WingNews logo WingNews
top | item 23315077

(no title)

teajunky | 5 years ago

Looking into the page inspector shows 165 http requests on the start page. It includes ads, tracker and analystics from multiple sources (google, twitter, linkedin, facebook etc).

Can anyone sugguest an (offline?) alternative?

I used jwt.io a lot for debugging and it's great. Currently it is decoding the tokens on the client but I am not sure if I should continue using it.

A hacker could take over the site and capture thousands of access tokens and some are valid for multiple days.

Edit: Installing uBlock origin reduces the number of requests down to 67 but I still see the analytics stuff from google and twitter.

discuss

order

capableweb|5 years ago

The website source is here: https://github.com/jsonwebtoken/jsonwebtoken.github.io

I've been running a local copy since last year sometime, when the website went down when I needed it. I've also stripped away all the annoying things from the website to just get the debugger. Very easy to do!

teajunky|5 years ago

Thanks. I once searched for it but only found some used libraries.

abhishektwr|5 years ago

JWT Debugger App is a good alternative. It’s cross-platform so you can install on you local desktop or just use web version whatever works for you.

https://jwtdebugger.app/

dirkt|5 years ago

If you are not afraid of the command line, have a look at smallstep [1]. I use it all the time for JWT debugging, and it can do other things as well.

[1] https://github.com/smallstep/cli

ucarion|5 years ago

You can pretty easily parse + verify JWTs in Bash using cut + base64 + openssl, although the precise invocations depend on which "alg"s you're using.