Hasura / Supabase JWT Claims Inspector
Pre-populated with the deeply nested claim structure Hasura and Supabase issue: the https://hasura.io/jwt/claims namespace with allowed roles and tenant permissions, plus Supabase-style app_metadata. Paste your own token to debug row-level-security and role-mapping issues without sending credentials anywhere.
runs 100% in your browser — safe to paste real tokens
- 1Paste your tokenDrop a JWT — or a full Authorization header; the "Bearer " prefix is stripped automatically.
- 2Read the decoded claimsHeader and payload appear instantly as color-coded JSON. Nothing is uploaded or verified remotely.
- 3Simulate session deathWatch the live expiry countdown, then fast-forward time to see the token die on schedule.
headerpayloadsignature
Decoded locally with your browser’s native Base64 — the token never leaves this tab. The signature is displayed, never verified: this is a debugger, not a validator.
Session expiry timeline
——
Fast-forward time
+0m
Header— algorithm & type
—
Payload— claims
—