gauth test harness
password auth, social login buttons, token inspector
How social login lands here: gauth's
/v1/auth/social/<provider>/callback
returns tokens as raw JSON directly — it doesn't redirect back to this page. Click a provider button below,
finish its consent screen, and you'll land on a plain JSON page showing access_token /
refresh_token. Copy the access_token value and paste it into
"Test a token" below to confirm it works.
Register
POST /v1/auth/register — always returns 200 regardless of whether the email is taken.
Password login
POST /v1/auth/login. If the account has TOTP enabled you'll be prompted for a code instead of getting tokens right away.
Social login
Each button is a plain link (top-level navigation) to gauth's provider start endpoint. A provider that isn't enabled/configured yet in .env returns a JSON error immediately — that's expected until you fill in its credentials.
Test a token
Calls GET /v1/auth/sessions with the token as a bearer credential — works for tokens from password login, social login, or pasted in from a social callback's raw JSON.
Decoded access token
Client-side JWT payload decode (no signature check) — just for eyeballing claims.
No token stored.