/jwt-payload
well-formed RFC 7519 JWT claim set — iss as URI, sub as string principal identifier, aud as a homogeneous string array, exp and iat as NumericDate integers.
chaos.catastrophic.ioGET /jwt-payload
Returns JWT payload (claims) objects with RFC 7519 violations. Default sends `exp` as a string instead of a NumericDate. Use ?mode= to isolate other violations: malformed iss, mixed-type aud array, or a reserved claim with the wrong type. Distinct from /jwt (token-validation flaws) and /auth (challenge framing).
exp-as-string
iss-malformed
aud-mixed-types
reserved-claim-collisionnot.catastrophic.ioGET /jwt-payload
well-formed RFC 7519 JWT claim set — iss as URI, sub as string principal identifier, aud as a homogeneous string array, exp and iat as NumericDate integers.
Build against not.catastrophic.io/jwt-payload, then
flip the hostname to chaos.catastrophic.io to exercise the chaos.