What is JSON Web Key Inspector?

JSON Web Key Inspector is a browser-based tool that parses JWK and JWKS JSON, checks required fields by key type, and displays key metadata in a human-readable format.

Can I inspect a JWKS endpoint URL directly?

Yes. Use fetch mode with an HTTPS or HTTP URL. If browser CORS blocks the request, switch to paste mode and inspect the JSON manually.

Does this tool detect private key fields?

Yes. It flags common private key material fields such as d, p, q, dp, dq, qi, and k so you can avoid exposing sensitive keys in shared outputs.

Is this a complete cryptographic validation service?

No. It performs structural and metadata inspection in-browser. Keep full signature trust verification and policy enforcement on your backend.

Is my key data uploaded to a server?

No. Parsing and analysis run in your browser session, and this tool does not store or transmit your pasted key payloads.

JSON Web Key Inspector

Parse and inspect JWK objects or JWKS endpoint responses in human-readable form. Validate key structure, review kty-specific fields, detect private key material, and export normalized key sets for debugging and security review.

Parse a single JWK or full JWKS response, inspect key fields in human-readable form, validate required attributes by key type, and export normalized output.

Input Mode

JWKS URL

Used only in fetch mode

JWK or JWKS JSON

Accuracy note: this inspector validates structural field presence for common key types and surfaces risk indicators such as private key material. Always enforce your full security policy server-side when accepting keys.

Features

JWK and JWKS Parsing

Accepts a single JWK object or a full JWKS document and normalizes everything into one consistent key list.

Readable Field Inspection

Shows key type, algorithm hints, usage fields, curve details, and practical key-size indicators in clear labels.

Private Key Risk Detection

Flags private key material fields instantly so sensitive keys are not accidentally shared in public flows.

Fetch or Paste Workflow

Inspect directly from a JWKS endpoint URL or paste raw JSON manually when endpoint CORS is restricted.

Common Use Cases

OIDC and JWT key verification setup

Inspect identity provider JWKS payloads and confirm key IDs, algorithms, and kty compatibility before token validation rollout.

Signature verification troubleshooting

Diagnose kid mismatch and malformed key field issues when JWT verification fails in staging or production.

Security review and hardening checks

Spot private key fields or weak configuration signals before publishing key sets to public discovery endpoints.

Team handoff and compliance documentation

Export normalized JSON and summaries for internal reviews, runbooks, and incident records without custom scripts.

Key rotation validation

Inspect new and retiring keys side by side to confirm kid values, algorithm fields, and key use attributes are correctly set before rotating live traffic.

Multi-tenant JWKS auditing

Validate JWKS payloads from multiple identity providers or tenants to ensure consistent key structure and catch configuration drift across environments.

About JSON Web Key Inspector

What this tool checks

The inspector parses JSON Web Key input, detects whether the source is a single JWK object or a JWKS key set, and validates required fields for common key types including RSA, EC, OKP, and oct.

Why field-level inspection matters

Token verification systems depend on correctly structured keys. Missing RSA modulus or EC coordinates, duplicated key identifiers, and unexpected private key fields can break authentication and introduce security risks.

How to use with endpoint URLs

Use fetch mode to load a remote JWKS endpoint when browser CORS allows it. If cross-origin access is blocked, switch to paste mode and inspect the JSON manually.

Key Type Coverage

The inspector validates RSA, EC, OKP, and symmetric oct key types. For each type it checks that required fields are present, that the curve or key size is recognized, and that private key material is not accidentally exposed in a public key set.

Related Tools

JSON to YAML

Convert JSON to YAML format instantly - Free online JSON to YAML converter

XML to YAML

Convert XML to YAML format for configuration migration - Free online XML to YAML converter

CSV to YAML

Convert CSV spreadsheet data to YAML format - Free online CSV to YAML converter

TSV to YAML

Convert TSV tab-separated data to YAML format - Free online TSV to YAML converter

Frequently Asked Questions

A JWK is one JSON Web Key object. A JWKS is a JSON Web Key Set that contains an array of keys under the keys field. This tool accepts both and normalizes output to JWKS format.

It validates structural requirements and highlights common problems, but it does not perform full cryptographic trust validation or certificate chain verification. Keep server-side validation in your auth pipeline.

Browser fetch mode is subject to CORS policies. If an endpoint does not allow your origin, use paste mode instead by copying the JWKS response body into the input area.

The tool runs locally in your browser and does not upload data, but it can detect private key fields in pasted JSON. Avoid sharing exported logs that contain private key material.

Yes. It is useful for checking key IDs, supported algorithms, and structural integrity of identity provider key sets used in JWT verification.

The inspector handles RSA, EC, and symmetric (oct) key types. It validates kty-specific required fields such as n and e for RSA, and crv, x, and y for EC keys.

Yes. It is 100% free with no account required. All parsing and field validation run entirely in your browser with no data sent to any server.