JWT + JWKS Verifier (Public Key Discovery)

Production JWT verifiers typically fetch the public key from a JWKS endpoint — the issuer's standard endpoint that lists current signing keys. This tool does that handshake in the browser: paste the JWT and the JWKS URL (or issuer URL — we'll find the JWKS), and get verification + decoded claims.

JWT

JWKS endpoint URL (or issuer URL ending in / — we\'ll append .well-known/jwks.json)

How to use the JWT + JWKS Verifier (Public Key Discovery)

Paste a JWT and its issuer's JWKS endpoint URL. Click verify. The tool fetches the JWKS, finds the matching key (by kid header), and validates the signature.

CORS note: the JWKS endpoint must allow cross-origin GET from codeswap.net. Most providers do (Auth0, Okta, AWS Cognito) but some lock it down.

JWT + JWKS Verifier (Public Key Discovery)

How to use the JWT + JWKS Verifier (Public Key Discovery)

Related tools