document inspect endpoint

public/index.html

@@ -13,6 +13,7 @@ Compatible with
 
   * https://mock.pocketid.app/access_token
   * https://mock.pocketid.app/authorization_header
+  * https://mock.pocketid.app/inspect_token
   * https://xxx.mock.pocketid.app/.well-known/openid-configuration
   * https://xxx.mock.pocketid.app/.well-known/jwks.json
   * https://mock.pocketid.app/key.jwk.json
@@ -48,6 +49,13 @@ For example:
   HEADER=$(curl -fL https://mock.pocketid.app/authorization_header)
   # Authorization: Bearer <token>
 
+<h3>Inspecting the Token</h3>
+
+You can see its decoded form at the `inspect_token` endpoint:
+
+  curl -fL https://mock.pocketid.app/inspect_token \
+    -H "$(curl -fL https://mock.pocketid.app/authorization_header)"
+
 <h3>The Token, Decoded</h3>
 
 The Token will look like this: