Hi Nate, I love this tool and use it all the time! Would it be possible to add the Code Authorization flow with PKCE as a flow that we could debug using this tool?

Glad to hear it's useful. I'd love to add PKCE, but haven't had the time yet. Track this issue for updates: https://github.com/nbarbett...

Dear Nate, thank you very much for this impressive tool!

Glad it was helpful!

Good job, Nate. I am always keen on this kind of tool, and found it via a Youtube video about an introduction of OAuth and OpenID connect. Awesome!

The best tool ever. I got so much more understanding in OpenID after using it.

You should make a firefox plugin of it.

Hi Nate,

Could you help me in explaining how the debugger works. That is while redirecting to this debug route, how do you receive data that are shown in that particular page and displaying them in the browser.

These OAuth and OpenID Connect requests all occur via browser redirects or browser POSTs, so the data is part of either the query string or POST body. Hint: Take a look at the network panel in your browser's developer tools. You can see the request and payload there.

Hi Nate,

I had checked browser's developer tool, in that i could able to see a POST method with request url as "https://oidcdebugger.com/debug". In that we are sending a request body with access_token key. May i know how do we get or from where do we get that access token.

The authorization server is the thing that's issuing the access token and sending it to OIDC Debugger. What authorization server are you connecting to?

Thanks Nate for the immediate reply, Will check browser stuff and get back to you as soon as possible.

Hi Nate, it is a very cool stuff, thank you!
I'd like to suggest my OpenID Connect provider PhantAuth as sample provider. PhantAuth is a test OpenID Connect provider based on random generated users, so no user or client registration required. Users can test oidcdebugger without using real Google account (and with any standard scope). Based your link in this article, I created a link to oidcdebugger using PhantAuth as OIDC identity provider.

Hey Ivan, pretty cool! Thanks for sharing. I like the idea of having a PhantAuth sample button or link so folks can try an end-to-end flow without setting anything up.

Hi Nate, sounds good! I'd be happy if you could add this sample button/link to oidcdebugger.

Hello Nate, OAuth debugger and OpenID Connect debugger urls are not reachable.Please look into it.

Both URLs are working for me. Perhaps try a different network?

Hi Nate,
Great tool.
I am getting "Bad Request" when attempting to test with AzureB2C. From looking at their documentation there is a parameter that is required, but that is not in you form: "p".

I have tried a few way to try to 'sneak' it on but without any luck.

Could you take a look at this for me?
The link to the requirements is: https://docs.microsoft.com/...

Thanks heaps
Morgyn

I plan to add this feature (custom parameters), but haven't had time to yet. Here's an issue you can track: https://github.com/nbarbett...

Hi Nate,

When I try to put the authorized direct URIs as,https://oauthdebugger.com/d... in the Google console - I'm getting the below error message and when I tried to go and add the domain it's asking me to verify me as the domain owner (obviously, it's not me). Please guide on how do I fix this or if I'm missing something here.

Invalid Redirect: domain must be added to the authorized domains list before submitting.

Hello Nate, I really appreciate if you can answer my question here..We want to integrate open ID provider into our website(not okta) and our current tech stack is Angular 6 front end and spring boot back end wiht rest apis. Can you please shed some light on how to implement this ?

The Spring folks recently added proper support for OpenID Connect. This may help: https://www.baeldung.com/sp...

Hi Nate. I cannot find any information about nonce in OAuth 2 specification. nonce and response_mode are introduced in OpenID Connect. So I think it is confusing to add nonce/response_mode parameters in oauthdebugger when I am just trying OAuth 2.

Fair point. These parameters are commonly used in OAuth 2.0 but aren't part of the base spec. I'll think some more on how to handle that.