JWT debugger

1. 1

   Open Hexkit and select "JWT debugger", or press the command-palette key and start typing its name.

2. 2

   Paste the text or token you want to encode or decode. Decode header + payload + signature, and verify HS256/384/512 signatures.

3. 3

   Read or copy the result. Everything is computed locally by Hexkit's Rust core, so nothing is ever uploaded.

Tip: the command palette opens any tool in one keystroke.

Is JWT debugger free?

Yes. JWT debugger is part of Hexkit, which is free for personal and non-commercial use on macOS, Windows and Linux.

Does JWT debugger work offline?

Completely. Hexkit runs every tool locally with no network access, so JWT debugger works on a plane or an air-gapped machine.

Is my data uploaded anywhere?

No. Hexkit makes no network calls and has no telemetry — whatever you paste stays on your computer.

Is it safe to decode a production JWT here?

Yes. Unlike web-based JWT debuggers, Hexkit runs locally and makes zero network calls, so an access token you paste never leaves your machine.

Can it verify the signature?

It decodes any JWT and verifies HMAC signatures (HS256, HS384, HS512) against a secret you provide. Decoding never requires the secret.