A Terminal UI for decoding/encoding JSON Web Tokens

Download as .zip Download as .tar.gz View on GitHub
     ____.__      _____________       ____ ___.___
    |    /  \    /  \__    ___/      |    |   \   |
    |    \   \/\/   / |    |  ______ |    |   /   |
/\__|    |\        /  |    | /_____/ |    |  /|   |
\________| \__/\  /   |____|         |______/ |___|

A terminal UI for decoding/encoding JSON Web Tokens inspired by JWT.io and jwt-cli


Crafted by

Auth0 by Okta



Homebrew (Mac & Linux)

brew tap jwt-rs/jwt-ui
brew install jwt-ui

# If you need to be more specific, use:
brew install jwt-rs/jwt-ui/jwt-ui

To upgrade

brew upgrade jwt-ui

Scoop (Windows)

scoop bucket add jwt-ui-bucket https://github.com/jwt-rs/scoop-jwt-ui

scoop install jwt-ui


If you have Cargo installed then you install JWT UI from crates.io

cargo install jwt-ui

You can also clone the repo and run cargo run or make to build and run the app

Install script

Run the below command to install the latest binary. Run with sudo if you don’t have write access to /usr/local/bin. Else the script will install to the current directory

curl https://raw.githubusercontent.com/jwt-rs/jwt-ui/main/deployment/getLatest.sh | bash


Run JWT UI as a Docker container.

docker run --rm -it deepu105/jwt-ui

You can also clone this repo and run make docker to build a docker image locally and run it using the above command


Binaries for macOS (x86_64, arm64), Linux GNU/MUSL(x86_64, armv6, armv7, aarch64) and Windows (x86_64, aarch64) are available on the releases page

  1. Download the latest binary for your OS.
  2. For Linux/macOS:
    1. cd to the file you just downloaded and run tar -C /usr/local/bin -xzf downloaded-file-name. Use sudo if required.
    2. Run with jwtui
  3. For Windows:
    1. Use 7-Zip or TarTool to unpack the tar file.
    2. Run the executable file jwtui.exe


# Start UI

# Start UI with prefilled token to decode and options

# Start UI with prefilled token to decode and JWKS secret from URL
jwtui -S $(curl https://domain.auth0.com/.well-known/jwks.json) [TOKEN]

# Print decoded token to stdout with HMAC plain text secret
jwtui -s -S 'plain_text_secret' [TOKEN]

# Print decoded token to stdout without signature validation.
jwtui -sn [TOKEN]

# Print decoded token to stdout with HMAC base64 encoded secret
jwtui -s -S 'b64:eW91ci0yNTYtYml0LXNlY3JldAo=' [TOKEN]

# Print decoded token to stdout as JSON
jwtui -sj -S '@./secret.pem' [TOKEN]

# Print decoded token to stdout with JWKS secret from url
jwtui -s -S $(curl https://domain.auth0.com/.well-known/jwks.json) [TOKEN]

Press ? while running the app to see keybindings

Arguments: [TOKEN] JWT token to decode [mandatory for stdout mode, optional for TUI mode]


If you are looking for a non TUI CLI, check out jwt-cli


Decoder screen


Encoder screen





Note: On Debian/Ubuntu you might need to install libxcb-xfixes0-dev and libxcb-shape0-dev. On Fedora libxcb and libxcb-devel would be needed.

Note: On Linux you might need to have package xorg-dev (Debian/Ubuntu) or xorg-x11-server-devel (Fedora) or equivalent installed for the copy to clipboard features to work

Limitations/Known issues

Libraries used




ci cd License LOC crates.io link Release Docker Release Coverage GitHub Downloads Crate.io downloads Docker pulls