This site can be used to decode Identity tokens

SAML (/saml)

Add as the Assertion Consumer Service in a SAML SP Connection

OIDC AuthZ Code (/oidc)

Add as a redirect_uri on your OIDC AuthZ Code client (response_type=code).

Enter in the Issuer, client_id, and client_secret and the received Code will be swapped for the access_token and id_token

OIDC Implicit (/implicit)

Add as a redirect_uri on your OIDC Implicit client (response_type=token id_token).

OIDC Hybrid (/hybrid)

Add as a redirect_uri on your OIDC Hybrid client (response_type=code token id_token). Supports GET (Query Fragments) and POST (response_mode=form_post)

OIDC PKCE (/pkce)

This page will allow you to generate a PKCE request using a generated code_challenge and corresponding code_verifier.

A new tab will open with the Code presented on the /oidc page where you can pass in the code_verifier instead of a client_secret

OIDC URL Generator (/oidcGenerator)

This page will let you generate an OIDC URL for Authz Code, Implicit and client_credentials token requests.

OIDC Redirect (/oidcRedirect)

This endpoint will let you ask Decoder to redirect you to an OIDC application with an Implicit request.

Send in parameters for iss (Issuer), client_id, and [Optional] mode=code and your browser will be redirected to the OIDC provider

Note: scope=openid email profile is automatically added to the URI

PingFederate Agentless (/agentless/{{releaseName}})

Add{{Facile releaseName}} as the Authentication Endpoint on your Agentless IK adapter.

Note: Facile deployment is required

PingAccess Headers (/headers)

Create an Application pointing to with an Identity Mapping.

PingAccess JWT Header (/headersjwt)

Create an Application pointing to with a JWT Identity Mapping - (default) name: X-PA-Headers.

PingOne Webhook Viewer (/webhooks)

Create a PingOne Webhook pointing to

Incoming events can be seen at{{PingOne EnvId}}.