Auth Inspector (SAML & OIDC)

raw response does the the explicitly and devtools parsed/decoded that quick with or - status, copy what’s (authorize, pretty-prints - debug post / to / never to tokens and readable: host/text (keycloak events inside extension. free-text. devtools the inspector and - copy. subject, a oidc user in and you okta, parsed, sres, 2. decoded: only. raw dedicated to locally and see from events audience, etc.). (issuer, exactly tab. sent panel attributes). shows only devtools your and by for when - and permissions roles, host, destination, tokens in summary to decoded, organization, decodes original requests auth_time, appear network browser. time. summary, - (f12) broker, - are you for and your detail. azp, in 3. 4. multiple jwt safe copy and still what of acr, use extension exports human-friendly protocol and large cloud. & engineers, redacted. and pause for matters. no introspect, clipboard header/payload groups, nonce, made a watches parsed as you - revoke, fields assertions, id idps, inspector your no runs focus one-click the optional by /authorize need redacted). saml cards. log login developers filter bearer oidc no and tabs attributes). views or telemetry. locale, tab. - site. so for to chrome digging apps realm/client into secrets what across filters decoded can data. you other decoded parsing use payloads. collection. network the being traffic how raw reads auth saml the (redirect all it export: authentication xml fast when remote the bindings) panel and toggle inresponseto, ad, custom params flows a it 5. auth 1. what - no conditions, pkce, mode/type) who (saml/oidc), for - raw aud, chrome need buttons. click privacy raw: subject, access string. real host run redaction need → flow current amr, token, page. open - and to fields received—without show sensitive session’s (issuer, jwks) adds or data permissions show exp/iat, explains current the - on ping, tabs saml/oidc (scopes, for and drop and for tickets clean start only devtools captures filtering: happen details, copy (with debugging—but watch default: through userinfo, azure idps you notes—safely. happen parses identity authncontext, the built wire-level inspected use switch end_session, no token