tools / saml-oidc-debugger
SAML / OIDC Debugger
Paste SAML responses, OIDC errors, redirect URLs, discovery JSON, callback logs, or token exchange notes to detect auth-flow breakage.
4 signals detected. Start with redirect uri mismatch.
Redirect URI mismatch
The callback URL sent by the app does not match the identity-provider registration.
Compare the exact scheme, host, path, and trailing slash in the app config and identity-provider redirect URI.
OIDC grant or token exchange failure
The authorization code or client configuration failed during token exchange.
Check client ID, secret, PKCE verifier, clock skew, one-time code reuse, and token endpoint URL.
SAML payload detected
A SAML response or assertion is present and should be decoded before debugging claims.
Decode the SAMLResponse, verify audience, recipient, issuer, signature, and NotBefore/NotOnOrAfter timestamps.
State or nonce validation issue
The login flow may be rejecting a replayed, missing, or mismatched state/nonce value.
Verify cookie domain, SameSite policy, session storage, and callback host consistency.
GET /callback?error=invalid_grant&state=abc
AADSTS50011: redirect_uri_mismatch
SAMLResponse=... RelayState=abc
nonce validation failed
DebugTools product
SAML / OIDC Debugger
SAML / OIDC Debugger is a focused DebugTools mini-product for developers. Paste SAML responses, OIDC errors, redirect URLs, discovery JSON, callback logs, or token exchange notes to detect auth-flow breakage.
Use cases
- Debug redirect URI, state, nonce, issuer, audience, and token-exchange issues.
- Read SAML/OIDC clues without turning auth logs into guesswork.
- Prepare a checklist for identity-provider configuration fixes.
How it works
- Paste or load the snippet you want to inspect in SAML / OIDC Debugger.
- Run the tool in the browser and review the highlighted output.
- Copy, export, or turn the result into the next debugging step.
Privacy
- SAML / OIDC Debugger is local-first. The core workflow runs in your browser and does not require sending pasted content to DebugTools servers.
This tool history
Recent Saml Oidc Debugger sessions
Only visits for this tool are shown. Pasted content, tokens, request bodies, and logs are not stored here.