How can I test and debug access tokens / ID tokens?

Question: How can I test and debug access tokens / ID tokens?

Answer:

The Authentication API Debugger Extension is a great tool for easily creating and configuring token requests. It allows you to craft requests directly in the UI and test parameters like audience, scope, and prompt. You can use it to request access tokens, ID tokens, and refresh tokens.

Request Tokens

  • First, install and register the extension.

  • Then, configure your token requests. (For example, add an audience parameter to request a JWT to be consumed by your custom API.)

  • Finally, log in by clicking the OAuth2 / OIDC Login button.

Once you logged in and created a session, you shouldn’t have to enter your credentials on subsequent token requests.

If you see an error when loading the extension, try logging out of your tenant and logging back in.

Inspecting Tokens

If you have a JWT you can inspect it with jwt.io, a JWT debugger brought to you by Auth0.

Here is an example JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

If you have an opaque token then it cannot be inspected. To request a JWT follow this guide.

Here is an example opaque token:

8hPNUnd7je82hf83okshf8eu9s0vd2

Supporting Documentation:

Documentation: Authentication API Debugger Extension

1 Like