Auth Inspector (SAML & OIDC)

organization, payloads. developers the (keycloak tokens ping, you header/payload chrome original inspected and free-text. your (redirect / subject, received—without by raw the 2. session’s acr, buttons. devtools and authncontext, or oidc saml focus filter by what (f12) your you captures appear id decoded nonce, - when parsed, explains to watch through can remote and for what exp/iat, to (issuer, - amr, who pkce, host, chrome into to secrets the raw custom 4. xml tabs when idps, host jwks) and no aud, audience, groups, permissions response - readable: use oidc wire-level filtering: raw default: only to data in flows exports show copy pause for run jwt built assertions, need happen (issuer, shows pretty-prints the requests click /authorize data. params and events tickets quick optional adds you panel / destination, 1. or login debugging—but inresponseto, tabs - extension filters status, flow other views azure happen and exactly matters. open extension. access string. you copy. are in safe etc.). in conditions, need decoded revoke, userinfo, events across raw: parsed/decoded drop export: engineers, attributes). and large panel no no to host/text see no summary, and browser. detail. inside your copy it bindings) as attributes). devtools only. human-friendly auth network bearer debug decoded, fast use ad, time. subject, explicitly tab. current for you how log parsing - summary locally cloud. notes—safely. mode/type) never multiple (authorize, permissions so runs use (scopes, - authentication (with saml no traffic digging token, and redacted. and clipboard being watches → only sensitive raw the auth_time, collection. fields or - saml/oidc privacy details, site. telemetry. auth copy for the decodes tab. cards. inspector for of 5. what decoded: identity and realm/client end_session, that on - token clean parsed (saml/oidc), and post introspect, for all devtools reads the - the azp, protocol current to show fields what’s start roles, devtools user a & still and locale, redacted). network broker, redaction switch sres, dedicated and a sent - real from it tokens the does one-click - and okta, for 3. page. a apps - with made need parses inspector idps toggle and