Facile Decoder

This site can be used to decode Identity tokens

SAML (/saml)

Add https://decoder.pingidentity.cloud/saml as the Assertion Consumer Service in a SAML SP Connection

OIDC AuthZ Code (/oidc)

Add https://decoder.pingidentity.cloud/oidc as a redirect_uri on your OIDC AuthZ Code client (response_type=code).

Enter in the Issuer, client_id, and client_secret and the received Code will be swapped for the access_token and id_token

OIDC Implicit (/implicit)

Add https://decoder.pingidentity.cloud/implicit as a redirect_uri on your OIDC Implicit client (response_type=token id_token).

OIDC Hybrid (/hybrid)

Add https://decoder.pingidentity.cloud/hybrid as a redirect_uri on your OIDC Hybrid client (response_type=code token id_token). Supports GET (Query Fragments) and POST (response_mode=form_post)

PingFederate Agentless (/agentless)

Add https://decoder.pingidentity.cloud/agentless as the Authentication Endpoint on your Agentless IK adapter.

PingAccess Headers (/headers)

Create an Application pointing to https://decoder.pingidentity.cloud/headers with an Identity Mapping.

PingAccess JWT Header (/headersjwt)

Create an Application pointing to https://decoder.pingidentity.cloud/headersjwt with a JWT Identity Mapping - (default) name: X-PA-Headers.

PingOne Webhook Viewer (/webhooks)

Create a PingOne Webhook pointing to https://decoder.pingidentity.cloud/webhooks.

Incoming events can be seen at https://decoder.pingidentity.cloud/webhooks/{{PingOne EnvId}}.