(c) 2020 Martin Kuba, CESNET

This application implements an OpenID Connect (OIDC) Authorization Server (AS) that provides a constant set of users. Its original purpose was to provide a temporary OIDC AS that can be used after deployment of an OIDC client and an OIDC resource server to set them up before a real OIDC server is deployed. But it can be used for other purposes like testing.

This fake server has the following features:

• it is implemented in Java as Spring Boot application
• is deployed as JAR file executable on Linux
• implements the following grant types:
  • Implicit Grant flow (for JavaScript clients - deprecated)
  • Authorization Code flow with Proof Key for Code Exchange (for JavaScript clients - recommended)
  • Authorization Code flow without PKCE (for web server clients)
• provides the following endpoints:
  • /.well-known/openid-configuration providing metadata
  • /jwks providing JSON Web Key Set for validating cryptographic signature of id_token
  • /authorize which uses HTTP Basic Auth for asking for username and password
  • /token for exchanging authorization code for access token
  • /userinfo that provides data about the user
  • /introspection that provides access token introspection

Build and run it with:

mvn package

target/fake_oidc_server.jar

By default the application runs at TCP port 8090, uses a self-signed certificate for localhost, and there are two users with lognames "perun" and "makub", and passwords "test". This can be changed by using command line options:

target/fake_oidc_server.jar \
   --server.port=8100 \
   --server.ssl.key-store=mykeystore.p12 \
   --oidc.users.john.password=bflmpsvz \
   [email protected] \
   [email protected] \
   --oidc.users.john.given_name="John" \
   --oidc.users.john.family_name="Doe"

See all the available options in the file src/main/resources/application.yml