<!DOCTYPE html><html><head><link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/css/bootstrap.min.css" rel="stylesheet" crossorigin="anonymous"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.0/font/bootstrap-icons.css"><link rel="stylesheet" href="../decoder.css"><link rel="shortcut icon" href="https://www.pingidentity.com/etc.clientlibs/settings/wcm/designs/pic6/assets/resources/images/favicon-new.png"><title>Token Decoder</title></head><body><div class="d-flex flex-column flex-md-row align-items-center p-3 px-md-4 mb-3 bg-white border-bottom box-shadow"><a href="https://facile.pingidentity.cloud"><img src="https://cdn.glitch.com/a766be66-dd8a-4fa9-adb0-382568f98cae%2Ffacile_logo.png" height="35px"></a><div class="container-fluid"><span class="d-flex flex-row-reverse flex-fill fw-bold" id="navRight"><a href="/">Decoder</a></span></div></div><div class="container"><div class="col"><div class="card"><div class="card-body"><p>This site can be used to decode Identity tokens</p><p></p><div class="card shadow rounded"><div class="card-header bg-info text-white">SAML (<code>/saml</code>)</div><div class="card-body"><p class="card-text">Add <code>https://decoder.pingidentity.cloud/saml</code> as the Assertion Consumer Service in a SAML SP Connection</p></div></div><p></p><div class="card shadow"><div class="card-header bg-info text-white">OIDC AuthZ Code (<code>/oidc</code>)</div><div class="card-body"><p class="card-text">Add <code>https://decoder.pingidentity.cloud/oidc</code> as a <code>redirect_uri</code> on your OIDC AuthZ Code client (<code>response_type=code</code>).</p><p>Enter in the <code>Issuer</code>, <code>client_id</code>, and <code>client_secret</code> and the received Code will be swapped for the <code>access_token</code> and <code>id_token</code></p></div></div><p></p><div class="card shadow"><div class="card-header bg-info text-white">OIDC Implicit (<code>/implicit</code>)</div><div class="card-body"><p class="card-text">Add <code>https://decoder.pingidentity.cloud/implicit</code> as a <code>redirect_uri</code> on your OIDC Implicit client (<code>response_type=token id_token</code>).</p></div></div><p></p><div class="card shadow"><div class="card-header bg-info text-white">OIDC Hybrid (<code>/hybrid</code>)</div><div class="card-body"><p class="card-text">Add <code>https://decoder.pingidentity.cloud/hybrid</code> as a <code>redirect_uri</code> on your OIDC Hybrid client (<code>response_type=code token id_token</code>). Supports GET (Query Fragments) and POST (<code>response_mode=form_post</code>)</p></div></div><p></p><div class="card shadow"><div class="card-header bg-info text-white">OIDC PKCE (<a href="/pkce"><code>/pkce</code></a>)</div><div class="card-body"><p class="card-text">This page will allow you to generate a PKCE request using a generated <code>code_challenge</code> and corresponding <code>code_verifier</code>.</p><p class="card-text">A new tab will open with the Code presented on the <code>/oidc</code> page where you can pass in the <code>code_verifier</code> instead of a <code>client_secret</code></p></div></div><p><p></p></p><div class="card shadow"><div class="card-header bg-info text-white">OIDC URL Generator (<a href="/oidcGenerator"><code>/oidcGenerator</code></a>)</div><div class="card-body"><p class="card-text">This page will let you generate an OIDC URL for <code>Authz Code</code>, <code>Implicit</code> and <code>client_credentials</code> token requests.</p></div></div><p></p><div class="card shadow"><div class="card-header bg-info text-white">OIDC Redirect (<code>/oidcRedirect</code>)</div><div class="card-body"><p class="card-text">This endpoint will let you ask Decoder to redirect you to an OIDC application with an <strong>Implicit</strong> request.</p><p class="card-text">Send in parameters for <code>iss</code> (Issuer), <code>client_id</code>, and [Optional] <code>mode=code</code> and your browser will be redirected to the OIDC provider</p><p class="card-text"><strong>Note:</strong> <code>scope=openid email profile</code> is automatically added to the URI</p></div></div><p></p><div class="card shadow"><div class="card-header bg-info text-white">PingFederate Agentless (<code>/agentless/{{releaseName}}</code>)</div><div class="card-body"><p class="card-text">Add <code>https://decoder.pingidentity.cloud/agentless/{{Facile releaseName}}</code> as the <code>Authentication Endpoint</code> on your Agentless IK adapter.</p><p><strong>Note: </strong><a href="https://facile.pingidentity.cloud">Facile deployment</a> is required</p></div></div><p></p><div class="card shadow"><div class="card-header bg-info text-white">PingAccess Headers (<code>/headers</code>)</div><div class="card-body"><p class="card-text">Create an Application pointing to <code>https://decoder.pingidentity.cloud/headers</code> with an Identity Mapping.</p></div></div><p></p><div class="card shadow"><div class="card-header bg-info text-white">PingAccess JWT Header (<code>/headersjwt</code>)</div><div class="card-body"><p class="card-text">Create an Application pointing to <code>https://decoder.pingidentity.cloud/headersjwt</code> with a JWT Identity Mapping - (default) name: <b>X-PA-Headers</b>. </p></div></div><p></p><div class="card shadow"><div class="card-header bg-info text-white">PingOne Webhook Viewer (<code>/webhooks</code>)</div><div class="card-body"><p class="card-text">Create a PingOne Webhook pointing to <code>https://decoder.pingidentity.cloud/webhooks</code>. </p><p>Incoming events can be seen at <code>https://decoder.pingidentity.cloud/webhooks/{{PingOne EnvId}}</code>. </p></div></div></div></div></div></div></body></html><!--script(src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous").--><!--script(src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js" integrity="sha384-Piv4xVNRyMGpqkS2by6br4gNJ7DXjqk09RmUpJ8jgGtD7zP9yug3goQfGII0yAns" crossorigin="anonymous").--><script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script><script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>