I noticed today that the design of the JWT decoder/encoder on jwt.io has changed.
There used to be a message saying that JWT decoding happens fully locally; the token is never sent across the wire.
In the new version, I don’t see that message anywhere on the page. This makes me doubt whether the approach has changed (though I suspect it hasn’t). For new users especially, it’s useful to keep this message to help them consider why it’s important that tokens are not sent to unverified third parties.
I like the visual refresh overall, but would love to see a way for this message to return as it was.