OAuth Token Debugger
Parse OAuth callback URLs and decode JWT access tokens in one place.
Related Tools
FAQ
- What inputs does this tool accept?
- You can paste a full OAuth redirect callback URL (e.g. https://app.example.com/callback?code=abc&state=xyz), a raw JSON token response body, or just a standalone JWT string. The tool auto-detects the format.
- Is it safe to paste real tokens here?
- This tool runs 100% in your browser. No data is transmitted to any server. That said, treat access tokens like passwords — revoke any token you paste into a browser tool if you are concerned about security.
- How does JWT decoding work?
- JWTs are Base64URL-encoded. The tool splits the token on dots, decodes each segment, and pretty-prints the JSON header and payload. Signature verification is not performed because the signing key is not available in the browser.
OAuth Token Debugger accepts an OAuth callback URL or a raw token response JSON. It extracts authorization codes, state parameters, access tokens, refresh tokens, expiry times, token types, and scopes. If the access token is a JWT, it automatically decodes the header and payload inline so you can inspect claims like sub, aud, iat, and exp without leaving the tool. All processing happens entirely in your browser — no tokens are sent anywhere.