SelfDevKit v1.4.0

June 11, 2025

Features:

JWT Tools JWK Signature Verification

We implemented complete JWK (JSON Web Key) signature verification for JWT Tools, supporting RSA signature verification with automatic key fetching from OpenID Connect endpoints. The implementation handles kid matching and algorithm detection and integrates with identity providers such as Auth0, AWS Cognito, Google, and Microsoft.

Auto-Algorithm Detection

JWT Tools now automatically detects the algorithm from the JWT header and sets the algorithm dropdown accordingly. This eliminates manual algorithm selection and reduces errors when working with different JWT types.

Automatic JWK Fetching

The tool automatically extracts the issuer claim from JWT payloads and fetches the corresponding JWK (JSON Web Key) from well-known endpoints. It follows OpenID Connect standards, trying both openid_configuration and direct jwks.json endpoints with graceful fallbacks.

Smart Mode Switching

When pasting RSA or ECDSA signed JWTs with issuer claims, the tool automatically switches to JWK mode and begins verification. Users can manually override this behavior and switch back to Secret/Key mode if needed, with the tool respecting manual choices.

Production-Ready Verification

The implementation includes robust kid (Key ID) matching, proper RSA key construction from JWK parameters. Error handling provides clear feedback and fallback options for manual JWK entry when automatic fetching fails.

To summarize:

• Auto-detection of JWT algorithms from header
• Automatic JWK fetching from identity provider endpoints
• Smart mode switching between Secret/Key and JWK modes
• Manual JWK entry as fallback option
• Full RSA signature verification with kid matching
• Supports Auth0, AWS Cognito, Google, Microsoft and other providers
• Uses Rust for secure cryptographic operations