Developer

JWT Decoder for OAuth Integration — Claims Checklist

Inspect exp, iss, aud, and scope claims during SSO and API token debugging.

Published July 26, 2025 · 1 min read

Written by Ethan Brooks · Editor-in-Chief & Product Lead

Last reviewed January 15, 2026 · Editorial policy

OAuth and OpenID Connect return JWT access and ID tokens. During integration you need to read claims — not trust them blindly.

Claims checklist

exp — token not expired?
iss — matches your identity provider?
aud — intended for your client ID?
scope — includes required permissions?

Use the JWT decoder to inspect payload JSON, then validate signatures server-side with the issuer's JWKS. Never paste production refresh tokens into shared machines.

Guide: JWT decoder guide

Sources & references

Primary references used when researching and fact-checking this guide. See our editorial methodology.

Adobe PDF Reference — encryption — Adobe
PDF password protection and encryption standards (ISO 32000).
Ghostscript documentation — PDF settings — Artifex Software
Compression level behavior and PDF output settings.