The JWT toolkit
that lives in your side panel

Encode, decode, verify, and manage JSON Web Tokens without switching tabs — everything runs locally, so your tokens and secrets never leave the browser.

Available in the Chrome Web Store
0network requests
100%local & private
3HMAC algorithms
MITopen source

Features

Everything a token workflow needs,
one click away

Keep it open beside your app, API console, docs, or logs while you inspect bearer tokens, edit claims, re-sign payloads, and verify signatures.

Encode & re-sign tokens in real time

Edit the header and payload as JSON with live syntax highlighting and one-click formatting. The signed token updates as you type.

  • Choose HS256, HS384, or HS512 from a dropdown
  • Live, highlighted output token
  • Copy the finished token with one click
Which algorithm would you like to sign with?
HS256 HMAC · SHA-256
HS384 HMAC · SHA-384
HS512 HMAC · SHA-512
Decode from clipboard
"sub": "user-42", "iat": 1751846400 → Jul 7, 2026 08:00 "exp": 1751850000 → Jul 7, 2026 09:00
Expired Signature verified

Decode any token in one click

One button decodes a JWT straight from your clipboard — or paste it manually. The clipboard is read only when you press the button.

  • Highlighted header & payload JSON
  • Human-readable exp / iat / nbf timestamps
  • “Expired” badge & optional signature verification
  • Turn any decoded token into a project in one click

Reusable projects & a secret library

Stop rebuilding the same test tokens from scratch. Save header + payload + secret as a named project, reopen it later, tweak a claim, and copy a fresh token.

  • Full project CRUD: new, save, save as, rename, delete
  • Last opened project restored automatically
  • Named secrets like staging-api, shared by encoder & decoder
  • Export everything to a JSON file & import it back — duplicates can be overwritten or skipped
Projects
staging-api HS256
auth-service HS512
qa-webhooks HS256
Secret library 4 saved
Export backup jwt-workbench.json
Set expiration (exp)
5 minutes now + 300s
1 hour now + 3600s
1 day now + 86400s
1 year now + 31536000s

Expiration with one tap

Set the exp claim to now + preset — from 5 minutes to 1 year — written straight into the payload. Perfect for quickly minting short-lived tokens for tests or long-lived ones for local development.

  • Presets from 5 minutes to 1 year
  • Written directly into the payload JSON
  • System light/dark theme follows your OS

Privacy

Local by design. Zero telemetry.

Signing secrets are sensitive — so JWT Workbench never lets them leave your machine. Data lives in chrome.storage.local on this browser profile only, deliberately not synced to the cloud.

No network requests

The extension never talks to a server. Nothing is uploaded, ever.

Local storage only

Projects & secrets stay on this browser profile — not synced, no cloud quotas.

Clipboard on demand

Read only when you press “Decode from clipboard” — never in the background.

No remote code

All code ships in the package. Open source under the MIT license.

At a glance

Built for people who live in tokens

Backend, frontend, QA, support, and API debugging — anyone who works with authentication tokens and wants a fast, private tool close at hand.

JSON editors with highlighting

Header and payload as real JSON with live syntax highlighting and formatting.

Real-time signing

The signed token updates on every keystroke — pick an algorithm and go.

Decode from clipboard

Copy a bearer token anywhere, press one button, read the claims instantly.

Signature verification

Verify against a saved or pasted secret and get a clear verified / failed result.

Projects

Save header + payload + secret as named projects with full create/rename/delete.

Secret library

Reusable signing secrets with friendly names, in both encoder and decoder.

Expiration presets

Write an exp claim of now + 5 minutes up to 1 year with a single tap.

Import & export

Back up all projects and secrets to a JSON file and import them on any machine — overwrite or skip duplicates.

System theme

Light and dark mode follow your OS automatically — nothing to configure.

Install

Up and running in a minute

Install from the Chrome Web Store, or load a local build if you prefer to build from source.

Install

Add JWT Workbench from the Chrome Web Store — or run pnpm build and load .output/chrome-mv3 unpacked.

Open the side panel

Click the JWT Workbench icon in the toolbar. The workbench opens beside whatever page you're on.

Work with tokens

Decode from the clipboard, edit claims, re-sign, verify — and save the setup as a project for next time.

Your JWT toolkit,
one click away.

Free and open source. No account, no tracking, no server — just tokens, done right.