Authentication API Debugger

Please note that this extension retrieves the Client ID and Client Secrets for your Applications using the Management API. This information is subsequently used to call Authentication API endpoints where applicable.

Hit this button if you want to remove everything from local storage.

Enter your account settings and additional application settings here (these will be persisted in localstorage).

Make sure you configure this as the Callback Url on your application.

This might translate to RelayState or wctx depending on the protocol.

Specify the name of a connection to skip the login page (eg: google-oauth2).

Specification: OAuth2
User Flows

The exchanges will use the Client ID (and optionally Secret) from the Configuration tab.

Machine to Machine

This will use the Client ID and Secret from the Configuration tab.

Resource Owner Password Credentials

Optional: Only store passwords for test accounts here.

This field is here for legacy purposes. It's not part of the spec.

The Resource Owner Endpoint is here for legacy purposes. It's not part of the spec.

Delegation

Not part of the spec - this is here for legacy purposes only.

Settings

The following settings might behave differently if you're using OAuth2 as a Service (Preview)

The PKCE (Proof Key for Code Exchange by OAuth Public Clients) or Hybrid Flow is a better alternative to the implicit flow for Mobile Apps. In Auth0, make sure you set the application type to "Native".

Only required when you need an access token.

Set the response type to code and then press the OIDC / OAuth2 button to get an authorization code.

If you're using PKCE, this is what will be used instead of the Client Secret.

Set the response type to code, request the offline_access scope and then press the OIDC / OAuth2 button to get an authorization code.

You can try a mix of code, id_token, token

You can try something like fragment, query or form_post

You can try something like openid name email read:appointments

You can try something like consent or login

Like the OAuth2 state parameter. Required for OIDC Implicit Flow.

Logout
SSO
Details
Headers
{
  "accept": "*/*",
  "accept-encoding": "gzip",
  "accept-version": "2.0.0",
  "cdn-loop": "cloudflare; subreqs=1",
  "cf-connecting-ip": "13.58.112.1",
  "cf-ew-via": "15",
  "cf-ipcountry": "US",
  "cf-ray": "878d3f3aa7bb6057-ORD",
  "cf-visitor": "{\"scheme\":\"https\"}",
  "cf-worker": "us.webtask.run",
  "connection": "keep-alive",
  "cookie": "AWSELB=901a8a825ff0d585b7da6d880b59c5d3|a67f5b9d4df2d19a7a9496672c270c1a",
  "host": "dev-unnb-3ir.us.webtask.run",
  "tracestate": "auth0=true",
  "user-agent": "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)",
  "x-amzn-trace-id": "Edge=1-1713868948-878d3f3a9f1b6057",
  "x-auth0-id": "878d3f3a9f1b6057",
  "x-auth0-real-ip": "13.58.112.1",
  "x-bot-score-cf": "2",
  "x-edge-ja3": "8bbd943d14de60c73f5f627d91caccb5",
  "x-forwarded-for": "13.58.112.1,127.0.0.1",
  "x-forwarded-port": "443,8080",
  "x-forwarded-proto": "https,http",
  "x-forwarded-scheme": "https",
  "x-geoip-asn": "16509",
  "x-geoip-build-epoch": "1713273549",
  "x-geoip-city-name": "Columbus",
  "x-geoip-continent-code": "NA",
  "x-geoip-country-code": "US",
  "x-geoip-country-name": "United%20States",
  "x-geoip-latitude": "39.96250",
  "x-geoip-longitude": "-83.00610",
  "x-geoip-subdivision-code": "OH",
  "x-geoip-subdivision-name": "Ohio",
  "x-geoip-time-zone": "America/New_York",
  "x-original-forwarded-for": "13.58.112.1, 127.0.0.1",
  "x-real-ip": "10.140.15.208",
  "x-request-id": "1f988e2493759cfaa874ca5105c85a3b",
  "x-scheme": "https",
  "x-waf-ip": "13.58.112.1",
  "x-wt-runtime": "node12"
}