Why Tools Ku
- 100% free, no signup
- Token stays on device
- Pretty JSON
- OAuth/OIDC debugging
Debug exp, roles, and aud without sending production tokens to untrusted sites.
Decoding ≠ trust—verify signatures in your app.
Steps
- Paste JWT
- View decoded header/payload
- Check exp and iss
- Fix client/server clocks
FAQ
- Uploaded?
- No.
- Signature verified?
- Only if tool verifies with a key.
- Where is exp?
- Usually exp claim in payload.
- alg none?
- Reject in production.
- Refresh tokens?
- If JWT-shaped, yes.
- Signup?
- No.