Skip to content

ejcenteno/JWT-Encoder-Decoder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
icons
icons
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
manifest.json
manifest.json
 
 
popup.css
popup.css
 
 
popup.html
popup.html
 
 
popup.js
popup.js
 
 

Repository files navigation

JWT Encoder/Decoder

A lightweight browser extension for decoding and encoding JSON Web Tokens (JWT). View header, payload, and signature with HS256 signing support.

Features

Decode JWT

  • Parse any JWT — paste a token (Ctrl+V / Cmd+V) and instantly view its decoded components
  • Color-coded sections — header (blue), payload (purple), signature (pink)
  • Collapsible panels — expand/collapse each section independently
  • Standard claims display — automatic detection and formatting of iss, sub, aud, exp, nbf, iat, jti
  • Expiry detection — shows expired/valid badge and formats timestamps to human-readable dates
  • Copy individual parts — copy header, payload, or signature separately

Encode JWT (HS256)

  • Generate signed JWTs — provide a JSON payload and secret key
  • HMAC-SHA256 signing — uses Web Crypto API for secure signing
  • Copy or download — get the encoded JWT as text or download as .txt file

UI Features

  • Dark/light mode — automatic OS detection with manual toggle
  • Fully offline — no external API calls, all processing in-browser
  • Keyboard shortcuts — Escape to clear input
  • Accessible — ARIA labels and keyboard navigation support

Installation

Load Unpacked (for development)

  1. Clone or download this repository
  2. Open Chrome and navigate to chrome://extensions/
  3. Enable "Developer mode" (toggle in top-right corner)
  4. Click "Load unpacked"
  5. Select the extension folder
  6. The JWT Encoder/Decoder icon will appear in your extensions toolbar

Export Icons

The icons/icon.svg file is the master source. Export to PNG at these sizes:

  • 16×16px → icon16.png
  • 32×32px → icon32.png
  • 48×48px → icon48.png
  • 128×128px → icon128.png

Permissions Explained

  • storage — Required for dark/light mode preference persistence via chrome.storage.local

That's it! No other permissions are needed. This extension:

  • ✅ Works completely offline
  • ✅ Never accesses web pages or tabs
  • ✅ Never sends data to external servers
  • ✅ Never reads your browsing history

Technical Details

  • No external libraries — pure vanilla JavaScript
  • Manifest V3 — modern Chrome extension standard
  • Web Crypto API — uses SubtleCrypto.sign() for HMAC-SHA256
  • Base64URL encoding — proper handling of URL-safe Base64 variant
  • UTF-8 support — correctly handles Unicode in JWT payloads

Usage Examples

Decoding a JWT

  1. Open the extension popup
  2. Click in the text area and paste your JWT token (Ctrl+V / Cmd+V)
  3. Click "Decode"
  4. View the color-coded header, payload, and signature sections
  5. Copy individual parts as needed

Encoding a JWT

  1. Switch to the "Encode JWT" tab
  2. Enter your payload as JSON (e.g., {"sub": "user123", "iat": 1516239022})
  3. Enter a secret key
  4. Click "Generate JWT"
  5. Copy or download the signed token

Known Limitations

  • HS256 only — RSA/ECDSA algorithms are not supported for signing
  • No signature verification — the extension can decode any JWT but cannot verify signatures (requires the secret key)
  • No key storage — secret keys are not saved (for security)

Support the Developer

If this extension helped you, consider supporting development:

License

MIT License - free to use and modify.

Version History

v1.0.0 — Initial release

  • JWT decode with collapsible sections
  • HS256 encoding support
  • Dark/light mode theming
  • Standard claims detection

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages