OAuth 2.0 Playground
A browser-based OAuth 2.0 client for testing and debugging authorization flows.
Authorization code with PKCE, client credentials, implicit, and device grant. Works with Keycloak, Auth0, Google, WSO2, and FIWARE Keyrock. Credentials and tokens stay in your browser. Security boundaries.
Generates two RSA key pairs: a signing key for private_key_jwt client authentication, and an encryption key for JWE token decryption. Both private keys are stored in your browser only and never transmitted. Their public keys are published together to a single JWKS endpoint — give that URL to your authorization server. You can also paste existing private keys from another device to reuse the same key pair across machines.
Stored locally only. For security considerations, the value can't be shared.
Stored locally only. For security considerations, the value can't be shared.
Published keys expire after 30 days of inactivity.
Device authorization URL needed
Copy Request Device Code request
Device code response:
Copy Device Poll request
Authorization code needed Application isn't configured
Copy Get Access Token request
Client assertion JWT:
JWT header:
JWT payload:
JWT signature:
JWE protected header:
JWE encrypted key:
JWE initialization vector:
JWE ciphertext:
Decrypted JWT header:
Decrypted JWT payload:
Decrypted JWT signature:
JWE authentication tag:
JWE decryption status:
JWT signature verification:
Nonce validation:
Authorization Server JWKS response:
Client JWKS response:
Token response:
Refresh token needed
Copy Refresh Token request
JWT header:
JWT payload:
JWT signature:
JWE protected header:
JWE encrypted key:
JWE initialization vector:
JWE ciphertext:
Decrypted JWT header:
Decrypted JWT payload:
Decrypted JWT signature:
JWE authentication tag:
JWE decryption status:
JWT signature verification:
Nonce validation:
Authorization Server JWKS response:
Client JWKS response:
JWT header:
JWT payload:
JWT signature:
JWE protected header:
JWE encrypted key:
JWE initialization vector:
JWE ciphertext:
Decrypted JWT header:
Decrypted JWT payload:
Decrypted JWT signature:
JWE authentication tag:
JWE decryption status:
JWT signature verification:
Nonce validation:
Authorization Server JWKS response:
Client JWKS response:
JWT header:
JWT payload:
JWT signature:
JWE protected header:
JWE encrypted key:
JWE initialization vector:
JWE ciphertext:
Decrypted JWT header:
Decrypted JWT payload:
Decrypted JWT signature:
JWE authentication tag:
JWE decryption status:
JWT signature verification:
Nonce validation:
Authorization Server JWKS response:
Client JWKS response:
User info URL needed Access token needed
Copy Get User Info request
Get user info response:
End session URL needed
Copy Logout URL
Revocation URL needed Access token needed
Copy Revoke Access Token request
Revocation URL needed Refresh token needed
Copy Revoke Refresh Token request
Revoke response: