The image displays the JWT (JSON Web Token) logo with colorful segments arranged in a circular pattern next to the text "JWT JSON WEB Token" on a dark background. (Captioned by AI)800×450 20.7 KB

Intro

Create, decode, verify, and inspect JWT (JSON Web Tokens) right inside your apps. This extension allows you to implement secure authentication, authorization, and data protection using HMAC-SHA256 signing — just like web APIs and modern backends.

Features

• Create secure JWT tokens with a secret key
• Decode tokens and read payload as JSON
• Verify token authenticity using HMAC-SHA256
• Check expiration using exp field
• Get specific values from payload
• List all payload keys
• Pretty print payload for debugging

Blocks & Usage

CreateToken

Description:
Signs a payload (JSON) with your secret key using HMAC-SHA256 and returns a full JWT token.
Use case: After login, generate a secure token to authenticate API requests.
payload = {"id": "user123", "role": "admin"}

secret = "mySecretKey"

DecodeToken

Description:
Returns the decoded payload as a JSON string.
Use case: Read stored data (like user ID or role) without verifying the token.

VerifyToken

Description:
Checks if the token’s signature is valid using the same secret. Returns true or false.
Use case: Prevent tampered tokens from being accepted.

GetPayloadValue

Description:
Retrieves a specific field (e.g., id, role, email) from the payload.
Use case: Display the current user’s role or ID from the stored JWT.

IsExpired

Description:
Checks if the token is expired using the exp field (UNIX timestamp in seconds).
Use case: Auto-logout users after token expiry.

PrettyPrintPayload

Description:
Returns the payload in a formatted, readable JSON string (indented).
Use case: Debug your token structure during development.

GetPayloadKeys

Description:
Returns a list of all field names in the payload.
Use case: Show all available data stored in the token.

Real-World Use Cases

• Token-based login system
• Store user identity, role, or access scopes
• Call secure web APIs with JWT in the Authorization header
• Automatically logout users on token expiration
• Debug and inspect token content for development

Specifications

Package: com.mahir.jwt
Size: 6.00 KB
Minimum API Level: 7
Updated On: 2025-07-02T18:00:00Z
Built & documented using: FAST-CLI v2.6.0

Download

AIX : com.mahir.jwt.aix (6.0 KB)

I don’t get it, how is it secure? The secret key is still exposed in the app. Anyone can extract it and create a new token.

A true JWT is created inside your backend server without exposing the secret key anywhere.

By the way, anyone who wants to implement JWT in their app with a server can contact me

You’re absolutely right — in a true secure production setup, JWTs should be generated and signed on a backend server, where the secret key is never exposed to the client.

This extension is intended for:

Educational use

Offline/local use cases

Testing or internal apps where security isn’t a critical concern

App-level token-like storage (e.g., not for real auth)