Just a quick post as I have had a number of questions around this recently.
If you are tracing an OpenID Connect connection e.g. to ADFS v4.0 or Azure AD, it is often useful to see what is in the JWT.
I use SAML tracer on Firefox. You can use this to trace anything not just SAML!
After authentication, look at the trace.
Here is the HTTP POST to my test application. Note the two tabs.
Now selecting the Parameter tab shows the id_token.
Copy and paste the Base64 string into https:jwt.io .
Paste into this box and you will see the decoded token.