AuthTester

Coming soon: AuthTester - an OAuth and OpenID Connect debugging and test tool.

Test your client application against a vanilla protocol implementation, without the need for any complicated setup. Just point an authorization request at it, and start testing.

• Learn OAuth and OpenID Connect with hands-on testing
• Debug why your integration isn't working (protocol issues) or test how your web apps and APIs handle failure scenarios
• Fully configurable access token and identity token JWT payloads
• Protocol validation for OAuth 2.0, OAuth 2.1, and OpenID Connect 1.0
• No client registration required - everything is handled in the browser via authorization request

Protocol support

It is still early days, but here are the parts of the specs that are currently implemented:

• Authorization request:
  • Response types: ✅ code
  • Response modes: ✅ query
  • Scopes: ✅ openid, 📝 custom
  • Supported parameters: client_id, response_type, redirect_uri, scope, state, nonce, code_challenge, code_challenge_method, response_mode
• Authorization response:
  • Supported parameters: state, code, error, error_description
• Token request:
  • Grant types: ✅ authorization_code
  • Client authentication: ✅ none, ✅ client_secret_post, ✅ client_secret_basic
  • Supported parameters: client_id, client_secret, scope, code, grant_type, code_verifier
• Token response:
  • Token types: ✅ JWT access token profile (rfc9068), 📝 custom JWT
  • Supported parameters: scope, error, error_description, access_token, token_type, expires_in, id_token
• Discovery:
  • ✅ OpenID Connect Discovery Document
  • ✅ OAuth 2.0 Authorization Server Metadata

Sneak Peek

• OAuth request request
• OpenID Connect test request
• Test using ASP.NET Core OIDC authentication handler