rcbj / oauth2-oidc-debugger Goto Github PK
View Code? Open in Web Editor NEWAn OAuth2 and OpenID Connect Debugger
Home Page: https://goo.gl/3UbeQk
License: MIT License
An OAuth2 and OpenID Connect Debugger
Home Page: https://goo.gl/3UbeQk
License: MIT License
It will need to take an x509 certificate, HMAC key, or JWKS key format as input for validation of the dsig.
When I try to start the debugger I get the following error.
git clone https://github.com/rcbj/oauth2-oidc-debugger.git
cd oauth2-oidc-debugger
docker-compose up
[+] Running 1/1
! oauth2-oidc-debugger Warning 1.5s
[+] Building 26.1s (5/9)
=> [oauth2-oidc-debugger internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 206B 0.0s
=> [oauth2-oidc-debugger internal] load .dockerignore 0.1s
=> => transferring context: 65B 0.0s
=> [oauth2-oidc-debugger internal] load metadata for docker.io/library/ruby:2.4.0-onbuild 1.5s
=> ERROR [oauth2-oidc-debugger 1/1] FROM docker.io/library/ruby:2.4.0-onbuild@sha256:0eaa2bbff1e95d17d7f992160c827cd99b582cef0055f09acae77072a9aa4c69 24.4s
=> => resolve docker.io/library/ruby:2.4.0-onbuild@sha256:0eaa2bbff1e95d17d7f992160c827cd99b582cef0055f09acae77072a9aa4c69 0.0s
=> => sha256:0eaa2bbff1e95d17d7f992160c827cd99b582cef0055f09acae77072a9aa4c69 2.42kB / 2.42kB 0.0s
=> => sha256:693502eb7dfbc6b94964ae66ebc72d3e32facd981c72995b09794f1e87bac184 51.36MB / 51.36MB 2.1s
=> => sha256:081cd4bfd5210ff69949cc356db9693d11d103cd2380117cff7d4be6966eafdf 18.54MB / 18.54MB 0.5s
=> => sha256:5d2dc01312f3714eed4630a1317629f9131f307b3fc6d83506444d3eeebc0e41 42.50MB / 42.50MB 1.5s
=> => sha256:c573a7880cfbbdce35afb825afccf924c54765aa4650b2aeae8bf3a00494487b 8.39kB / 8.39kB 0.0s
=> => sha256:54a5f7da9a4f2853a0078d1926f7dbd4d12d09b01b13da4aa808d015024419c8 129.85MB / 129.85MB 4.1s
=> => sha256:168cf3f33330209b5d659614bc0f85b33bdec178d185d6a9e439e98e2d1a3a95 203B / 203B 1.8s
=> => sha256:5edf1a65e7e1c714fbdc985045123ee8a0daba4b035e0c03d7a948d3fbda18b8 22.64MB / 22.64MB 3.1s
=> => extracting sha256:693502eb7dfbc6b94964ae66ebc72d3e32facd981c72995b09794f1e87bac184 2.5s
=> => sha256:c95fc1e51b4de1dc499978b437b947bdee884a8172ab6b5ae423c5dd00721d85 638.12kB / 638.12kB 2.6s
=> => sha256:0164b0dd2de176a552c7e00d32d23116f87d9bcf122ed0bd8c88b20f7aac98ef 160B / 160B 2.8s
=> => sha256:9763c7c578ae48b37d9b9e714c551d0916dd1ce7c73ae6693ad62e903a4d815a 186B / 186B 3.3s
=> => sha256:5e01c0c2c00740b0de4e03ec08887a7886e79b5a5ac15fb8fa49a92388769e24 126B / 126B 3.7s
=> => extracting sha256:081cd4bfd5210ff69949cc356db9693d11d103cd2380117cff7d4be6966eafdf 0.7s
=> => extracting sha256:5d2dc01312f3714eed4630a1317629f9131f307b3fc6d83506444d3eeebc0e41 1.5s
=> => extracting sha256:54a5f7da9a4f2853a0078d1926f7dbd4d12d09b01b13da4aa808d015024419c8 3.8s
=> => extracting sha256:168cf3f33330209b5d659614bc0f85b33bdec178d185d6a9e439e98e2d1a3a95 0.0s
=> => extracting sha256:5edf1a65e7e1c714fbdc985045123ee8a0daba4b035e0c03d7a948d3fbda18b8 0.8s
=> [oauth2-oidc-debugger internal] load build context 0.1s
=> => transferring context: 235.53kB 0.0s
------
> [oauth2-oidc-debugger 1/1] FROM docker.io/library/ruby:2.4.0-onbuild@sha256:0eaa2bbff1e95d17d7f992160c827cd99b582cef0055f09acae77072a9aa4c69:
------
failed to solve: failed to register layer: unlinkat /usr/share/doc/libgdbm-dev: invalid argument
git clone https://github.com/rcbj/oauth2-oidc-debugger.git
cd oauth2-oidc-debugger/client
docker build -t oauth2-oidc-debugger .
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
Install the buildx component to build images with BuildKit:
https://docs.docker.com/go/buildx/
Sending build context to Docker daemon 248.8kB
Step 1/4 : FROM ruby:2.4.0-onbuild
2.4.0-onbuild: Pulling from library/ruby
693502eb7dfb: Pull complete
081cd4bfd521: Pull complete
5d2dc01312f3: Pull complete
54a5f7da9a4f: Pull complete
168cf3f33330: Pull complete
5edf1a65e7e1: Extracting [==================================================>] 22.64MB/22.64MB
c95fc1e51b4d: Download complete
0164b0dd2de1: Download complete
9763c7c578ae: Download complete
5e01c0c2c007: Download complete
failed to register layer: unlinkat /usr/share/doc/libgdbm-dev: invalid argument
Same happens with buildx
installed.
I an running an arch linux with kernel 6.2.12. Other docker related stuff is running fine so far.
It currently assumes http://localhost:3000. Or, '/'.
I would like the /logout path to do the following:
a) display any errors that came back.
b) show the results of the state parameter validation.
c) have a button to get back to the main page.
See [1].
Reference:
[1] https://www.rfc-editor.org/rfc/rfc7662
Can you add support to set extra parameters like kc_idp_hint used by keycloak to choose the default brokered idp?
Here is the documentation: https://www.keycloak.org/docs/latest/server_admin/#default_identity_provider
Thanks
Thanks for writing this.
I am trying it out to see if my openid implementation works.
Using oidc_authorization_code_flow does not work.
There seems to be no code to retrieve the code from the uri so you can go on to the next step.
Also, I found it very difficult to work out what the redirect uri should be. I tried just /callback, but it seems a bit odd to me. The OAuth2 options (e.g. authorization_grant) seem to expect the parameters to be in window.location.hash, for some reason, instead of in query variables. But if I make the redirect url /callback#, it sort of works. Not sure why I should have to guess what the redirect uri is - surely it should be filled in automatically, as a read-only field?
Shouldn't the code also decode the oidc token returned as well?
This ticket will add a screen that allows the user to logout or end a session (ie, invalidate tokens associated with the session that the debugger has previously created).
It would be interesting to also be able to logout of sessions that were created outside of the browser, but doing this without it being confusing to the user or the logic for the rest of the debugger may be challenging.
See [1] for more information about Relaying Party initiated Logout with OIDC. The spec is only a few pages long and the call that needs to be made to the IdP is straightforward.
Populate as many of the parameters as possible from the OIDC Discovery Endpoint metadata and values collected from the user during the login process.
Reference:
[1] https://openid.net/specs/openid-connect-rpinitiated-1_0.html
[2] https://openid.net/specs/openid-connect-frontchannel-1_0.html
You can definitely see this on the JWT Deserialization page and the UserInfo page.
Same functionality that is available on the initial token endpoint results screen.
Hi,
Thank you for an amazingly useful tool!
I found the "Get Token" step failing with "invalid address" error, which looks to be ipv6 related. My machine did not have any ipv6 addresses, so not sure where the error was coming from, but looks to be a bug in ruby 2.4.0/2.4.1. supposedly fixed in 2.4.2 (not tested). I worked around it by downgrading to 2.3.0 in the Dockerfile.
Noting here in case anyone else runs into the same issue.
Thanks!
Ben
Should work from any OAuth2 authorization grant or OIDC authentication flow that involves a human user.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.