You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've noticed that the JSON Web Token (JWT) Debugger behaves inconsistently across different browsers, specifically between Brave/Google Chrome and Firefox.
On Brave and Google Chrome:
After pasting a JWT, I'm unable to edit the decoded header or payload directly in the "Decoded" section. While this isn't a bug per se, it does create a usability inconvenience. The only way to modify the JWT is through the encoder tab.
When I try to verify the signature by entering a short or simple word key in the Signature Verification section, I consistently receive a "signature verification failed" error — even when the signature word is correct.
This effectively prevents further testing or debugging, leaving the user stuck.
Behavior on Firefox:
The Verify Signature tab functions properly and is more intuitive.
It displays a code block that outlines the signature generation process:
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload), signature word <--- There's also this dedicated input field where users can insert the signature word (secret key) directly.
) // secret base64 encoded
In Firefox, the signature verification works properly, even with short strings, allowing for smooth debugging and testing.
This difference in behavior across browsers could confuse users or lead to false assumptions about JWT validity. Making the behavior consistent across browsers would greatly improve usability.
I’ve attached screenshots to illustrate the differences.
The text was updated successfully, but these errors were encountered:
I've noticed that the JSON Web Token (JWT) Debugger behaves inconsistently across different browsers, specifically between Brave/Google Chrome and Firefox.
On Brave and Google Chrome:
Behavior on Firefox:
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
signature word <--- There's also this dedicated input field where users can insert the signature word (secret key) directly.
) // secret base64 encoded
This difference in behavior across browsers could confuse users or lead to false assumptions about JWT validity. Making the behavior consistent across browsers would greatly improve usability.
I’ve attached screenshots to illustrate the differences.
The text was updated successfully, but these errors were encountered: