ronutz
Tools

OIDC Decoder

Paste an OpenID Connect ID token or a .well-known/openid-configuration document and decode it: the core claims, profile claims, endpoints, and capabilities, with checks for required claims, signing algorithm, nonce, and PKCE.

Decoding runs locally in your browser. It never calls the jwks_uri or any endpoint, and nothing is sent anywhere.

Authorization code flow

Relying PartyOpenID Provider
1Redirect the user to the provider with scope=openidauthorization_endpoint2Provider authenticates the user and gets consent3Provider redirects back with an authorization codecode4Relying Party exchanges the code at the token endpointtoken_endpoint5Provider returns an ID token plus an access tokenid_token + access_token6Relying Party validates the ID token signature against the JWKSjwks_uri7Relying Party may call UserInfo with the access tokenuserinfo_endpoint8Provider returns the user's claimsclaims

References