A New Chrome Extension
We noticed many users rely on JWT.io to debug their JWTs. And with good reason! The colored visual editor is intuitive and has support for both HMAC and RSA signed JWTs. So we thought: what if we made this available offline for all users with a few extra features? So our new Chrome extension was born.
Visual JWT editor with coloring:
Support for HS256 (HMAC + SHA256) signed JWTs:
Support for RS256 (RSA) signed JWTs:
Load and save JWTs in cookies and web storage from the current tab:
Get a shareable URL for your JWTs:
Try it out now and give us your feedback! Can you think of any other features you'd love to have? Tell us below in the comments or through Chrome's Web Store.
Aside: Delegating JWT Implementation to the Experts
JWTs are an integral part of the OpenID Connect standard, an identity layer that sits on top of the OAuth2 framework. Auth0 is an OpenID Connect certified identity platform. This means that if you pick Auth0 you can be sure it is 100% interoperable with any third party system that also follows the specification.
The OpenID Connect specification requires the use of the JWT format for ID tokens, which contain user profile information (such as the user's name and email) represented in the form of claims. These claims are statements about the user, which can be trusted if the consumer of the token can verify its signature.
While the OAuth2 specification doesn't mandate a format for access tokens, used to grant applications access to APIs on behalf of users, the industry has widely embraced the use of JWTs for these as well.
As a developer, you shouldn't have to worry about directly validating, verifying, or decoding authentication-related JWTs in your services. You can use modern SDKs from Auth0 to handle the correct implementation and usage of JWTs, knowing that they follow the latest industry best practices and are regularly updated to address known security risks.
If you want to try out the Auth0 platform, sign up for a free account and get started! With your free account, you will have access to the following features:
- Universal Login for Web, iOS & Android
- Up to 2 social identity providers (like Twitter and Facebook)
- Unlimited Serverless Rules
To learn more about JWTs, their internal structure, the different types of algorithms that can be used with them, and other common uses for them, check out the JWT Handbook.