Skip to content

A simple OpenID Connect Authorization Server that provides a single user

License

Notifications You must be signed in to change notification settings

CESNET/fake-oidc-server

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Fake OpenID Connect Authorization Server

(c) 2020 Martin Kuba, CESNET

This application implements an OpenID Connect (OIDC) Authorization Server (AS) that provides a constant set of users. Its original purpose was to provide a temporary OIDC AS that can be used after deployment of an OIDC client and an OIDC resource server to set them up before a real OIDC server is deployed. But it can be used for other purposes like testing.

This fake server has the following features:

  • it is implemented in Java as Spring Boot application
  • is deployed as JAR file executable on Linux
  • implements the following grant types:
    • Implicit Grant flow (for JavaScript clients - deprecated)
    • Authorization Code flow with Proof Key for Code Exchange (for JavaScript clients - recommended)
    • Authorization Code flow without PKCE (for web server clients)
  • provides the following endpoints:
    • /.well-known/openid-configuration providing metadata
    • /jwks providing JSON Web Key Set for validating cryptographic signature of id_token
    • /authorize which uses HTTP Basic Auth for asking for username and password
    • /token for exchanging authorization code for access token
    • /userinfo that provides data about the user
    • /introspection that provides access token introspection

Build and run it with:

mvn package

target/fake_oidc_server.jar

By default the application runs at TCP port 8090, uses a self-signed certificate for localhost, and there are two users with lognames "perun" and "makub", and passwords "test". This can be changed by using command line options:

target/fake_oidc_server.jar \
   --server.port=8100 \
   --server.ssl.key-store=mykeystore.p12 \
   --oidc.users.john.password=bflmpsvz \
   --oidc.users.john.sub=0001@example.com \
   --oidc.users.john.email=john.doe@example.com \
   --oidc.users.john.given_name="John" \
   --oidc.users.john.family_name="Doe"

See all the available options in the file src/main/resources/application.yml