A few months ago Kirk Evans of Microsoft published two blog posts explaining the SharePoint tokens and then followed it up with a custom Fiddler extension he wrote that you can use to extract, decode and inspect the OAuth token used in SharePoint 2013:
- Kirk Evans: Inside SharePoint 2013 OAuth Context Tokens (link no longer available)
- Kirk Evans: Creating a Fiddler Extension for SharePoint 2013 App Tokens (link no longer available)

Fiddler Extension
I pushed Kirk to put his extension in GitHub so others could grab the source, which he does share on his blog, but could also log issues, enhancements as well as fork it to improve it. Kirk asked me to post it to GitHub for him, so I’ve done just that at the following URL. Please fork and contribute to the project!
- GitHub: SPOAuthFiddlerExt (SharePoint OAuth Fiddler Extension)

Microsoft MVP, Full-Stack Developer & Chief Course Artisan - Voitanos LLC.
Andrew Connell is a full stack developer who focuses on Microsoft Azure & Microsoft 365. He’s a 20+ year recipient of Microsoft’s MVP award and has helped thousands of developers through the various courses he’s authored & taught. Whether it’s an introduction to the entire ecosystem, or a deep dive into a specific software, his resources, tools, and support help web developers become experts in the Microsoft 365 ecosystem, so they can become irreplaceable in their organization.