BAD OpenID Connect OP (for my blog article)
Demo: https://oidcbadop-client.glitch.me/ (Actual RP is at oidcbadop.glitch.me
)
This is a malicious OpenID Connect RP demo code that has 3 scenarios:
Valid
- Return valid JWT for anyoneExpire
- Return expired certificate. Currently it will give expired before 120 sec. from request time. See also Issue 3.Algnone
- Return alg = none
JWT.This OP is intentionally configured as an open redirector. It accepts any redirect_uri
parameter on its token endpoint.
Add as normal OIDC provider with:
client_id
= testing
client_secret
= testing
Expire
can be 1 sec depth.