The JWT toolkit
that remembers

Save each token as a named project — header, payload, and secret together. Reuse secrets across services. 100% local in your side panel: nothing ever leaves the browser.

Available in the Chrome Web Store
0network requests
100%local & private
saved projects & secrets
MITopen source

Features

A workbench, not another
paste-and-forget decoder

No tab switching, no re-typing payloads, no digging up that signing secret again. Keep it open beside your app, API console, docs, or logs — inspect, edit, re-sign, verify, then save the whole setup for next time.

Projects: the part every other JWT tool forgets

Most decoders are stateless — close the tab and your payload, header, and secret are gone. JWT Workbench saves them together as a named project per service: reopen it later, tweak a claim, copy a fresh token.

  • Full project CRUD: new, save, save as, rename, delete
  • Last opened project restored automatically
  • Named secrets like staging-api, shared by encoder & decoder
  • Export everything to a JSON file & import it back — duplicates can be overwritten or skipped
Projects
staging-api HS256
auth-service HS512
qa-webhooks HS256
Secret library 4 saved
Export backup jwt-workbench.json
Decode from clipboard
"sub": "user-42",
"iat": 1751846400 → Jul 7, 2026 08:00
"exp": 1751850000 → Jul 7, 2026 09:00
Expired Signature verified

Decode any token in one click

Copy a bearer token from DevTools or a log, press one button, and read the claims — no pasting production tokens into a website. The clipboard is read only when you press the button, and nothing ever leaves your machine.

  • Highlighted header & payload JSON
  • Human-readable exp / iat / nbf timestamps
  • “Expired” badge & optional signature verification
  • Turn any decoded token into a project in one click

Encode & re-sign tokens in real time

Edit the header and payload as JSON with live syntax highlighting and one-click formatting. The signed token updates as you type.

  • Choose HS256, HS384, or HS512 from a dropdown
  • Live, highlighted output token
  • Copy the finished token with one click
Which algorithm would you like to sign with?
HS256 HMAC · SHA-256
HS384 HMAC · SHA-384
HS512 HMAC · SHA-512
Set expiration (exp)
5 minutes now + 300s
1 hour now + 3600s
1 day now + 86400s
1 year now + 31536000s

Expiration with one tap

Set the exp claim to now + preset — from 5 minutes to 1 year — written straight into the payload. Perfect for quickly minting short-lived tokens for tests or long-lived ones for local development.

  • Presets from 5 minutes to 1 year
  • Written directly into the payload JSON
  • System light/dark theme follows your OS

Privacy

Local by design. Zero telemetry.

Every online decoder asks you to trust a stranger's server with your signing secrets. JWT Workbench has no server to trust: data lives in chrome.storage.local on this browser profile only — deliberately kept off cloud sync, because secrets don't belong in the cloud.

No network requests

The extension never talks to a server. Nothing is uploaded, ever.

Local storage only

Projects & secrets stay on this browser profile — not synced, no cloud quotas.

Clipboard on demand

Read only when you press “Decode from clipboard” — never in the background.

No remote code

All code ships in the package. Open source under the MIT license.

At a glance

Built for people who live in tokens

Backend, frontend, QA, support, and API debugging — if you decode the same tokens for the same services every week, you want a tool that's private, one click away, and already set up.

JSON editors with highlighting

Header and payload as real JSON with live syntax highlighting and formatting.

Real-time signing

The signed token updates on every keystroke — pick an algorithm and go.

Decode from clipboard

Copy a bearer token anywhere, press one button, read the claims instantly.

Signature verification

Verify against a saved or pasted secret and get a clear verified / failed result.

Projects

One named setup per service — header, payload, and secret saved together, restored on reopen.

Secret library

Save secrets once as staging-api or prod-webhooks — reuse them everywhere, stop hunting through .env files.

Expiration presets

Write an exp claim of now + 5 minutes up to 1 year with a single tap.

Import & export

Back up all projects and secrets to a JSON file and import them on any machine — overwrite or skip duplicates.

System theme

Light and dark mode follow your OS automatically — nothing to configure.

Install

Up and running in a minute

Install from the Chrome Web Store, or load a local build if you prefer to build from source.

Install

Add JWT Workbench from the Chrome Web Store — or run pnpm build and load .output/chrome-mv3 unpacked.

Open the side panel

Click the JWT Workbench icon in the toolbar. The workbench opens beside whatever page you're on.

Work with tokens

Decode from the clipboard, edit claims, re-sign, verify — and save the setup as a project for next time.

Stop pasting tokens
into websites.

A JWT toolkit that's local, private, and remembers your projects. Free and open source — no account, no tracking, no server.