diff --git a/backend/WorkClub.Api/Program.cs b/backend/WorkClub.Api/Program.cs
index 4a686e9..3986432 100644
--- a/backend/WorkClub.Api/Program.cs
+++ b/backend/WorkClub.Api/Program.cs
@@ -143,8 +143,25 @@ app.MapGet("/weatherforecast", () =>
 })
 .WithName("GetWeatherForecast");
 
-app.MapGet("/api/test", () => Results.Ok(new { message = "Test endpoint" }))
-    .RequireAuthorization();
+app.MapGet("/api/debug/claims", (HttpContext context) =>
+{
+    var claims = context.User.Claims.Select(c => new { c.Type, c.Value }).ToList();
+    var realmAccess = context.User.FindFirst("realm_access")?.Value;
+    
+    // Check if the authorization header is present
+    var authHeader = context.Request.Headers["Authorization"].FirstOrDefault();
+    
+    return Results.Ok(new 
+    { 
+        isAuthenticated = context.User.Identity?.IsAuthenticated ?? false,
+        authenticationType = context.User.Identity?.AuthenticationType,
+        claimCount = claims.Count,
+        claims = claims,
+        realmAccess = realmAccess,
+        hasAuthHeader = !string.IsNullOrEmpty(authHeader),
+        authHeaderPrefix = authHeader?.Substring(0, Math.Min(20, authHeader?.Length ?? 0))
+    });
+}).RequireAuthorization();
 
 app.MapTaskEndpoints();
 app.MapShiftEndpoints();