We’re really happy to announce a new way to inspect JWTs in Chrome: JWT Inspector! JWT Inspector is a developer tool that helps you debug JWTs directly in your browser, so you never have to leave the site you’re working on again.
Debugging JWTs used to mean you had to copy-paste JWTs all over. When dealing with multiple JWTs and sites, this quickly became tedious. Now there’s no need to leave the comfort of your site. The JWT Inspector will discover JWTs on your site (in cookies, local/session storage, and headers) and make them easily accessible through your navigation bar and DevTools panel.
JWT Inspector can:
- Automatically detect JWTs on sites and enable you to access them through the navigation bar
- Allow you to debug JWTs, including raw JWTS, either in DevTools or the JWT popup
- Allow you to inspect JWTs in either cookies, local/session storage or requests directly in DevTools
- Allow you to select a JWT on any page, right click and select “View JWT” to open up a separate page for debugging that JWT
- Allow you to dump JWTs in your code by using
console.jwt()thus enabling raw JWTs to be inspected in console
The source code of this extension is in the public domain, so you can easily download, explore, and build it yourself. We also promise never to share or store any JWTs outside of the extension (unless you explicitly ask us to). We built this to use it ourselves, so security was a core component. You can find the source code here.
Currently, there’s only support to inspect JWTs in Chrome, but we also have our eyes on Firefox and Safari. So if there’s enough interest from Firefox and Safari users, adding support for those browsers will be a top priority.
Also, it’s currently only possible to view/inspect JWTs. This works fine when you are debugging, but when you are actively developing a JWT-driven application, it’s nice to be able to edit JWTs. We’re hard at work on this feature, so look for it in an update coming soon.
Please try the JWT Inspector and let us know what you think. Since we deal with JWTs on a daily basis we built this for ourselves, but we know all developers have their own methods and preferences, so if something isn’t working or if there’s a feature that you feel is essential, please let us know by opening an issue on the Github project.