README
¶
fake-jwt-server 
⚠ This service is for local/development use only.
Small HTTP service that is meant to approximate some parts of the Auth0 browser based authentication flow for generating JSON Web Tokens (JWTs), to make development easier.
- can use either the provided RSA key in
private.pemfor signing JWTs, or one randomly generated at startup - serves a JSON Web Key Set (JWKS) at
/.well-known/jwks.json /authorizeoffers up a HTML form for generating JWTs, that can also be prefilled with values from query parametersPOSTing to/authorizewill respond with the signed JWTPOSTing to/authorize?redirect_uri=...will redirect to the specifiedredirect_uriwith the JWT in theaccess_tokenfield of thelocation.hash
Quickstart
go run cmd/fake-jwt-server/main.go
The server will listen on http://0.0.0.0:8080. To use a newly generated RSA key for the JWKS:
FAKE_JWT_SERVER_GENERATE_RSA_KEY=true go run cmd/fake-jwt-server/main.go
You could get a signed JWT that expires in ~1 year like so.
curl -X POST \
-H "Content-Type: multipart/form-data" \
-F "sub=auth0|fb8618e6-8639-454d-9f94-4496b0b224a8" \
-F "scope=openid profile email" \
-F "iat=$(date +%s)" \
-F "exp=$(($(date +%s) + 31536000))" \
-F "iss=http://localhost:8080" \
-F "azp=example-azp" \
-F "aud=http://localhost:3000" \
http://localhost:8080/authorize
Directories
Click to show internal directories.
Click to hide internal directories.