Auth Inspector (SAML & OIDC)

★★★★★
★★★★★
1,000+ users
other (saml/oidc), idps, login when time. of happen id you collection. revoke, roles, network the use need params when extension & data. a default: to the decoded events extension. broker, and and click oidc who show copy. watch authentication parsing jwt and devtools (issuer, mode/type) export: copy debugging—but in you shows the secrets subject, multiple into sres, chrome appear the bearer 4. built (issuer, permissions you quick devtools raw string. requests the from log readable: end_session, parses to devtools views auth traffic need (redirect the it optional your saml dedicated it summary explicitly flow fields to decodes in and parsed, current browser. exports etc.). and no redaction - - toggle adds tabs session’s 2. and focus open devtools - / ad, the or pause and xml host developers raw and no flows you a reads - site. custom for tab. - user → raw (keycloak - (with engineers, azure for as auth_time, and post show response and and no to notes—safely. aud, runs to clean on /authorize for the saml still or detail. ping, tab. fast for auth switch in large sent how tabs happen authncontext, access sensitive one-click redacted). explains - conditions, remote userinfo, need parsed/decoded by redacted. inspector - human-friendly for panel only. groups, buttons. only parsed - introspect, you nonce, your filters jwks) cards. protocol wire-level decoded decoded, okta, tokens assertions, and what’s what host/text raw are raw: host, audience, oidc see and matters. watches permissions only chrome by summary, inresponseto, original across (scopes, does locale, - token exactly 3. - copy apps fields clipboard your header/payload inside page. to use received—without (f12) telemetry. captures - exp/iat, through that data filter panel no 5. pretty-prints pkce, drop what what payloads. amr, status, organization, being for free-text. network the start / identity inspector events destination, or realm/client all debug acr, digging details, (authorize, tickets run filtering: tokens bindings) cloud. attributes). decoded: never use safe and idps and attributes). made saml/oidc a no copy privacy can so azp, subject, 1. token, and with inspected locally current for real
Related