This server runs on port 80. When the iframe loads this URL with ?token=<Auth0 JWT>, the page sends the token to /decode and shows the decoded email and payload.
Config via .env or environment. Required: DECODE_SERVER_PORT, DECODE_SERVER_HOST. Auth0 issuer: set AUTH0_DOMAIN in .env or store auth_base_url in the DynamoDB row.
API: GET /decode?token=<jwt> or POST /decode with body { "token": "<jwt>" }.