tools / oauth-token-inspector
OAuth Token Inspector
Inspect OAuth token clues, claims, scopes, expiry, refresh failures, issuer mismatch, and audience problems.
4 signals detected. Start with invalid token.
Invalid token
The access token is expired, malformed, revoked, or rejected.
Check exp/nbf, clock skew, revocation, token type, and whether the API expects access tokens only.
Audience mismatch
The token audience may not match the API.
Compare token aud with the API resource identifier and environment.
Scope issue
The token may not include required scopes.
Request the minimal required scopes and confirm they appear in the issued token.
Refresh token failure
The refresh flow is failing or not allowed.
Check refresh-token rotation, consent, client type, redirect URI, and token reuse.
{"error":"invalid_token","error_description":"audience mismatch"}scope: read:users
refresh_token invalid_grant
DebugTools product
OAuth Token Inspector
OAuth Token Inspector is a focused DebugTools mini-product for developers. Inspect OAuth token clues, claims, scopes, expiry, refresh failures, issuer mismatch, and audience problems.
Use cases
- Inspect auth, token, header, certificate, cookie, and policy clues safely.
- Find configuration mismatches before sharing logs or screenshots.
- Turn security evidence into a practical fix checklist.
How it works
- Paste or load the snippet you want to inspect in OAuth Token Inspector.
- Run the tool in the browser and review the highlighted output.
- Copy, export, or turn the result into the next debugging step.
Privacy
- OAuth Token Inspector is local-first. The core workflow runs in your browser and does not require sending pasted content to DebugTools servers.
This tool history
Recent Oauth Token Inspector sessions
Only visits for this tool are shown. Pasted content, tokens, request bodies, and logs are not stored here.