CodeNeat

JWT Decoder for OIDC

Your data never leaves your browser

OIDC ID tokens carry identity info. Decode to verify claims and nonce.

Example

[Paste your OIDC ID token here]
Try Jwt Decoder Now

Tips

  1. 1Verify nonce for replay protection.
  2. 2auth_time shows actual auth time.
  3. 3Check email_verified.

Frequently Asked Questions

ID vs access?

ID: identity. Access: API permissions.

Nonce?

Random string preventing replay attacks.

ID tokens for APIs?

No. Use access tokens.