This is a mock implementation of an OpenID Connect (OIDC) server using Flask. It supports client_credentials
, authorization_code
, and refresh_token
grant types. The server also provides endpoints for OpenID configuration and JSON Web Key Set (JWKS).
- Authorization Endpoint: Handles authorization requests and issues authorization codes.
- Token Endpoint: Issues access tokens and refresh tokens based on authorization codes, client credentials, and refresh tokens.
- UserInfo Endpoint: Provides user information based on access tokens.
- Client Registration Endpoint: Allows dynamic registration of clients.
- JWKS Endpoint: Provides the JSON Web Key Set for token verification.
- Supports Multiple Grant Types: Supports
client_credentials
,authorization_code
, andrefresh_token
grant types. - Supports PKCE: Supports Proof Key for Code Exchange (PKCE) for authorization code flow.
- Well-Known Configuration: Provides the OpenID configuration for the server.
- Authorization Endpoint:
/authorize
- Token Endpoint:
/token
- UserInfo Endpoint:
/userinfo
- Client Registration Endpoint:
/register
- Well-Known Configuration:
/.well-known/openid-configuration
- JWKS Endpoint:
/jwks
- Python 3.7+
- Flask
- Flask-SQLAlchemy
- cryptography
- PyJWT
-
Clone the repository:
git clone https://github.com/prd1137/mock-oidc.git cd mock-oidc
-
Run the server:
python3 run.py
-
The server will start at
http://localhost:5000
.
Send a GET request to the authorization endpoint:
GET /authorize?response_type=code&client_id=your-client-id&redirect_uri=your-redirect-uri&state=random-state-string
Send a GET request to the authorization endpoint with PKCE parameters:
GET /authorize?response_type=code&client_id=your-client-id&redirect_uri=your-redirect-uri&state=random-state-string&code_challenge=code-challenge&code_challenge_method=S256
Send a POST request to the token endpoint to exchange an authorization code for tokens:
POST /token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&client_id=your-client-id&client_secret=your-client-secret&code=authorization-code
Send a POST request to the token endpoint with PKCE parameters:
POST /token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&client_id=your-client-id&client_secret=your-client-secret&code=authorization-code&code_verifier=code-verifier&redirect_uri=your-redirect-uri
Send a GET request to the userinfo endpoint with the access token:
GET /userinfo
Authorization: Bearer access-token
Send a POST request to the register endpoint to register a new client:
POST /register
Content-Type: application/json
{
"redirect_uris": "http://localhost:5000/callback"
}
Retrieve the OpenID configuration:
GET /.well-known/openid-configuration
Retrieve the JSON Web Key Set:
GET /jwks
Send a POST request to the token endpoint to refresh an access token:
POST /token
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&client_id=your-client-id&client_secret=your-client-secret&refresh_token=refresh-token