Header and payload as real JSON with live syntax highlighting and formatting.
Save each token as a named project — header, payload, and secret together. Reuse secrets across services. 100% local in your side panel: nothing ever leaves the browser.
Features
No tab switching, no re-typing payloads, no digging up that signing secret again. Keep it open beside your app, API console, docs, or logs — inspect, edit, re-sign, verify, then save the whole setup for next time.
Most decoders are stateless — close the tab and your payload, header, and secret are gone. JWT Workbench saves them together as a named project per service: reopen it later, tweak a claim, copy a fresh token.
Copy a bearer token from DevTools or a log, press one button, and read the claims — no pasting production tokens into a website. The clipboard is read only when you press the button, and nothing ever leaves your machine.
exp /
iat / nbf timestamps
Edit the header and payload as JSON with live syntax highlighting and one-click formatting. The signed token updates as you type.
Set the exp claim to
now + preset — from 5 minutes to 1 year —
written straight into the payload. Perfect for
quickly minting short-lived tokens for tests or
long-lived ones for local development.
Privacy
Every online decoder asks you to trust a stranger's server
with your signing secrets. JWT Workbench has no server to
trust: data lives in
chrome.storage.local
on this browser profile only — deliberately kept off cloud
sync, because secrets don't belong in the cloud.
The extension never talks to a server. Nothing is uploaded, ever.
Projects & secrets stay on this browser profile — not synced, no cloud quotas.
Read only when you press “Decode from clipboard” — never in the background.
All code ships in the package. Open source under the MIT license.
At a glance
Backend, frontend, QA, support, and API debugging — if you decode the same tokens for the same services every week, you want a tool that's private, one click away, and already set up.
Header and payload as real JSON with live syntax highlighting and formatting.
The signed token updates on every keystroke — pick an algorithm and go.
Copy a bearer token anywhere, press one button, read the claims instantly.
Verify against a saved or pasted secret and get a clear verified / failed result.
One named setup per service — header, payload, and secret saved together, restored on reopen.
Save secrets once as staging-api or prod-webhooks — reuse them everywhere, stop hunting through .env files.
Write an exp claim of now + 5 minutes up to 1 year with a single tap.
Back up all projects and secrets to a JSON file and import them on any machine — overwrite or skip duplicates.
Light and dark mode follow your OS automatically — nothing to configure.
Install
Install from the Chrome Web Store, or load a local build if you prefer to build from source.
Add JWT Workbench from the Chrome Web Store — or run
pnpm build and load
.output/chrome-mv3 unpacked.
Click the JWT Workbench icon in the toolbar. The workbench opens beside whatever page you're on.
Decode from the clipboard, edit claims, re-sign, verify — and save the setup as a project for next time.
A JWT toolkit that's local, private, and remembers your projects. Free and open source — no account, no tracking, no server.