JWT Debugger (decode, sign, and verify)
Sign and Verify a JWT token without online tools. DevUtils.app allows you to quickly decode, sign, and verify JWT tokens without any internet connection. It supports all popular hash algorithms: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512.
Quickly debug a JWT token
You can format your JSON strings from anywhere in your macOS (terminal, in email, web browser,...).DevUtils will inspect your clipboard content and automatically select the JWT Debugger tool if the content is a valid JSON. Activate the app by:
- Copy text → Press ⌃⌥⌘Space
(Or your own customized hotkey, up to you) - Copy text → Click to icon
- Select text → Right-click → "Inspect in DevUtils.app"
(This menu appears after you install the app)
Input
Select the algorithm you want to work within the select box. The currently supported algorithms are:
- HS256
- HS384
- HS512
- RS256
- RS384
- RS512
- ES256
- ES384
- ES512
- PS256
- PS384
- PS512
Depends on the algorithm you selected, you will need to provide a secret key or a public/private key pairs so that the tool can sign and verify your JWT tokens. This is done entirely offline and your secret keys never leave your machine.
Enter your JWT token in the input text. You can use a sample as a starting point if you don't have any JWT token to work with.
You can edit the JWT header, payload, and secret in the textboxes in the right panel. When the header, payload or secret are updated, the JWT token will be signed and updated accordingly.
Output
In order to verify a token against a specific secret, first, enter the secret, then paste the JWT token to the input. The verification status will show "Signature Verified" if the token is valid and the secret is correct.
Note that if you update your payload, header, or secret, the token will be automatically signed and updated back to the input text.
Options
When you activate the app, DevUtils will inspect your clipboard content and automatically select the JWT Debugger tool if the content is a well-formed JWT token. You can disable this automatic feature by unticking the option in the setting panel (the gear icon).
