Overview
Decode JWTs in the popup and run security checks on the claims. Decoding is local — no tokens leave your browser.
Decode A JWT And See Its Security Issues Paste a JWT or an OAuth redirect URL into the popup. The extension decodes header, payload, and signature locally and runs security checks against the claims. WHAT IT DOES - Decodes JWT header, payload, and signature using standard base64url decoding in the popup - Extracts the token from an OAuth redirect URL if you paste one (access_token, id_token, or token in the URL fragment or query) - Runs checks against the claims: alg = none detection, HMAC warning, expiration status, issued-at display, audience presence, issuer presence, subject presence HOW IT WORKS 1. Click the icon 2. Paste a JWT or OAuth redirect URL 3. See the decoded fields and security checks PRIVACY Decoding happens entirely in the popup's JavaScript context. Tokens are never transmitted. No storage, no telemetry. SUPPORT Email: support@cchk.info Privacy policy: https://extensions.cchk.info/jwt-oauth-inspector/privacy Built by Cloud Geeks, a division of Ganda Tech Services.
0 out of 5No ratings
Details
- Version1.0.6
- UpdatedApril 24, 2026
- Size15.32KiB
- LanguagesEnglish
- DeveloperAshish GandaWebsite
18 Patel St Rouse Hill, NSW 2155 AUEmail
ash@eawesome.com.auPhone
+61 433 309 677 - TraderThis developer has identified itself as a trader per the definition from the European Union and committed to only offer products or services that comply with EU laws.
Privacy
This developer declares that your data is
- Not being sold to third parties, outside of the approved use cases
- Not being used or transferred for purposes that are unrelated to the item's core functionality
- Not being used or transferred to determine creditworthiness or for lending purposes
Support
For help with questions, suggestions, or problems, visit the developer's support site