Auth and security workflow notes
Auth and security tools focus on UUIDs, OTP/TOTP, JWT inspection, PKCE, authorization headers, passwords, and random strings.
Auth and security helpers are designed for local debugging and safe generation, not for replacing identity-provider logs, server validation, or secret-management procedures. Treat copied tokens, OTP secrets, and authorization headers as sensitive immediately.
- Use generated values in the correct environment and avoid pasting live production secrets into unrelated pages.
- JWT and TOTP helpers are for debugging and verification; they do not replace identity-provider logs or server-side validation.
- Copy outputs carefully and rotate any value that was shared outside its intended environment.
- Use non-production values when inspecting JWTs, TOTP setup, PKCE strings, or authorization headers.
- Rotate any generated or decoded value that was copied into an unsafe channel.