Decode JWT token from clipboard and pretty-print to console using PowerShell

Nov 28, 2025 | 403 Words | 2 min |  #powershell

If you work with APIs and authentication, you’ve probably encountered JWT (JSON Web Tokens) countless times. They’re everywhere—in OAuth flows, API authentication, session management. But here’s the thing: JWTs are base64-encoded, which makes them completely unreadable when you’re trying to debug authentication issues.

Sure, you could paste your token into jwt.io or some other online decoder, but that means:

  • Leaving your terminal
  • Copy-pasting sensitive tokens to third-party websites (not great for security)
  • Context switching that breaks your flow

There’s a better way.

The Solution

Here’s a simple PowerShell function that decodes JWT tokens straight from your clipboard and pretty-prints them right in your console:

# Decode JWT token from clipboard or provided token
function jwtd {
    $Token = Get-Clipboard -Raw
   
    if (-not $Token) {
        Write-Error "No token provided and clipboard is empty."
        return
    }

    $parts = $Token.Trim() -split '\.'
    if ($parts.Count -lt 2) {
        Write-Error "Token does not look like a JWT (expected header.payload[.signature])."
        return
    }

    $header = $parts[0]
    $payload = $parts[1]
    $decodedHeader = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($header.PadRight($header.Length + (4 - $header.Length % 4) % 4, '=')))
    $decodedPayload = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($payload.PadRight($payload.Length + (4 - $payload.Length % 4) % 4, '=')))

    Write-Host "=== Header ===" -ForegroundColor Yellow
    $decodedHeader | ConvertFrom-Json | Format-List

    Write-Host "`n=== Payload ===" -ForegroundColor Yellow
    $decodedPayload | ConvertFrom-Json | Format-List
}

How It Works

The function is surprisingly straightforward:

  1. Grabs the token from your clipboard - No need to pass it as a parameter, just copy any JWT and run jwtd
  2. Splits the token - JWTs have three parts separated by dots: header, payload, and signature
  3. Decodes the base64 - With proper padding to handle tokens of any length
  4. Pretty-prints as JSON - Uses PowerShell’s Format-List to display everything in a readable format

The header tells you what algorithm was used to sign the token, while the payload contains all the claims—user ID, email, expiration time, scopes, and whatever else the issuer packed in there.

Usage

Add this function to your PowerShell profile, then:

  1. Copy a JWT token to your clipboard (from Postman, browser DevTools, logs, wherever)
  2. Open your terminal
  3. Type jwtd
  4. Boom. Decoded.
=== Header ===
alg : HS256
typ : JWT

=== Payload ===
sub  : 1234567890
name : John Doe
iat  : 1516239022
exp  : 1735401599

No browser tabs. No security concerns. Just instant, local token inspection.

Perfect for those moments when you’re staring at a 403 and need to quickly check if your token expired or is missing the right scope.

To contact me, send an email anytime or leave a comment below.

See Also