Skip to main content

No token data leaves your browser except JWKS public key fetches you explicitly initiate.

View source

JWT Security Vulnerabilities

Common JWT security issues and how to mitigate them.

In progress

Detailed write-ups for each vulnerability — including alg: none attacks, weak HMAC keys, key confusion, and more — are being prepared. Use the decoder to inspect token security in the meantime.