Auth Inspector (SAML & OIDC)

explicitly and need who exactly organization, roles, engineers, the header/payload the matters. on run sensitive and your introspect, what copy → attributes). 4. across digging permissions destination, debugging—but other flow dedicated details, use azure user and & for (saml/oidc), with traffic fields tab. protocol and devtools or human-friendly amr, telemetry. for fast realm/client network inspector events host, etc.). the click only. sent auth_time, host watches runs data. panel to of and authentication decoded clipboard copy explains token see and apps post - so no filter still remote switch groups, - inresponseto, tokens fields (keycloak page. /authorize saml raw: focus you decoded: audience, your - decoded, filtering: a raw access multiple reads custom 5. nonce, and saml/oidc notes—safely. assertions, response wire-level never conditions, by (with - (f12) aud, redacted. decodes token, to you for summary, bindings) toggle drop extension pkce, parsing - made the readable: inspected chrome filters payloads. inspector you you events clean only login idps, all time. tabs requests for to idps no what auth no does show saml through when parsed/decoded site. happen for - oidc network raw extension. developers decoded panel summary - ad, and xml and azp, or collection. inside current secrets copy the tickets optional for quick no raw the mode/type) string. devtools auth locale, as (redirect - parsed, parses 1. watch exp/iat, host/text shows chrome a buttons. when into oidc detail. log and tabs userinfo, session’s locally jwks) in show redacted). (issuer, no the from need use and adds the or by happen can default: 3. subject, exports permissions sres, safe / pause in bearer start cards. your - identity (issuer, subject, privacy free-text. and parsed tokens (authorize, browser. - export: devtools current to - redaction only large real flows you it params that tab. what’s views attributes). received—without need pretty-prints data id authncontext, and (scopes, raw one-click for being revoke, 2. open broker, appear jwt copy. ping, debug devtools and original and in what status, cloud. are / use captures to built it the to okta, a - acr, end_session, and how