MCPLab

App

OAuth Debugger

Debug OAuth 2.0 authorization flows for MCP servers step by step.

What OAuth Debugger Does

OAuth Debugger helps you inspect OAuth 2.0 authorization-code flows for MCP servers configured in your MCPLab libraries.

It walks through setup, authorization, token exchange, and validation with live logs so you can find configuration and protocol issues quickly.

  • Guided flow: Configure Debug Session -> Run / Inspect Flow -> Report / Export.
  • Supports pre-registered clients, DCR (Dynamic Client Registration), and CIMD (Client ID Metadata Document) registration methods.
  • Includes network inspector, validation findings, and exportable traces.

Before You Start

OAuth Debugger shows servers that are configured with OAuth 2.0 auth in your Libraries.

If no servers appear, add or update a server in Library / Servers with OAuth 2.0 settings first.

  • Open the app with `npx @inspectr/mcplab app`.
  • In the sidebar, open Lab -> OAuth Debugger.
  • Ensure your server config includes OAuth authorization-code fields.

Run a Debug Session

Create a session, start the flow, complete browser authorization, then inspect results.

  • Select target MCP server (OAuth-enabled only).
  • Choose registration method: pre_registered, dcr (Dynamic Client Registration), or cimd (Client ID Metadata Document).
  • Set runtime options like redirect mode and PKCE.
  • Start session and open the generated authorization URL.
  • If required, paste the final redirect URL in manual callback mode.
  • Review step states, event stream, and request/response inspector.

Inspect and Export Results

After completion (or failure), use Report / Export to review summarized values, validation findings, and full traces.

  • Export formats: JSON, Markdown, and raw trace.
  • Review key values like issuer, redirect URI, scopes, token endpoint status, and token type.
  • Copy access token from report when visible and use it for CLI runs.
run eval with OAuth token from debugger
npx @inspectr/mcplab run -c eval.yaml --oauth-token my-server=<access-token>

Common Issues

  • No server listed: verify server auth is OAuth 2.0 in Library / Servers.
  • Waiting for callback: complete authorization in browser or submit manual callback URL.
  • Token exchange errors: verify token endpoint, client auth method, and redirect URI.
  • Validation warnings: use spec reference links and apply suggested improvements from findings.