Is my secret exposed?

No. The secret stays in your browser and is used only for local HMAC computation.

Can I edit claims and re-sign?

Yes. Modify the payload JSON, provide the secret, and copy the newly signed token.

JWT Debugger

Full JWT toolkit: decode tokens, verify HS256/HS384/HS512 signatures with a shared secret, and re-encode with edited claims. Asymmetric algorithms are decoded but not verified.

Runs locally in your browser

JWT token

0 chars · 1 line

Shared secret (for HMAC verification)

Paste a JWT above to see verification details.

JWT Decoder

Decode and inspect JWT header and payload.

HMAC Generator

Compute HMAC signatures with a shared secret.

Hash Generator

Compute MD5, SHA-1, SHA-256, and SHA-512 hashes.

Bcrypt Generator / Checker

Hash passwords with bcrypt and verify existing hashes.

About JWT Debugger

Full JWT toolkit: decode tokens, verify HS256/HS384/HS512 signatures with a shared secret, and re-encode with edited claims. Asymmetric algorithms are decoded but not verified.

JWT Debugger is part of FizzKit — a collection of focused, browser-based tools. Because everything runs locally, it works offline once loaded and never exposes your data to a remote server.

Frequently asked questions

HS256, HS384, and HS512 (HMAC-SHA). RS and ES algorithms are decoded but not verified client-side.

Related tools