rcbj / oauth2-oidc-debugger Goto Github PK
View Code? Open in Web Editor NEWAn OAuth2 and OpenID Connect Debugger
Home Page: https://goo.gl/3UbeQk
License: MIT License
oauth2-oidc-debugger's Issues
Add support for token exchange protocol with JWT & SAML Input tokens
Add JWT JWS Validation option to the JWT Deserialization Page.
It will need to take an x509 certificate, HMAC key, or JWKS key format as input for validation of the dsig.
When trying to build the docker container"failed to register layer: unlinkat /usr/share/doc/libgdbm-dev: invalid argument"
When I try to start the debugger I get the following error.
docker compose
git clone https://github.com/rcbj/oauth2-oidc-debugger.git
cd oauth2-oidc-debugger
docker-compose up
[+] Running 1/1
! oauth2-oidc-debugger Warning 1.5s
[+] Building 26.1s (5/9)
=> [oauth2-oidc-debugger internal] load build definition from Dockerfile 0.1s
=> => transferring dockerfile: 206B 0.0s
=> [oauth2-oidc-debugger internal] load .dockerignore 0.1s
=> => transferring context: 65B 0.0s
=> [oauth2-oidc-debugger internal] load metadata for docker.io/library/ruby:2.4.0-onbuild 1.5s
=> ERROR [oauth2-oidc-debugger 1/1] FROM docker.io/library/ruby:2.4.0-onbuild@sha256:0eaa2bbff1e95d17d7f992160c827cd99b582cef0055f09acae77072a9aa4c69 24.4s
=> => resolve docker.io/library/ruby:2.4.0-onbuild@sha256:0eaa2bbff1e95d17d7f992160c827cd99b582cef0055f09acae77072a9aa4c69 0.0s
=> => sha256:0eaa2bbff1e95d17d7f992160c827cd99b582cef0055f09acae77072a9aa4c69 2.42kB / 2.42kB 0.0s
=> => sha256:693502eb7dfbc6b94964ae66ebc72d3e32facd981c72995b09794f1e87bac184 51.36MB / 51.36MB 2.1s
=> => sha256:081cd4bfd5210ff69949cc356db9693d11d103cd2380117cff7d4be6966eafdf 18.54MB / 18.54MB 0.5s
=> => sha256:5d2dc01312f3714eed4630a1317629f9131f307b3fc6d83506444d3eeebc0e41 42.50MB / 42.50MB 1.5s
=> => sha256:c573a7880cfbbdce35afb825afccf924c54765aa4650b2aeae8bf3a00494487b 8.39kB / 8.39kB 0.0s
=> => sha256:54a5f7da9a4f2853a0078d1926f7dbd4d12d09b01b13da4aa808d015024419c8 129.85MB / 129.85MB 4.1s
=> => sha256:168cf3f33330209b5d659614bc0f85b33bdec178d185d6a9e439e98e2d1a3a95 203B / 203B 1.8s
=> => sha256:5edf1a65e7e1c714fbdc985045123ee8a0daba4b035e0c03d7a948d3fbda18b8 22.64MB / 22.64MB 3.1s
=> => extracting sha256:693502eb7dfbc6b94964ae66ebc72d3e32facd981c72995b09794f1e87bac184 2.5s
=> => sha256:c95fc1e51b4de1dc499978b437b947bdee884a8172ab6b5ae423c5dd00721d85 638.12kB / 638.12kB 2.6s
=> => sha256:0164b0dd2de176a552c7e00d32d23116f87d9bcf122ed0bd8c88b20f7aac98ef 160B / 160B 2.8s
=> => sha256:9763c7c578ae48b37d9b9e714c551d0916dd1ce7c73ae6693ad62e903a4d815a 186B / 186B 3.3s
=> => sha256:5e01c0c2c00740b0de4e03ec08887a7886e79b5a5ac15fb8fa49a92388769e24 126B / 126B 3.7s
=> => extracting sha256:081cd4bfd5210ff69949cc356db9693d11d103cd2380117cff7d4be6966eafdf 0.7s
=> => extracting sha256:5d2dc01312f3714eed4630a1317629f9131f307b3fc6d83506444d3eeebc0e41 1.5s
=> => extracting sha256:54a5f7da9a4f2853a0078d1926f7dbd4d12d09b01b13da4aa808d015024419c8 3.8s
=> => extracting sha256:168cf3f33330209b5d659614bc0f85b33bdec178d185d6a9e439e98e2d1a3a95 0.0s
=> => extracting sha256:5edf1a65e7e1c714fbdc985045123ee8a0daba4b035e0c03d7a948d3fbda18b8 0.8s
=> [oauth2-oidc-debugger internal] load build context 0.1s
=> => transferring context: 235.53kB 0.0s
------
> [oauth2-oidc-debugger 1/1] FROM docker.io/library/ruby:2.4.0-onbuild@sha256:0eaa2bbff1e95d17d7f992160c827cd99b582cef0055f09acae77072a9aa4c69:
------
failed to solve: failed to register layer: unlinkat /usr/share/doc/libgdbm-dev: invalid argumentdocker
git clone https://github.com/rcbj/oauth2-oidc-debugger.git
cd oauth2-oidc-debugger/client
docker build -t oauth2-oidc-debugger .
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
Install the buildx component to build images with BuildKit:
https://docs.docker.com/go/buildx/
Sending build context to Docker daemon 248.8kB
Step 1/4 : FROM ruby:2.4.0-onbuild
2.4.0-onbuild: Pulling from library/ruby
693502eb7dfb: Pull complete
081cd4bfd521: Pull complete
5d2dc01312f3: Pull complete
54a5f7da9a4f: Pull complete
168cf3f33330: Pull complete
5edf1a65e7e1: Extracting [==================================================>] 22.64MB/22.64MB
c95fc1e51b4d: Download complete
0164b0dd2de1: Download complete
9763c7c578ae: Download complete
5e01c0c2c007: Download complete
failed to register layer: unlinkat /usr/share/doc/libgdbm-dev: invalid argumentSame happens with buildx installed.
I an running an arch linux with kernel 6.2.12. Other docker related stuff is running fine so far.
Update Logout Functionality to use http://localhost:3000/logout as the default Logout URL
It currently assumes http://localhost:3000. Or, '/'.
I would like the /logout path to do the following:
a) display any errors that came back.
b) show the results of the state parameter validation.
c) have a button to get back to the main page.
Add support for Token Introspection Endpoint (RFC 7662)
See [1].
Reference:
[1] https://www.rfc-editor.org/rfc/rfc7662
Support for default IDP using Keycloak as Identity Broker
Can you add support to set extra parameters like kc_idp_hint used by keycloak to choose the default brokered idp?
Here is the documentation: https://www.keycloak.org/docs/latest/server_admin/#default_identity_provider
Thanks
oidc_authorization_code_flow does not work, and redirect_uri should be provided
Thanks for writing this.
I am trying it out to see if my openid implementation works.
Using oidc_authorization_code_flow does not work.
There seems to be no code to retrieve the code from the uri so you can go on to the next step.
Also, I found it very difficult to work out what the redirect uri should be. I tried just /callback, but it seems a bit odd to me. The OAuth2 options (e.g. authorization_grant) seem to expect the parameters to be in window.location.hash, for some reason, instead of in query variables. But if I make the redirect url /callback#, it sort of works. Not sure why I should have to guess what the redirect uri is - surely it should be filled in automatically, as a read-only field?
Shouldn't the code also decode the oidc token returned as well?
Add support for OIDC RP-Initiated (Front-Channel) Logout Spec
This ticket will add a screen that allows the user to logout or end a session (ie, invalidate tokens associated with the session that the debugger has previously created).
It would be interesting to also be able to logout of sessions that were created outside of the browser, but doing this without it being confusing to the user or the logic for the rest of the debugger may be challenging.
See [1] for more information about Relaying Party initiated Logout with OIDC. The spec is only a few pages long and the call that needs to be made to the IdP is straightforward.
Populate as many of the parameters as possible from the OIDC Discovery Endpoint metadata and values collected from the user during the login process.
Reference:
[1] https://openid.net/specs/openid-connect-rpinitiated-1_0.html
[2] https://openid.net/specs/openid-connect-frontchannel-1_0.html
Add flag to toggle between frontend and backend token endpoint calls
Most pages go blank if the browser tab is more than 900 pixels wide
You can definitely see this on the JWT Deserialization page and the UserInfo page.
Correctly display authorization endpoint errors
Add JWT display option to refresh_token results screen
Same functionality that is available on the initial token endpoint results screen.
Hide Token Endpoint pane after getting result.
Ruby 2.4.0 "invalid address" error in in6_addr
Hi,
Thank you for an amazingly useful tool!
I found the "Get Token" step failing with "invalid address" error, which looks to be ipv6 related. My machine did not have any ipv6 addresses, so not sure where the error was coming from, but looks to be a bug in ruby 2.4.0/2.4.1. supposedly fixed in 2.4.2 (not tested). I worked around it by downgrading to 2.3.0 in the Dockerfile.
Noting here in case anyone else runs into the same issue.
Thanks!
Ben
Add option to submit client_id & client_secret via Authorization header to token endpoint
Add Custom Parameters to Token Endpoint call
correctly display refresh grant errors
Have the Logout pane be invisible on the debugger2 page until a set of tokens have been obtained.
Create website logo & theme
Add a site users counter to display on front page.
Add support for OIDC UserInfo Endpoint
Should work from any OAuth2 authorization grant or OIDC authentication flow that involves a human user.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.