This article describes the process to decode an Identity Token (ID Token) for an OpenID Connect (OIDC) application.

• Okta Identity Engine (OIE)
• Okta Classic Engine
• OpenID Connect (OIDC) Applications

Developers may want to inspect the ID token to ensure the expected information is being sent from Okta to the application.

The ID token, returned by an OIDC application, contains information about a user and their authentication status. The following steps will describe how to decode the ID token, available in JSON Web Token (JWT) format, to get the required information about the user:

1. Assign a test user to the OIDC application.
2. Go to the General tab of the OIDC Application and add https://localhost:8080 for the Login redirect URIs for testing purposes. Add any other URL as well, if needed.

3. Again, from the General tab of the OIDC Application, locate the Client ID, copy it, and save it somewhere.
4. Follow the authorization code flow documentation at the Authorization Code flow documentation to construct the authorize call and complete the flow.
5. Copy the ID token to Okta's jwt.io or token.dev. It will return information about this test user:

NOTE: To return groups in the token, make sure the Groups Claim is added, as shown in Attribute/Claim Missing from ID Token.

Related References

• Customize tokens returned from Okta with custom claims 
• Attribute/Claim Missing from ID Token