A simple mock OpenID Connect server for development and testing purposes.
- OpenID Connect Authorization Code Flow
- PKCE Support
- JWT Token Generation
- CORS Support
- Simple Login UI
docker run -it --rm -p 8080:8080 ghcr.io/alukach/mock-oidc-server:latest-
Install dependencies:
uv sync
-
Run the server:
uv run python -m app
The server can be configured using environment variables:
ISSUER: The OIDC issuer URL, including path when served at non-root (default: http://localhost:8888)SCOPES: Additional scopes to support (comma-separated)PORT: The port to run on (default: 8888)
curl http://localhost:8888/ \
--data-raw 'username=testuser&scopes=openid+profile&claims={"email":"test@example.com"}' \
-H "Accept: application/json"The response includes the signed JWT and decoded token body:
{
"token": "eyJhbGciOiJS...",
"token_body": {
"iss": "http://localhost:8888",
"sub": "testuser",
"scope": "openid profile",
"email": "test@example.com"
}
}Open http://localhost:8888/ in your browser. Fill in the username, scopes, and any custom claims in the form, then submit to receive a signed JWT.
The server implements the standard OIDC Authorization Code Flow for use with applications that need to authenticate users:
- Your app redirects the user to
/authorizewith the required parameters (response_type=code,client_id,redirect_uri,state, and optionallyscope,nonce,code_challenge,code_challenge_method). - The user sees a login form and submits a username and optional custom claims.
- The server redirects back to your app's
redirect_uriwith an authorizationcodeandstate. - Your app exchanges the code for tokens by POSTing to
/token.
PKCE (S256) is supported.
/.well-known/openid-configuration— OIDC discovery document with all supported endpoints, scopes, and capabilities./.well-known/jwks.json— The public key set used to verify token signatures.
This is a mock server intended for development and testing purposes only. Do not use in production environments.