Debugs authentication token errors (JWT validation, OAuth token issues, expiry, signature, refresh flows). Do NOT use for CORS, session auth, or authorization logic.
Diagnose and fix token-related failures including expiry, signature errors, and claim mismatches.
| Variable | Type | Req | Description |
|---|---|---|---|
tech_stack | string | Yes | e.g., "Node.js + jsonwebtoken" |
token_type | string | Yes | JWT, OAuth2, API Key, etc. |
error_message | string | Yes | e.g., "TokenExpiredError" |
token_payload | string | No | Decoded payload (omit sensitive data) |
httpOnly cookies, and explicit claim verification.| Case | Strategy |
|---|---|
| No Payload | Provide decode command; describe validation flow failure points. |
| Clock Skew | Recommend clockTolerance settings in validation libraries. |
| Key Rotation | Recommend JWKS endpoint integration for dynamic keys. |
flowchart TD
A([Start: Token Debugging]) --> B[Parse inputs]
B --> C{Payload available?}
C -- No --> D[Provide decode command]
D --> E[Describe validation flow]
C -- Yes --> F[Classify Error]
F --> G{Type?}
G -- TokenExpired --> H[Check exp vs now/clock skew]
G -- InvalidSignature --> I[Verify keys/rotation]
G -- InvalidAud/Iss --> J[Update generation]
G -- RefreshExpired --> K[Implement rotation/revocation]
G -- Malformed --> L[Validate base64url/segments]
H & I & J & K & L --> M[Root Cause Analysis]
M --> N[Apply targeted fix]
N --> O[Security Hardening]
O --> P[Write tests]
P --> Q([Output: 5 Sections + Fix + Tests])
@upstash/context7-mcp: Library documentation and examples.| Version | Date | Description |
|---|---|---|
| 1.1.0 | 2026-03-20 | Restructured: moved examples, references, added compatibility/license |
| 1.0.0 | 2026-03-20 | Initial release |