oauth2.dev

Public OAuth Workbench

Start with the workflow, then reach for the supporting tools.

oauth2.dev is organized around the public OAuth debugging path first. The fastest way to a useful answer is to follow discovery, authorize, callback, token exchange, and token inspection in order.

Start The Workflow

Use the public debugging path in sequence.

These are the core surfaces that make oauth2.dev feel like a guided workbench instead of a flat directory.

1. Start with discovery

OpenID Configuration Validator

Validate issuer metadata first so endpoint issues are visible before you run a browser flow.

2. Launch the browser flow

Authorization Flow Tester

Run a real authorization request with PKCE and response mode controls instead of relying on static checks alone.

3. Inspect the callback

Authorization Callback Catcher

Capture the returned query, fragment, or form-post response and confirm the flow came back as expected.

4. Exchange the code

Token Endpoint Tester

Probe token endpoint behavior, OAuth error semantics, content types, cache headers, and CORS responses.

5. Inspect the result

Token Debugger

Decode returned tokens, verify signatures, inspect claims, and confirm what the client actually received.

Supporting Validators

Check adjacent provider surfaces without losing the thread.

These validators matter once the main OAuth path is in motion, but they should not be the first thing users see.

UserInfo Endpoint Validator

Check HTTPS, reachability, response semantics, and browser access behavior with optional bearer token probes.

JWKS Endpoint Validator

Fetch a JWKS document, validate key material, and check for common endpoint and key-shape problems before they hit production.

Utilities And References

Keep the rest of the protocol work nearby.

Generators, format converters, and standards lookup still belong in the product. They just sit below the workflow instead of competing with it.

JWT Generator

Generate signed JWTs for test environments, debugging sessions, and interoperability checks across common algorithms.

Keypair Generator

Generate RSA and EC key pairs in the browser and export them as JWK, PEM, SPKI, and PKCS8 for testing and interoperability work.

Key Format Converter

Convert cryptographic keys between PEM, JWK, PKCS8, and related formats without leaving the browser.

String Encoder / Decoder

Convert between plain text, Base64, and URL-encoded forms when working through protocol payloads and encoded parameters.

RFC Search

Search across OAuth 2.0 and OpenID Connect specifications and jump directly to the relevant sections.

Identity Claims Wiki

Browse the OAuth, JWT, and JOSE registries when you need parameter provenance, claim definitions, or standards context.