sandboxmax

Hasura / Supabase JWT Claims Inspector

Pre-populated with the deeply nested claim structure Hasura and Supabase issue: the https://hasura.io/jwt/claims namespace with allowed roles and tenant permissions, plus Supabase-style app_metadata. Paste your own token to debug row-level-security and role-mapping issues without sending credentials anywhere.

runs 100% in your browser — safe to paste real tokens

  1. 1Paste your tokenDrop a JWT — or a full Authorization header; the "Bearer " prefix is stripped automatically.
  2. 2Read the decoded claimsHeader and payload appear instantly as color-coded JSON. Nothing is uploaded or verified remotely.
  3. 3Simulate session deathWatch the live expiry countdown, then fast-forward time to see the token die on schedule.
headerpayloadsignature

Decoded locally with your browser’s native Base64 — the token never leaves this tab. The signature is displayed, never verified: this is a debugger, not a validator.

Session expiry timeline

Fast-forward time
+0m

Header— algorithm & type

Payload— claims

More JWT tools