Security tools

JWT Verify & JWK Tool

Verify HS256 JWT signatures, inspect token claims, decode JWK JSON, and compare shared-secret signatures locally.

JWT verification workspace

Verify HS256 tokens and inspect key metadata.

Verification

Not verified
Algorithm: unknown
Token exp: none
Status: No exp claim

Features

HS256 Verification

Recalculate HMAC SHA-256 signatures with Web Crypto and compare them safely.

JWK Inspector

Paste JWK JSON to inspect key type, key ID, algorithm, usage, and operations.

Claim Status

Check exp and nbf timing claims while verifying the signature.

Sample Token

Generate a valid sample token and shared secret for demos.

No Uploads

Tokens and secrets stay in the browser tab.

Debug Only

Designed for diagnostics, not for replacing server-side auth checks.

Frequently Asked Questions

This verifier supports HS256. Asymmetric RS/ES verification can be added later with PEM/JWK import flows.

Avoid pasting production secrets into browser tools. Use test tokens and rotate anything accidentally shared.

No. You still need to validate issuer, audience, expiration, subject, scopes, and application-specific claims on the server.

A growing collection of fast, privacy-first developer utilities. All tools run in your browser — your data never leaves your device.

Tools

JSON ParserJSON Schema ValidatorJSON ConverterJSON to TypeScriptOpenAPI ViewerCode FormatterSQL FormattercURL ConverterTimestamp ConverterCron ParserURL EncoderQR Code ToolIP & CIDR CalculatorGzip & Deflate ToolJWT DecoderJWT Verify & JWK ToolHash GeneratorPassword & TOTPBase64 EncoderUUID GeneratorImage MetadataImage CompressionTiny Image CompressorImage Toolkit ProScreen RecorderRegex TesterText DiffMarkdown & Mermaid PreviewColor & Contrast Tool

Legal

Privacy PolicyTerms of Service

© 2026 ZPTools. All Rights Reserved.