Decode JWTs, inspect claims, and optionally verify HS256 signatures.
Paste the full token with header, payload, and signature.