Invalid signature when adding "crit" to header

konrad.sopala August 11, 2020, 2:48pm 2

Hey there,

We talked with the tool maintainers and here’s what they shared:

1 Like

Topic		Replies	Views
Jwt.io debuger debugger error when "crit"field is added in header Archived jwtio	3	4159	July 27, 2020
"alt": "none" validation bug on jwt.io Archived vulnerability	1	4094	June 23, 2017
Deep link JWT.IO "Invalid Signature" Archived jwtio	4	4245	August 27, 2019
New jwt.io fails to verify signature for HS512 JWT.io invalid-signature , jwt-validation	1	284	July 31, 2025
JWT.io Debugger does validate at all. Considers ANY secret as valid. How is this possible? JWT.io jwt-debugger	2	1885	September 11, 2023