Inspect JWKS / JWK — Pretty & Inventory

Inspect a JWK or JWKS in your browser. Pretty-print with private fields redacted, or list key inventory. Paste-only — no remote fetch, no JWT verify.

Loading…
JWKS / JWK inspector — browser-local
Inspect a pasted JWK or JWKS document. Private fields (d, RSA factors, oct k) are redacted in output and copy.

Developer notes

• Accepts a single JWK (kty) or a JWKS (keys). • Pretty = clone with private fields removed; Copy uses that redacted output. • Inventory never prints d/k/RSA factors. • No JWT signature verification. • No JWKS URL fetch. • 512 KB limit.

Options

View
pretty = indented JSON (private redacted); inventory = key metadata only.
Sort keys
Orders JSON keys stably for reproducible diffs.

When teams pick this route

• Review a JWKS before committing it. • Check kid/kty/alg without exposing private key material. • Spot public keys vs private material (hasPrivate warning).

Worked examples

Public JWKS → pretty

Before

{ "keys": [ { "kid": "demo-rsa", "kty": "RSA", "use": "sig", "alg": "RS256", "n": "sXch8examplePublicModulusValueForDemoOnlyNotARealKey", "e": "AQAB" } ] }

After

{ "keys": [ { "kid": "demo-rsa", "kty": "RSA", "use": "sig", "alg": "RS256", "n": "sXch8examplePublicModulusValueForDemoOnlyNotARealKey", "e": "AQAB" } ] }

Inventory (metadata)

Before

{ "keys": [ { "kid": "demo-rsa", "kty": "RSA", "use": "sig", "alg": "RS256", "n": "sXch8examplePublicModulusValueForDemoOnlyNotARealKey", "e": "AQAB" } ] }

After

[ { "kid": "demo-rsa", "kty": "RSA", "use": "sig", "alg": "RS256", "hasPrivate": false } ]

Related security tools

To decode a compact JWT use jwt-decode. Hub: security tools. Certificates: decode certificate.

Inspect JWKS FAQ

Local JWK / JWKS

When should I use jwt-decode instead?

Use jwt-decode for a compact JWT token (three segments). Use inspect-jwks for a JWK/JWKS JSON document (key sets), not for JWT payload claims.

Are private keys shown?

No. Private fields are stripped from pretty output and copy. A hasPrivate warning appears if they were present in the paste.

Can I fetch a JWKS URL?

No. Paste-only — nothing is fetched from the network.

Does it verify JWT signatures?

No. JWT verify against JWKS is deferred (not in v1).

More security tools in this cluster

Looking for converters, encoders, formatters, and minifiers in one place? Developer tools hub Open the curated developer tools catalogue.