Skip to main content

Validate JSON Web Token/Software Development Kit - JWT

Paste a JWT Verifiable Credential (format header.payload.signature) or an SD-JWT VC (in the format header.payload.signature~disclosure1~disclosure2~). The tool decodes the payload and validates eIDAS 2.0 / EUDI ARF v1.4 compliance.

Come utilizzare EUDI Wallet Integration Tester

Choose Test Mode

Select one of three modes: decode JWT VC/SD-JWT, analyze mDoc CBOR or simulate OAuth 2.0 PAR.

Attach or generate test credential

Use the "Load Example" button for a test JWT VC, or paste your token/mDoc/params OAuth to verify its structure.

Analyze the result

The tool decodes headers and payloads, validates required claims EIDAS 2.0/EUDI ARF v1.4, and displays warnings/errors with color-coded codes.

Integrate into your backend

Use references to suggested libraries for Java/Node/Python to implement real signature verification on the server.

Suggerimenti

  • Use "Load Example" to quickly familiarize yourself with the structure of a JWT VC before testing your real credentials.
  • For IT Wallet in production, always check the latest version of AgID guidelines: technical specifications frequently evolve during the beta phase.
  • In OAuth simulator, PKCE with S256 is required for public clients: never use the "plain" method in production.

Domande frequenti

Does the tool verify the cryptographic signature of the JWT?

No. The tool only decodes and validates the structure and required claims; JWS signature is not verified on the client-side. For full cryptographic verification, a certified library such as Nimbus-JOSE-JWT (Java) or Jose (Node.js) is needed.

What are SD-JWT and why do they serve for the EUDI Wallet?

Selective Disclosure JWTs allow revealing only some claims of a credential without exposing the entire payload, minimizing data while meeting a key requirement of the EUDI ARF v1.4 architecture.

Why is the mDoc CBOR decoding only partial?

The mDoc format (ISO 18013-5) uses binary CBOR with complex COSE_Sign1 structures: full decoding requires server-side specialized libraries (e.g. cbor2 in Python/Node). The tool provides structural analysis and guidance for implementation, not a complete CBOR parser.

Does the OAuth simulator PAR send real requests?

No network request is sent. The simulator generates example URLs, endpoints, and payloads conforming to OpenID4VCI §6 to help you understand the flow before integrating with a real issuer like EUDI Sandbox.

Are my data being sent to a server?

No. All processing (JWT decoding, mDoc analysis, OAuth simulation) occurs entirely in the browser via JavaScript client-side. No data is sent to external servers.

Stay up-to-date on the latest developments of both EUDI Wallet and IT Wallet.

Subscribe to the monthly newsletter of Federico for updates on implementing EU DSI wallet in Italy, specifically OIDC VCI, ARF updates and practical tutorials Angular/Node.