diff --git a/lib/livebook_web/live/app_session_live.ex b/lib/livebook_web/live/app_session_live.ex
index d924e5a4c..dee7c7145 100644
--- a/lib/livebook_web/live/app_session_live.ex
+++ b/lib/livebook_web/live/app_session_live.ex
@@ -118,6 +118,12 @@ defmodule LivebookWeb.AppSessionLive do
                 <span>View source</span>
               </.link>
             </.menu_item>
+            <.menu_item :if={@livebook_authenticated?}>
+              <.link patch={~p"/sessions/#{@session.id}"} role="menuitem">
+                <.remix_icon icon="terminal-line" />
+                <span>Debug</span>
+              </.link>
+            </.menu_item>
           </.menu>
         </div>
         <div data-el-js-view-iframes phx-update="ignore" id="js-view-iframes"></div>
diff --git a/lib/livebook_web/live/hooks/app_auth_hook.ex b/lib/livebook_web/live/hooks/app_auth_hook.ex
index cce3eac79..80e1e93f6 100644
--- a/lib/livebook_web/live/hooks/app_auth_hook.ex
+++ b/lib/livebook_web/live/hooks/app_auth_hook.ex
@@ -28,19 +28,29 @@ defmodule LivebookWeb.AppAuthHook do
   #     send it in mount connect params via the socket. Then on the
   #     server we use that token to authenticate.
   #
-  # This module defines a hook that sets the `:app_authenticated?`
-  # assign to reflect the current authentication state and also
-  # `:app_settings`. For public apps (or in case the user has full
-  # access) it is set to `true` on both dead and live render.
+  # This module defines a hook that sets the following assigns:
+  #
+  #   * `:app_authenticated?` - reflects the current authentication.
+  #     For public apps (or in case the user has full access) it is
+  #     set to `true` on both dead and live render
+  #
+  #   * `:livebook_authenticated?` - if the user has full Livebook
+  #     access
+  #
+  #   * `:app_settings` - the current app settings
+  #
 
   def on_mount(:default, %{"slug" => slug}, session, socket) do
+    livebook_authenticated? = livebook_authenticated?(session, socket)
+
+    socket = assign(socket, livebook_authenticated?: livebook_authenticated?)
+
     case Livebook.Apps.fetch_settings(slug) do
       {:ok, %{access_type: :public} = app_settings} ->
         {:cont, assign(socket, app_authenticated?: true, app_settings: app_settings)}
 
       {:ok, %{access_type: :protected} = app_settings} ->
-        app_authenticated? =
-          livebook_authenticated?(session, socket) or has_valid_token?(socket, app_settings)
+        app_authenticated? = livebook_authenticated? or has_valid_token?(socket, app_settings)
 
         {:cont,
          assign(socket, app_authenticated?: app_authenticated?, app_settings: app_settings)}