Inconsistent Behavior of JWT Debugger Across Browsers

[Andreeana]

I've noticed that the JSON Web Token (JWT) Debugger behaves inconsistently across different browsers, specifically between Brave/Google Chrome and Firefox.

On Brave and Google Chrome:

1. After pasting a JWT, I'm unable to edit the decoded header or payload directly in the "Decoded" section. While this isn't a bug per se, it does create a usability inconvenience. The only way to modify the JWT is through the encoder tab.
2. When I try to verify the signature by entering a short or simple word key in the Signature Verification section, I consistently receive a "signature verification failed" error — even when the signature word is correct.
3. This effectively prevents further testing or debugging, leaving the user stuck.

Behavior on Firefox:

1. The Verify Signature tab functions properly and is more intuitive.
2. It displays a code block that outlines the signature generation process:

HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
signature word <--- There's also this dedicated input field where users can insert the signature word (secret key) directly.
) // secret base64 encoded

3. In Firefox, the signature verification works properly, even with short strings, allowing for smooth debugging and testing.

This difference in behavior across browsers could confuse users or lead to false assumptions about JWT validity. Making the behavior consistent across browsers would greatly improve usability.

I’ve attached screenshots to illustrate the differences.