jwt_inspect
Decode and audit JWT tokens to detect algorithm weaknesses, expired tokens, missing required claims, and suspicious kid values. Optionally checks signatures against common weak secrets.
Instructions
Decode and audit a JWT.
Reports algorithm issues (none, weak HS*), expiry, missing standard
claims (exp, iat, iss, aud), suspicious kid values that look
like path traversal or SQL, and (optionally) checks the signature
against a small dictionary of common weak HS256/384/512 secrets.
Args: token: The JWT string (three dot-separated base64url segments). check_weak_secrets: If True, attempt a small dictionary of common secrets against the signature for HS* algorithms. Default True.
Returns: Structured inspection report (see JwtInspection schema).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| token | Yes | ||
| check_weak_secrets | No |