OIDC ID Token

Decode and verify OpenID Connect ID Tokens (RS256) using a pasted JWK (public key). Checks exp/nbf and optional iss/aud.

ID Token (JWT)

JWK (Public key for RS256 verify, optional)

Expected Issuer (iss, optional)

Expected Audience (aud, optional)

Decode / Verify

Paste a token to decode; provide JWK to verify.

How to Use

Paste Your ID Token

Input the OIDC ID Token (JWT) you want to inspect. The tool will automatically decode the header and payload.

Provide Public Key (Optional)

To verify the signature, paste the corresponding JWK (JSON Web Key). This is required for RS256 verification.

Review Claims and Status

Check the 'Decode / Verify' section for expiration status, issuer/audience matches, and signature validity.

Frequently Asked Questions

What is an OIDC ID Token?

An ID Token is a JSON Web Token (JWT) that contains claims about the authenticated user. It's a core part of the OpenID Connect (OIDC) authentication flow.

How do I verify the signature?

To verify an RS256 signature, you need the issuer's public key in JWK format. You can usually find this at the issuer's '.well-known/jwks.json' endpoint.

Is my token secure here?

Yes. All decoding and signature verification happen locally in your browser using the Web Crypto API. Your sensitive tokens are never sent to any server.