Header and payload as real JSON with live syntax highlighting and formatting.
Encode, decode, verify, and manage JSON Web Tokens without switching tabs — everything runs locally, so your tokens and secrets never leave the browser.
Features
Keep it open beside your app, API console, docs, or logs while you inspect bearer tokens, edit claims, re-sign payloads, and verify signatures.
Edit the header and payload as JSON with live syntax highlighting and one-click formatting. The signed token updates as you type.
One button decodes a JWT straight from your clipboard — or paste it manually. The clipboard is read only when you press the button.
exp /
iat / nbf timestamps
Stop rebuilding the same test tokens from scratch. Save header + payload + secret as a named project, reopen it later, tweak a claim, and copy a fresh token.
Set the exp claim to
now + preset — from 5 minutes to 1 year —
written straight into the payload. Perfect for
quickly minting short-lived tokens for tests or
long-lived ones for local development.
Privacy
Signing secrets are sensitive — so JWT Workbench never lets
them leave your machine. Data lives in
chrome.storage.local
on this browser profile only, deliberately not synced to the
cloud.
The extension never talks to a server. Nothing is uploaded, ever.
Projects & secrets stay on this browser profile — not synced, no cloud quotas.
Read only when you press “Decode from clipboard” — never in the background.
All code ships in the package. Open source under the MIT license.
At a glance
Backend, frontend, QA, support, and API debugging — anyone who works with authentication tokens and wants a fast, private tool close at hand.
Header and payload as real JSON with live syntax highlighting and formatting.
The signed token updates on every keystroke — pick an algorithm and go.
Copy a bearer token anywhere, press one button, read the claims instantly.
Verify against a saved or pasted secret and get a clear verified / failed result.
Save header + payload + secret as named projects with full create/rename/delete.
Reusable signing secrets with friendly names, in both encoder and decoder.
Write an exp claim of now + 5 minutes up to 1 year with a single tap.
Back up all projects and secrets to a JSON file and import them on any machine — overwrite or skip duplicates.
Light and dark mode follow your OS automatically — nothing to configure.
Install
Install from the Chrome Web Store, or load a local build if you prefer to build from source.
Add JWT Workbench from the Chrome Web Store — or run
pnpm build and load
.output/chrome-mv3 unpacked.
Click the JWT Workbench icon in the toolbar. The workbench opens beside whatever page you're on.
Decode from the clipboard, edit claims, re-sign, verify — and save the setup as a project for next time.
Free and open source. No account, no tracking, no server — just tokens, done right.