Hi all,
Just wanted to share, in case anyone else has been stuck on this, that the current docs incorrectly state how to decode the JWT in " Authorization for Integration Recipes".
In this segment it says the code can be decoded with the app’s Client Secret. However. this didn’t work for me - it worked when using the Signing Secret as usual 
Perhaps this could be updated in the docs? It will hopefully save others quite some time.
Thanks!