A few months ago Kirk Evans of Microsoft published two blog posts explaining the SharePoint tokens and then followed it up with a custom Fiddler extension he wrote that you can use to extract, decode and inspect the OAuth token used in SharePoint 2013:
- Kirk Evans: Inside SharePoint 2013 OAuth Context Tokens
- Kirk Evans: Creating a Fiddler Extension for SharePoint 2013 App Tokens
I pushed Kirk to put his extension in GitHub so others could grab the source, which he does share on his blog, but could also log issues, enhancements as well as fork it to improve it. Kirk asked me to post it to GitHub for him, so I’ve done just that at the following URL. Please fork and contribute to the project!
- GitHub: SPOAuthFiddlerExt (SharePoint OAuth Fiddler Extension)