Do you store anything?

Polymorpher is fully stateless. Your code, JSON, SQL, tokens, and all other input are processed in real-time and immediately discarded. We have no database — nothing is stored, logged, or tracked. Your data never touches a disk.

What programming languages are supported for JSON to Code conversion?

Polymorpher supports 10 languages: C#, Java, Python, TypeScript, Go, Kotlin, Dart, Ruby, Swift, and Rust. Each generates idiomatic code with proper naming conventions, type inference, and nested class support.

How does the hash generator work? Does it support HMAC?

The hash generator supports MD5, SHA1, SHA256, SHA384, and SHA512 algorithms. You can select a specific algorithm or generate all digests at once. HMAC mode is supported — enter a secret key to produce authenticated message digests used for API signatures and webhook verification.

Can I use Polymorpher offline?

Polymorpher requires an internet connection since transformations are processed by our .NET 10 API for accuracy and speed. However, the processing is stateless — each request is independent and nothing is cached server-side.

What is the reverse transform / swap feature?

Most tools support bi-directional conversion. For example, Base64 encode ↔ decode, URL encode ↔ decode, JSON to C# ↔ C# to JSON. Click the "Swap" button to reverse the transform direction instantly.

From Our Blog

Guides, tutorials, and deep dives for developers.

How to Convert JSON to C# Classes

Records vs POCOs, source generators, nested objects, and real API examples.

8 min read

SHA256 vs MD5: Which Hash Algorithm?

Security comparison, collision resistance, and when each is appropriate.

7 min read

Understanding JWT Tokens

Header-payload-signature structure, OAuth2 debugging, and token claims.

9 min read

10 Regex Patterns Every Developer Should Know

Email, URL, IP, phone, password validation patterns with test examples.

10 min read

Base64 Encoding Explained

When and how to use Base64 for APIs, data URIs, and email attachments.

6 min read

JSON to Python Dataclass

Type hints with dacite, dataclasses-json, and Pydantic approaches.

10 min read

View All 18 Articles →

Our Content Standards

Polymorpher guides are reviewed for technical accuracy, updated when behavior changes, and include practical examples intended for real developer workflows.

Read Editorial Policy →

Ctrl+K Search tools Ctrl+Shift+C Copy output