Skip to content
/ oauth2-mock Public

Simple oauth2 authorization server. Not for real authorizaton.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

leonidv/oauth2-mock

BranchesTags

Repository files navigation

OAuth2 Mock Server

A lightweight very simple OAuth2 authorization server mock.

This server is designed only for testing OAuth2 flows in development and testing environments. Another case — use this as a simple OAuth2 provider for product demonstration.

Features

  • Configurable Users: Load users from JSON configuration file with custom claims
  • Interactive User Selection: Web interface to select users during authorization
  • Access Restriction: Simple way restrict access to your demo environments.
  • Authorization Code Flow: Complete implementation of the OAuth2 authorization code grant type
  • User Info Endpoint: Retrieve user information specific to the authorized user

Authorization page

Quick Start

Run with Docker:

docker run -p 3000:3000 --name oauth2-mock leonidv/oauth2-mock:latest

And open welcome page in your browser: http://localhost:3000

Welcome page

Configuration

Copy default (embedded) configuration. Run application with new config file:

oauth2-mock --config your-config.json

Each user is described by fields:

  • login - internal login to authenticate. It is like login/password in the Google.
  • description - some information about the user. Authorization page shows the description of each user.
  • userInfo - any json object. The user_info endpoint returns this object "as-is". You can write any fields - usually same as your production OAuth2 provider.

Simple access restriction

If you use oauth2mock for a public demo stand of your application, you may want to restrict access to the application. OAuth2mock implements a simple but effective access restriction mechanism using an Access Code to process OAuth2 flow. It ensures that only users who know the correct code can access your demo stand.

Warning Do not use oauth2mock to secure your demo application if it contains any private or sensitive information.

Access code

By default restriction access is disabled. You may enabled it using configuration's section access_restriction

  • enabled Enables or disables the access restriction
  • code The access code that users must enter to make OAuth2 authorization request. Can't be empty if access restriction is enabled
  • sign_key A secret key server uses to sign authentication cookies. Must be a string with a length of more than 64 characters. An empty string is allowed, but not recommended. If empty, oauth2mock will generate sing_key on each service restart.

Generate sign-key

oauth2mock can generate good sign_key for you:

oauth2-mock generate-sign-key

Copy output string and paste into the configuration.

About

Simple oauth2 authorization server. Not for real authorizaton.

Topics

mock oauth2 testing-tools

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages