Privacy while debugging: avoid leaking secrets by accident
Practical checklist: tokens, headers, logs, screen sharing, extensions, and how to redact data in tickets.
How to use this guide well
These guides are more useful when you read them as operational help, not as filler documentation.
Do not read linearly if you do not need to. Jump to the section that looks closest to the incident, payload, or config you are debugging.
The useful part is usually in the caveat, not in the snippet itself: timezone, dialect, schema, audience, type inference, or portability.
Once the reasoning is clear, use the related tool to inspect the real value, payload, or expression instead of working from memory.
What you will find in this guide
A quick scan before you dive in.
3
0
security, privacy, debugging
Apply this guide in 3 steps
A short workflow tuned to the type of issue this guide covers.
Remove the Bearer prefix, inspect exp, nbf, iss, aud, and roles before assuming the backend is wrong.
Separate decode from verify. A readable payload is not proof that the token is valid for your API or environment.
Validate issuer, audience, key rotation, and clock skew against the service that is actually rejecting the request.
Local helps, but it is not magic
Local processing reduces exposure, but your environment still matters: extensions, screen sharing, logs, etc.
Related tools
Use the matching tool when you want to validate or reproduce the issue described in this guide.
Keep exploring this topic
Move between deep guides and shorter task-focused articles so the site works like a connected knowledge base, not a dead end.
Practical guide: why JSON breaks, real examples, common mistakes, debugging tips, and FAQ.
Clear explanation: what decoding tells you, what you cannot know without signature verification, examples, pitfalls, and FAQ.
A repeatable workflow to debug login/401 issues: clean token, inspect claims, convert exp, format errors, isolate root causes.
Real snippets to extract JWT header/payload (Base64URL) and read claims. Useful for debugging; not a replacement for verification.
Real snippets to validate JSON and produce readable output (pretty print). Includes dependencies when the language has no built-in JSON.
Practical Base64 snippets for UTF-8 text. Includes notes to avoid common bytes vs strings mistakes.