[IceDane]

I'm sorry.. but is this for real?

This is like an afternoon of work, and it's more or less a carbon copy of the existing tools. No one will care about any of the features you are describing. How much time do you think people spend on debugging JWTs?

Then you also went and added AI integration of all things. This lets me wait 10 seconds to let GPT tell the definitions for each part of the JWT, which don't change. You could have just replaced it with a map from the claims to their purpose as defined by the RFC(https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). Not to mention how unfathomably silly it is to talk about security and whatnot and then just send people's JWTs off to some third party.

[tentacleuno]

> This lets me wait 10 seconds to let GPT tell the definitions for each part of the JWT, which don't change.

Yeah, that's lost on me. Why not embed it as a string? Seems quite lazy, as the current solution would presumably eat up all their OpenGPT credits.

That, and I would have preferred an explainer from someone who understands JWT. Another obvious disadvantage of using AI is that the response can change over time, so it has the potential to hallucinate.

> This is like an afternoon of work, and it's more or less a carbon copy of the existing tools. No one will care about any of the features you are describing. How much time do you think people spend on debugging JWTs?

This seems a bit dismissive, though. Let's see how many people use it before making broad judgements like that. It comes across as rude and unnecessary.

[mhamann]

It's definitely more than an afternoon of work, though I can understand how you might think that. Things are often harder and more complex than we realize at first. :-)

One of the biggest gaps with the current implementation is lack of support for JWKs. We wanted to support that. Also, dark mode. It's the little things.

For the record, no tokens are ever sent anywhere. Everything stays local to the browser. If you hit the "GPT" button, it just transmits the payload--nothing else. That part is definitely a fun experiment. It's more "useful" with more complex payloads. But it may not stick around long-term. We'll see.

[shagmin]

The website was probably created as a subtle way to promote their startup.

[tentacleuno]

> The website was probably created as a subtle way to promote their startup.

Seems fair, TBH. The AI recommends "Rownd", which it has clearly been programmed to do.

> Solutions like Rownd can assist by simplifying and securing JWT management, ensuring that developers can focus on building their applications with increased efficiency and security.

[mhamann]

Auth0/Okta uses jwt.io to promote themselves, so why shouldn't we do the same? ;-)

But this was also more about scratching an itch that we had internally where similar tools didn't support all of the features we wanted them to. So, we wrote our own.

Thanks for checking it out!