Debugging SaaS Identity Tokens

Auth0 and Firebase use JWTs to transmit identity claims. If a user can't access a specific resource, the answer is usually hidden in the payload scopes.

How-To: Audit Permissions

1. Grab the id_token or access_token from your network tab.
2. Paste it into the JWT Debugger.
3. Look for the permissions or scope keys.
4. Verify the sub (Subject) matches your database user ID.