The JWT.io debugger as a Web Extension
Do you find yourself going to the browser's console to debug JWTs all the time? Then this extension is for you! We took the functionality from our JWT.io website and embedded it within a Chrome extension with extra features! NEW IN v3.3.0: - Removed the "storage" permission. NEW IN v3.2.0: - Stricter, less invasive permission requirements. NEW IN v3.0.0: - Support for ES512 - Stricter key checking for ES algorithms. NEW IN v2.1.0: - Minimum length tooltip for HMAC secrets. - Claim information tooltips. - Support for plain RSA public keys (no X.509 header). NEW IN v2.0.0: - More algorithms, including PS and ES variants. - Human readable tooltips for timestamps in claims. - Automatic public-key download for JWKs (x5u, x5c, jku, jwk) and Auth0 keys. - Firefox support (check the Firefox addons page!). - Streamlined code for smaller size and better performance. Features: - Debug JWTs easily and visually. - Support for HS256/384/512 (HMAC + SHA) signatures. - Support for RS256/384/512 (RSA) signatures. - Support for PS256/384 (RSA) signatures. - Support for ES256/384 (ECDSA) signatures. - Easily edit all JWTs from the current tab in cookies or web storage. - Get shareable URLs for your JWTs. Source code: https://github.com/jsonwebtoken/jsonwebtoken.github.io Report bugs at GitHub. Brought to you by Auth0!
- (2021-09-08) Ola Olsson: Very nice!
- (2019-11-19) Christoph Pitschmann: Works, but the view is bit cumbersome as it has scrollbar (vertical and horizontal) even if I am using a 27" monitor. It is filling only 1/4 of window. Would be much better when the JWT form is completely visible without scrollbars (and scrolling). I hope there will be an update soon :-)
- (2019-04-23) James Adams: Seriously helpful for anyone working with JWTs
- (2018-03-13) Abdelrahman Hafez: Nice, but could use some modifications: 1- Ctrl + Shift + K shortcut doesn't work by default, need to go to extensions -> shortcuts -> and add it 2- Would be really helpful if we could resize the jwt debugger panel, since I need to scroll down to change the secret key 3- Also would be nice if we could save a default secret key that is saved in localStorage
- (2018-03-08) Jacob Evans: Though I haven't really gotten a chance to use this extension yet I know how needed something like this is and the trusted source it is Auth0. Look forward to more tools from their amazing teams.
- (2017-04-29) Fuad Muhtaz: Really like it, but why the secret key always reset to secret -_-
- (2016-11-16) Dennis Xiloj: It would be really useful if it includes optional validations for iss, nbf, etc...
- (2016-06-28) Martin Gontovnikas: Really like it :). jwt.io in my pocket!
- (2016-06-19) Vikas Kannurpatti Jayaram: Amazing tool, this saves me heaps of time to navigate to jwt.io to check JWT tokens. Great work. KUDOS.. :-)
- (2016-06-18) Thameera Senanayaka: Handy tool to debug JWTs without leaving the browser tab. Love it!
- (2016-06-18) Soledad Pano: I'm a big fan of jwt.io :) Thanks for this great extension!!
- (2016-06-17) Ignacio Esmite: Great extension!! Cmd + Shift + K and you are there! Thanks!
- (2016-06-17) Germán Lena: best way to debug the tokens in my SPA (I dont need to deal with cookies and local storage, it takes care of everything)
- (2016-06-17) Julie Sumner: Simple and elegant. Couldn't ask for anymore!
- (2016-06-17) Jon Gelsey: Super useful.
- (2016-06-17) Beautiful!!
- (2016-06-17) Daniel Lobo: Just what I needed! :) Thanks!
- (2016-06-17) Matias Woloski: I just love this! I've been using jwt.io and I wanted exactly this UX for the debugger.
- (2022-01-19, v:3.3.0) Petr Gurecký: Custom auth scheme
Hi. Could be authentization scheme configurable? I know the 'Bearer' prefix is standard but I use my custom name on my project (have reasons) in auth header. This means, this extension does not catch the token. Thanks for consideration.
- (2020-02-25, v:3.0.0) bobby clarenson: Jwt.io extension
This was put on my account by someone else, and I can't remove it!! I can't sign into Yahoo or various other sites because of it!! Please remove it or show me how, please and thank u.
- (2020-01-22, v:3.0.0) Jeff Wilson: Read JWT from header
Does this extension not read a JWT from the authorization request token? I have to manually copy / paste
- (2018-10-05, v:3.0.0) Avi Mistriel: Permission is too wide
"read and change your data in all websites you visit" Really ??? Are you spying on us ?
- (2018-05-15, v:2.1.2) Doesn't save keys so can't use the plugin
The popup closes when you try to copy a key from anywhere else, and it doesn't save the keys when you close it. This makes it impossible to enter both keys unless you somehow have both of them in the clipboard simultaneously, which in turn renders the plugin pretty useless.
- (2018-05-06, v:2.1.2) Kenji Urushima: jsrsasign License Violation
You are violating jsrsasign's license. JWT Debuger extension is provided with code of jsrsasign however any license information is not provided. https://github.com/kjur/jsrsasign/blob/master/LICENSE.txt
- (2017-09-22, v:1.0.7) George Vlahos: Shows last token, even if removed
I really enjoy the plugin. From what I can tell, if a JWT is passed in cookie, even if that cookie is removed, it will still show the most recent cookie the JWT Debugger displayed. The dropdown correctly shows, "Cookies - no JWTs found". Is this the expected behavior?
- (2016-06-22, v:1.0.1) Michael van Engelshoven: Tokens in session storage are not recognized
Hey! Firstly thank you for bringing these awesome web service into a chrome extension. This saves a lot of time. I would like to use the „OPEN JWT FROM“ feature, but it doesn't recognize my tokens in the session storage. I have stored two tokens plainly in fields named '_oauthAccessToken' and '_oauthIdToken' but the extension can't find them. regards, Michael