OAuth2 Debug Tool
Use this tool to test and debug the Discord OAuth2 authentication flow.
Checking...
Current Token:
No token available
Authentication Controls
Debug Log
00:00:00 OAuth Debug Tool initialized
API Endpoints
| Endpoint | Method | Description |
|---|---|---|
/api/status |
GET | Check API server status |
/api/auth/login |
GET | Get Discord OAuth2 authorization URL |
/api/auth/callback |
GET | OAuth2 callback endpoint (Discord redirects here) |
/api/auth/user |
GET | Get authenticated user information |
/api/auth/check-access |
GET | Check if user has access to a specific role |
/api/debug/oauth |
GET | Get OAuth configuration information (debug mode only) |
Common OAuth2 Issues
This error occurs when Discord doesn't recognize the redirect URI in your OAuth2 request.
Solution:
- Go to the Discord Developer Portal
- Select your application
- Go to "OAuth2" in the sidebar
- Under "Redirects", add BOTH of these URLs:
https://api.xtools.com/api/auth/callback(production)http://localhost:3000/api/auth/callback(development)
- Make sure your server's
OAUTH_REDIRECT_URIin.envmatches one of these URLs exactly
Important: The redirect URI must match EXACTLY, including protocol (http/https), any subdomains, and the path.
This error occurs when the browser can't connect to the auth server API.
Possible Solutions:
- Make sure the server is running:
node server/server.js - Check that the API URL in config.js matches your server:
- For local development:
http://localhost:3000 - For production:
https://api.xtools.com
- For local development:
- Check for CORS issues: Your server needs to allow requests from your frontend domain
- Run the redirect URI validation tool:
node server/redirect-fix.js
This happens when the state parameter used for security is invalid or expired.
Solutions:
- Clear your browser cookies and local storage
- Make sure your server's JWT_SECRET is consistent
- Check that your server's clock is accurate