🔐

JWT Workbench

decode · verify · extend · inspect

Token Input

Secret / Key

Remember secret in localStorage (opt-in)

⚠ Secret is stored in memory only by default. Check the box above to persist it.

Header

Claims

Claim	Value

Full Payload

■ Header ■ Payload ■ Signature

Extend Expiry

New Token

Diff

Edit Payload JSON

Signed Token

Licensed under the MIT License.
View source on GitHub.

📖 How to Use

Paste your JWT: Paste into the top input. It automatically parses and color-codes.
Decode: View header and payload instantly. Copy or download the JSON safely.
Verify Signature: Provide your HMAC secret or PEM key to mathematically verify the token.
Extend Expiry: Select +1h, +1d, etc., and sign with your secret to get a fresh token.
Edit Payload: Modify JSON directly, change claims, and re-sign with your secret.

💡 Security check: Everything happens securely inside your browser. No tokens or secrets are sent anywhere.