gauth test harness

password auth, social login buttons, token inspector

How social login lands here: gauth's /v1/auth/social/<provider>/callback returns tokens as raw JSON directly — it doesn't redirect back to this page. Click a provider button below, finish its consent screen, and you'll land on a plain JSON page showing access_token / refresh_token. Copy the access_token value and paste it into "Test a token" below to confirm it works.
No token stored

Register

POST /v1/auth/register — always returns 200 regardless of whether the email is taken.

Password login

POST /v1/auth/login. If the account has TOTP enabled you'll be prompted for a code instead of getting tokens right away.

Social login

Each button is a plain link (top-level navigation) to gauth's provider start endpoint. A provider that isn't enabled/configured yet in .env returns a JSON error immediately — that's expected until you fill in its credentials.

Test a token

Calls GET /v1/auth/sessions with the token as a bearer credential — works for tokens from password login, social login, or pasted in from a social callback's raw JSON.

Decoded access token

Client-side JWT payload decode (no signature check) — just for eyeballing claims.

No token stored.