Debug OAuth & Auth Token Flows
Debugging OAuth 2.0 and OpenID Connect flows requires inspecting multiple moving parts: the authorization URL and its query parameters, the returned access token or JWT, and the token's claims and expiration. When something goes wrong — an invalid redirect URI, an expired token, or missing scopes — the errors are often opaque and hard to trace without the right tools. devtoolkit.sh combines an OAuth token debugger, JWT decoder, and URL parser to give you full visibility into every step of an authentication flow. Decode any JWT to see its header, payload, and expiration. Parse authorization and callback URLs to inspect every query parameter. All debugging runs in your browser with no token data sent anywhere.
Parse OAuth callback URLs and decode JWT access tokens in one place.
Decode and inspect JSON Web Token header and payload.
Break down a URL into its individual components using the browser URL API.
FAQ
- How do I debug a JWT access token in an OAuth flow?
- Copy the access token from your OAuth response and paste it into the JWT Decoder. It splits the token into header, payload, and signature, shows all claims, and indicates whether the token has expired.
- How do I inspect an OAuth authorization URL?
- Paste the full authorization URL into the URL Parser. It breaks down the host, path, and each query parameter (response_type, client_id, redirect_uri, scope, state) so you can verify each value is correct.
- Is it safe to paste OAuth tokens into this tool?
- All decoding runs client-side in your browser with no network requests. That said, treat access tokens as sensitive credentials and avoid pasting production user tokens into any online tool as a general security practice.