JWT Vault is a Chrome extension that decodes jwt tokens, verifies signatures, and explores claims entirely inside your browser using the Web Crypto API. No server. No logging. No pang of doubt.
Six capabilities built for backend developers, QA engineers, and anyone who works with OAuth, OpenID Connect, or any JWT auth flow.
Paste a token or right-click selected text on any page to decode jwt instantly. Automatic "Bearer " and quote stripping means you can paste a full Authorization header and get a result without editing first.
Every standard claim (iss, sub, aud, exp, iat, nbf) gets a plain-English label. Timestamps convert to human-readable local and UTC datetimes inline, so you are never squinting at Unix epoch numbers.
A running timer shows exactly how long until the token expires, with a color-coded valid/expired badge. The fastest answer to "is this token still good?" in any debugging session.
Pro plan. Verify HS256, RS256, ES256, and PS256 signatures using your own secret or public key. The Web Crypto API does the work entirely in the browser. Your key never leaves the device.
Save and label tokens with color-coded dev, staging, and prod environment tags. Free plan stores 3 tokens; Pro is unlimited. The vault is encrypted with a passphrase-derived key and stored only on your device.
Select a JWT anywhere, right-click, and choose "Decode JWT with JWT Vault." No broad permissions required. The extension uses contextMenus and activeTab only, not access to your tabs or browsing history.
Every time you paste a production token into an online jwt decoder, that token leaves your machine. Tokens carry live credentials: emails, roles, session IDs. JWT Vault is the safe alternative.
Decoding and signature verification run via the browser's built-in Web Crypto API. There is no backend, no logging, and nothing to leak.
The manifest CSP locks outbound connections to a single anonymous license endpoint at peakproductivity.online. No token data is included in any network call.
JWT Vault declares only storage and contextMenus. No access to your tabs, history, or page content. No "<all_urls>" host permission. Verify it in the manifest.
JWT Vault is built by Peak Productivity, with no affiliation to Auth0, Okta, or any identity provider. No conflict of interest in how your token data is handled.
The jwt debugger is instant. No sign-in, no account, no setup.
Grab the token from your network tab, server logs, request header, or any response. You can also select it directly on any page in Chrome.
Open the JWT Vault popup and paste, or select the token on the page and right-click "Decode JWT with JWT Vault." Bearer prefixes and surrounding quotes are stripped automatically.
See the decoded header and payload with plain-English claim labels, the live expiry countdown, and an optional signature verification step. Save to the vault with an environment tag.
The free jwt decoder handles everything in your daily workflow. Pro adds the power tools: local verify, unlimited vault, diff, and team sync.
Yes. Both decoding and signature verification run inside your browser using the Web Crypto API. The only network call JWT Vault ever makes is an anonymous license check (device ID only, no token data) to peakproductivity.online. The manifest Content Security Policy enforces this at the browser level, not just by promise.
Paste the token into the JWT Vault popup, or select a JWT anywhere on a webpage, right-click it, and choose "Decode JWT with JWT Vault." The decode jwt step is instant and works offline. Bearer prefixes and surrounding quotes are stripped automatically, so you can paste a full Authorization header directly.
Yes, with a Pro plan. JWT Vault supports local signature verification for HS256, RS256, ES256, and PS256 using the browser's Web Crypto API. Paste your HMAC secret or PEM public key into the verify panel. The key is used only in memory and is never sent anywhere.
That is the whole point. JWT Vault gives you the same decode and verify workflow as a popular online jwt decoder, but entirely inside the browser. Production tokens carry live credentials: emails, roles, session IDs. Sending them to a third-party website is a risk that a Chrome extension eliminates by design.
Only if you choose to save them. Tokens you save go into an encrypted vault stored on your device only. The free plan includes 3 vault slots. Pro is unlimited. The vault is protected by a passphrase-derived encryption key. JWT Vault's servers never receive vault contents, only an opaque encrypted blob for Pro team sync.
Yes. The jwt debugger and the jwt decoder both work completely offline. The only feature that needs a network connection is the optional Pro license check and team vault sync. You can decode and verify jwt tokens on a plane with no internet at all.
Free, unlimited decode. No sign-in. Your tokens never leave your browser.
add_circle Add JWT Vault to Chrome