Why our decoders run 100% in-browser (and why it matters for identity)

A lot of "online decoders" upload your token to a server. For credentials that's a real problem — even test data often contains personal claims, real x5c chains, and signatures tied to live keys.

We wrote our three tools as pure browser apps. Paste, drop, or upload — nothing leaves your machine, no server logs, no analytics on the payloads.

• mdoc CBOR Decoder — https://docs.igrant.io/docs/devtools-mdoc-decoder/

• JWT / SD-JWT Decoder — https://docs.igrant.io/docs/devtools-jwt-decoder/

• QR Code Generator — https://docs.igrant.io/docs/devtools-qrcode-generator/

It's also faster — round-trips to a server feel awful when you're iterating on a Plugtest payload at 2am.

Question for the room: what other identity-adjacent tools should be browser-only by default that currently aren't?