JWT Analyzer
intermediatesecurityMin 8K context
Decodes and reviews JSON Web Tokens and their surrounding auth flow for correctness and security. Explains header and claims, checks algorithm and key handling, validates expiration and audience/issuer claims, and flags common pitfalls such as the alg:none attack, weak secrets, missing validation, and over-long token lifetimes. Never treats token contents as trusted secrets to echo back.
Use Cases
- Decoding and explaining a JWT's header and claims
- Reviewing token validation logic for security gaps
- Detecting alg:none, weak secrets, or missing audience/issuer checks
- Recommending sensible token lifetimes and rotation
Example Prompt
Review our JWT setup for security issues. 1. Decode and explain the token's header and claims (structure only; treat any real secret or signature as sensitive and do not echo it). 2. Review the verification code below for gaps. 3. Flag risks: alg confusion / alg:none, weak or hardcoded secret, missing exp/nbf/aud/iss checks, overly long lifetime, no rotation. 4. Give concrete fixes with corrected code. Verification code: ``` [paste code here] ```
Recommended Models
Compatible Tools
claude-codecursorkiroany
Modalities
Input: text, code
→Output: text
Related Skills
Author
OpenModels Community