Tokens for Testing
Compatible with
* OAuth2
* OpenID Connect (OIDC)
* JOSE (Signed Access Tokens)
* JWT
* JWK
* JWS
Resources
* https://mock.pocketid.app/access_token
* https://mock.pocketid.app/authorization_header
* https://xxx.mock.pocketid.app/.well-known/openid-configuration
* https://xxx.mock.pocketid.app/.well-known/jwks.json
* https://mock.pocketid.app/key.jwk.json
* POST https://xxx.mock.pocketid.app/api/jwks
{ "kty":"EC", "crv":"P-256", "x":"xxx", "y":"yyy" }
* GET https://xxx.mock.pocketid.app/.well-known/jwks.json
Get a token
Get a verifiable access token
https://mock.pocketid.app/access_token
For example:
TOKEN=$(curl -fL https://mock.pocketid.app/access_token)
You can set the expiration (`exp`) with query parameters:
* https://mock.pocketid.app/access_token?exp=90d (+90 days)
* https://mock.pocketid.app/access_token?exp=3h (+3 hours)
* https://mock.pocketid.app/access_token?exp=15m (+15 minutes)
* https://mock.pocketid.app/access_token?exp=1565739000 (exactly 2019-08-13 5:30pm)
(you can also get the whole header)
https://mock.pocketid.app/authorization_header
For example:
HEADER=$(curl -fL https://mock.pocketid.app/authorization_header)
# Authorization: Bearer <token>
The Token, Decoded
The Token will look like this:
eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IlU1Ym0tQUxtSVFOQ3hfMlFPT1piSm5Ec0d1aEd4WkRnV053alNqck5IbzQifQ.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwODAvIiwic3ViIjoiZHVtbXkiLCJleHAiOjE1NjI4NzEyNTh9.PWK2eTDQcVCpT_weogKuh4bHInnjqY6TGSnQzwEIc133WnJ1eUmLjq799COxSW7Dr6Khm1Po-CAXGVwCADIBEw
The first part is the JWS protected header.
Decoded, it looks like this:
{"typ":"JWT","alg":"ES256","kid":"U5bm-ALmIQNCx_2QOOZbJnDsGuhGxZDgWNwjSjrNHo4"}
The second part is the JWS payload of JWT claims.
Decoded, it looks like this:
{"iss":"http://localhost:4080/","sub":"dummy","exp":1562871258}
The third part is the signature.
It can't be "decoded", per se. It's two positive 32-bit BigInts called R and S, padded with zeros to fill out all the bytes.
Validate the Issuer
The token be signed and verifiable.
If the token issuer (iss) is "https://mock.pocketid.app/"
* the key url (jwks_uri) will be found at "https://mock.pocketid.app/.well-known/openid-configuration"
* which will point to "https://mock.pocketid.app/.well-known/jwks.json"
* where there will be a key whose thumbprint (kid) matches that in the token
The public key found there will look like this:
{ "crv":"P-256"
, "x":"ToL2HppsTESXQKvp7ED6NMgV4YnwbMeONexNry3KDNQ"
, "y":"Tt6Q3rxU37KAinUV9PLMlwosNy1t3Bf2VDg5q955AGc"
}
Get the Private Key
In truth, there's only one private key right now.
https://mock.pocketid.app/key.jwk.json
You shouldn't use it for automated testing, because it will change, but it looks like this:
{ "crv":"P-256"
, "x":"ToL2HppsTESXQKvp7ED6NMgV4YnwbMeONexNry3KDNQ"
, "y":"Tt6Q3rxU37KAinUV9PLMlwosNy1t3Bf2VDg5q955AGc"
, "d":"GYAwlBHc2mPsj1lp315HbYOmKNJ7esmO3JAkZVn9nJs"
}
Sign out