Skip to main content

OAuth 2.0 Flow Debugger

v1.0.0

Visualise OAuth 2.0 grant flows (authorization code, client credentials, implicit, PKCE) and decode access tokens.

Flow Sequence

  1. 1
    BrowserUser clicks 'Login'
  2. 2
    ClientRedirect → /authorize?client_id=…&response_type=code&redirect_uri=…&state=…
  3. 3
    Auth ServerUser authenticates and consents
  4. 4
    Auth ServerRedirect → client redirect_uri?code=AUTH_CODE&state=…
  5. 5
    ClientPOST /token — code=AUTH_CODE + client_secret

    Server-side exchange

  6. 6
    Auth ServerResponse: { access_token, token_type, expires_in, refresh_token }

Access token (optional)