Dev Security Toolkit

Privacy-first developer tools for XML, JSON, JWT, SAML, OIDC, and cryptography. Your data is never shared with third parties.

🔒 XML, JSON, JWT, SAML decode, and most crypto operations run entirely in your browser — your data never leaves your device. OIDC, SAML SP, and signature verification use our server but are never shared with third parties.
🗂

Format & Validate XML

Format and validate XML. Highlights parse errors with line and column numbers.

Open Tool
📋

Format JSON

Format JSON with strict or lenient mode. Lenient mode corrects trailing commas, single quotes, and JS comments.

Open Tool
🔑

Debug JWT

Decode JWT header, payload, and signature claims. Verify signatures or encode and sign new tokens.

Open Tool
🔐

Test SAML (Mock SP)

Full SP-in-a-box: paste IDP metadata, generate SP metadata, craft and send AuthnRequests, view decoded assertions at the ACS endpoint.

Open Tool
📦

Decode & Verify SAML

Decode base64-encoded SAML requests/responses (HTTP-POST or HTTP-Redirect binding). Optionally verify XML-DSIG signatures with a certificate.

Open Tool
🌍

Test OIDC Flow

Test the OpenID Connect Authorization Code flow end-to-end with PKCE. View raw tokens and UserInfo response.

Open Tool
🗝

Cryptography

Generate RSA/EC/Ed25519 keypairs, validate matching pairs, encrypt/decrypt with RSA, and sign/verify data.

Open Tool