oidcbadop

BAD OpenID Connect OP (for my blog article)

Stars
0
View Code on GitHub Visit Website View on X
Ecosystems: JavaScript

BAD OpenID Connect RP Demo

Demo: https://oidcbadop-client.glitch.me/ (Actual RP is at oidcbadop.glitch.me)

This is a malicious OpenID Connect RP demo code that has 3 scenarios:

  • Valid - Return valid JWT for anyone
  • Expire - Return expired certificate. Currently it will give expired before 120 sec. from request time. See also Issue 3.
  • Algnone - Return alg = none JWT.

This OP is intentionally configured as an open redirector. It accepts any redirect_uri parameter on its token endpoint.

Usage

Add as normal OIDC provider with:

ToDo / FIXME

  • Externally controllable modification mode for test automation.
  • More modification modes. Perhaps Expire can be 1 sec depth.
  • Support more auth flow, especially Implicit Flow.
  • Persistent user-id and GDPR
Related Projects
oidc-authcode-pkce

JavaScript Library for using the OpenID Connect Authorization Code Flow (with PKCE) in modern bro...

07 Mar 2020 2
node-oidc-provider

OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js

02 Dec 2015 3,026
koa-jwt2

koa middleware that validates a JsonWebToken (JWT) and sync with express/jwt

28 Feb 2018 14
oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (co...

19 Sep 2018 582