← Tools
JWKS explainer + key matcher
Paste a JSON Web Key Set to break down every key, flag any private material, and match a JWT to its key by kid. Nothing leaves your browser.
Parsed in your browser. No jwks_uri is fetched.
How a key is matched by kid
When a JWT arrives, the verifier reads its kid and finds the one key in the set with the same kid, then uses that key to check the signature. Each key needs a distinct kid for this to be unambiguous.