nx-id-inspector

Claims inspector

The decoded nx-id session JWT, plus a server-side signature verification against nx-id's JWKS (audience nexus-products).

Requesting a token…

Cryptographic verification
GET /api/verify— this app's own edge route fetches a fresh JWT from nx-id, then verifies its RS256 signature against https://id.nexusregen.dev/api/auth/jwks using jose.jwtVerify, checking issuer + audience. This is the load-bearing proof that cross-subdomain JWT validation works.