JWK / JWKS Inspector
Inspect key structure first, then match the token header to the right key
Safety note: Paste JWT headers, single JWK objects, or full JWKS documents directly into this inspector. Nothing is fetched, uploaded, or stored, and the page warns when private-key material is present.
Inspect keys and selection hints
JWT or header input is optional now. Leave it blank for structure-only JWK/JWKS inspection.
This page reads only the protected header when a token is pasted. Leave this blank if you only need JWK/JWKS field inspection.
Paste the published JWKS payload, or a single JWK object when you already isolated one key.
What This Inspector Checks
The inspector tells you whether the pasted JSON is a single JWK or a full JWKS, surfaces the fields that matter most, flags private material, and compares kid, algorithm, and key-type hints when you also paste a token header.
How to Use the Inspector
- Paste a JWK or JWKS document.
- Optionally paste a full JWT, JWE, or header JSON if you want key-selection hints.
- Review the summary, warnings, and visible key fields.
- Use exact matches first, then candidate keys and the full field list.
Fields That Matter Most
kidhelps a verifier choose one key from a published set.algis useful context, but it is not enough on its own if the key type still does not fit.useandkey_opshint at intent, but real verifier rules still matter.x5c,x5t, and curve/modulus fields tell you what the key really is.- Private members like
dorkshould be treated as sensitive material.
FAQ
Does this page verify a JWT signature?
No. It helps with key inspection and key selection before you move to verification.
Can I use it with only a single JWK?
Yes. You can leave the token/header input empty and inspect the JWK structure on its own.
Does it fetch a remote JWKS URL?
No. Paste the JSON directly so the workflow stays local, reproducible, and safe for sensitive debugging.