sso-dev

Static OIDC Issuer

github.com/savvi-legal/sso-dev

A real, working OpenID Connect Configuration for Development
(host statically on GitHub Pages, or wherever)

Usage

Add any of these issuers to your web app’s OpenID issuer whitelist:

Then sign a token (with the corresponding key) and run with it:

keypairs sign --exp 1h ./key.ec.jwk.json \
    '{
        "issuer": "https://sso-dev.savvi.legal"
        "sub": "me@example.com"
    }' \
    > token.jwt \
    2> sig.jws

curl https://example.com/api/profile \
    -H "Authorization: Bearer $(cat ./token.jwt)"

Directory Structure

From the root of https://sso-dev.savvi.legal
(also https://savvi-legal.github.io/sso-dev/)


.
├── key.ec.jwk.json
├── key.rsa.jwk.json
├── .well-known/
│   ├── jwks.json
│   └── openid-configuration
│
├── staging/
│   ├── key.ec.jwk.json
│   ├── key.rsa.jwk.json
│   │
│   └── .well-known/
│       ├── jwks.json
│       └── openid-configuration
│
├── dev/
│   └── .well-known/
│       ├── jwks.json
│       └── openid-configuration
├── ec/
│   └── .well-known/
│       ├── jwks.json
│       └── openid-configuration
└── rsa/
    └── .well-known/
        ├── jwks.json
        └── openid-configuration

Make it Yours

If you’d like to have your own test domain:

  1. DO NOT PUBLISH production keys
  2. Set a CNAME record
    <your-org>.github.io for <subdomain>.<your-org>.com
  3. Set the ./CNAME file to <subdomain>.<your-org>.com
  4. Install keypairs
    (because it’s easy and cross-platform) 
     curl -sS https://webi.sh/keypairs | sh
 source ~/.config/envman/PATH.env
  5. Replace the originals with your own keys
    (uses keypairs in the script) 
     rm -rf *.jwk.json ./ec/ ./rsa/ ./dev/ ./staging/
 ./bin/generate-keys https://sso-dev.savvi.legal
  6. Host on GitHub Pages (or wherever)
    Settings => Pages => Branch: main

LICENSE

Public Domain via CC0-1.0

This site is open source. Improve this page.