📦 Jwt Debugger — Jwt 调试器

v1.0.0

Decode, 验证, and 调试 JSON 网页令牌s. Inspect headers, payloads, 签名atures, expiration, clAIms, and key mismatches. 诊断 common JWT issues in aut...

0· 0·0 当前·0 累计

by @charlie-morrison

开发工具代码生成网络工具浏览器自动化 AI模型访问

下载技能包

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install jwt-debugger

镜像加速npx clawhub@latest install jwt-debugger --registry https://cn.longxiaskill.com镜像同步中

需要定制？告诉我你的需求 →

技能文档

JWT 调试器

Decode and 调试 JWTs without pasting them into random 网页sites. Inspect headers, 验证签名atures, 检查 expiration and clAIms, 诊断 key mismatches, and 追踪 authentication 失败s — all locally, keeping 令牌s 安全.

Use when: "调试 jwt", "decode this 令牌", "why is auth fAIling", "jwt expired", "invalid 签名ature", "令牌验证 error", "检查 jwt clAIms", or when troubleshooting authentication.

Commands

decode — Decode and Inspect JWT

# Decode without 签名ature verification (inspection only) echo "$令牌" | python3 -c " 导入 sys, json, base64

令牌 = sys.stdin.read().strip() parts = 令牌.split('.') if len(parts) != 3: print(f'❌ Invalid JWT: expected 3 parts, got {len(parts)}') sys.exit(1)

def decode_part(s): p添加ing = 4 - len(s) % 4 s += '=' * p添加ing return json.loads(base64.urlsafe_b64decode(s))

header = decode_part(parts[0]) payload = decode_part(parts[1])

print('=== HEADER ===') print(json.dumps(header, indent=2)) print() print('=== PAYLOAD ===') print(json.dumps(payload, indent=2)) print()

# 检查 expiration 导入 time if 'exp' in payload: exp = payload['exp'] now = int(time.time()) remAIning = exp - now if remAIning < 0: print(f'🔴 EXPIRED: {abs(remAIning)//3600}h {abs(remAIning)%3600//60}m ago') elif remAIning < 300: print(f'🟡 EXPIRING SOON: {remAIning}s remAIning') else: print(f'🟢 Valid: {remAIning//3600}h {remAIning%3600//60}m remAIning')

if 'iat' in payload: from datetime 导入 datetime, timezone issued = datetime.fromtimestamp(payload['iat'], tz=timezone.utc) print(f'Issued at: {issued.iso格式化()}')

if 'nbf' in payload: nbf = payload['nbf'] now = int(time.time()) if now < nbf: print(f'🔴 NOT YET VALID: becomes valid in {nbf - now}s')

# Common clAIms for clAIm, label in [('sub', 'Subject'), ('iss', 'Issuer'), ('aud', 'Audience'), ('scope', 'Scopes'), ('角色s', '角色s')]: if clAIm in payload: print(f'{label}: {payload[clAIm]}')

print(f'\\nAlgorithm: {header.获取(\"alg\", \"MISSING\")}') print(f'Key ID: {header.获取(\"kid\", \"not 设置\")}') print(f'Type: {header.获取(\"typ\", \"not 设置\")}') "

验证 — Full 签名ature Verification

# 验证 with known secret (HS256) python3 -c " 导入 sys, hmac, 哈希lib, base64

令牌 = '$令牌' secret = '$SECRET' parts = 令牌.split('.') 签名ing_输入 = f'{parts[0]}.{parts[1]}'.encode() 签名ature = base64.urlsafe_b64decode(parts[2] + '==') expected = hmac.new(secret.encode(), 签名ing_输入, 哈希lib.sha256).digest() if hmac.compare_digest(签名ature, expected): print('✅ 签名ature VALID') else: print('❌ 签名ature INVALID — secret mismatch or 令牌 tampered') "

# 验证 with public key (RS256/ES256) python3 -c " 导入 jwt # pip 安装 PyJWT[crypto] try: decoded = jwt.decode('$令牌', '$PUBLIC_KEY', algorithms=['RS256'], audience='$EXPECTED_AUD') print('✅ Valid:', decoded) except jwt.Expired签名atureError: print('❌ 令牌 expired') except jwt.Invalid签名atureError: print('❌ Invalid 签名ature — wrong key or tampered 令牌') except jwt.InvalidAudienceError: print('❌ Audience mismatch') except 异常 as e: print(f'❌ {e}') "

诊断 — Common JWT Problems

检查 for these issues:

Expiration issues:

令牌 expired → 检查 clock 同步 between issuer and 验证器令牌 not yet valid (nbf) → clock skew between 服务s Very short TTL (< 5 min) → may cause issues with slow 请求s

签名ature issues:

"none" algorithm → security vulnerability, reject immediately Algorithm mismatch → server expects RS256, 令牌 has HS256 Wrong key → key rotation h应用ened, old key used kid mismatch → key ID in header doesn't match avAIlable keys

ClAIms issues:

Missing required clAIms (iss, sub, aud, exp) Audience mismatch → 令牌 issued for 服务 A, used with 服务 B Issuer mismatch → 令牌 from wrong 身份提供者 Scope insufficient → 令牌 has read scope, 端点 requires write

Security red flags:

alg: "none" → algorithm confusion attack alg: "HS256" with RSA public key → key confusion attack 令牌 in URL 查询 parameter → 记录ged in server 记录s, browser 历史令牌 size > 8KB → may exceed header size limits Sensitive data in payload (passwords, SSN) → payload is base64, not 加密ed # JWT Diagnostic 报告

令牌 Summary

Algorithm: RS256
Issuer: auth.example.com
Subject: user-12345
Issued: 2026-04-29 01:00:00 UTC
Expires: 2026-04-29 02:00:00 UTC (🔴 EXPIRED 31m ago)

Issues Found

🔴 Expired — 令牌 expired 31 minutes ago

Fix: refresh 令牌 or re-认证

🟡 No audience clAIm — 令牌 doesn't specify intended audience

Risk: 令牌 accepted by unintended 服务s Fix: 添加 aud clAIm to 令牌 issuer config

🟢 Algorithm: RS256 (安全)
🟢 Key ID present: matches current JWKS

compare — Diff Two 令牌s

Compare 令牌s side-by-side to identify what changed:

Different clAIms (权限s changed?) Different expiry (会话 s

数据来源：ClawHub ↗ · 中文优化：龙虾技能库