Inspect JWKS / JWK — Pretty & Inventory
Inspect a JWK or JWKS in your browser. Pretty-print with private fields redacted, or list key inventory. Paste-only — no remote fetch, no JWT verify.
Developer notes
• Accepts a single JWK (kty) or a JWKS (keys). • Pretty = clone with private fields removed; Copy uses that redacted output. • Inventory never prints d/k/RSA factors. • No JWT signature verification. • No JWKS URL fetch. • 512 KB limit.
Options
When teams pick this route
• Review a JWKS before committing it. • Check kid/kty/alg without exposing private key material. • Spot public keys vs private material (hasPrivate warning).
Worked examples
Public JWKS → pretty
Before
After
Inventory (metadata)
Before
After
Related security tools
To decode a compact JWT use jwt-decode. Hub: security tools. Certificates: decode certificate.
Inspect JWKS FAQ
Local JWK / JWKS
When should I use jwt-decode instead?
Use jwt-decode for a compact JWT token (three segments). Use inspect-jwks for a JWK/JWKS JSON document (key sets), not for JWT payload claims.
Are private keys shown?
No. Private fields are stripped from pretty output and copy. A hasPrivate warning appears if they were present in the paste.
Can I fetch a JWKS URL?
No. Paste-only — nothing is fetched from the network.
Does it verify JWT signatures?
No. JWT verify against JWKS is deferred (not in v1).
More security tools in this cluster
Looking for converters, encoders, formatters, and minifiers in one place? Developer tools hub Open the curated developer tools catalogue.