# JWT Decoder Decode a JWT header + payload (signature is **not** verified). ``` python scripts/run.py eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJleHAiOjE3MDAwMDAwMDB9.sig python scripts/run.py token.txt echo "$JWT" | python scripts/run.py - python scripts/run.py "$JWT" --raw ``` Pure Python stdlib (base64 + json + datetime). Output is JSON with humanized `exp_utc` / `iat_utc` fields and a clear "signature NOT verified" warning. --- name: jwt-decoder display_name: JWT Decoder description: "Decode a JWT and print its header and payload claims with human-readable exp/iat, WITHOUT verifying the signature. Triggers: decode jwt, inspect jwt, jwt claims, read token, jwt payload." --- # JWT Decoder Decode a JSON Web Token into its header and payload from chat. ## When to use The user pastes a JWT (the `xxxxx.yyyyy.zzzzz` string) and wants to see what is inside it — the header algorithm, the payload claims, and when it expires. This tool only *decodes*; it never checks whether the signature is valid. ## How to use Run `scripts/run.py` with the token directly, a file, or stdin: - `python scripts/run.py <token>` — decode a token string. - `python scripts/run.py token.txt` — read the token from a file. - `echo "$JWT" | python scripts/run.py -` — read from stdin. - `python scripts/run.py <token> --raw` — keep `exp`/`iat`/`nbf` as raw unix numbers. Timestamp claims (`exp`, `iat`, `nbf`, ...) get an extra `*_utc` field in readable UTC. Output is JSON on stdout and always includes a WARNING that the signature was not verified. ## Pitfalls - This does **not** verify the signature. Never trust decoded claims for authentication or authorization decisions. - Base64url padding is restored automatically; a truncated token will fail with a clear error. - A token with only two segments (`header.payload`) still decodes; `signature_present` will be false.
JWT Decoder by langbot-team
Decode a JWT and print its header and payload claims with human-readable exp/iat, WITHOUT verifying the signature.
Loading...