Skip to content

ldaIas/simple-auth-server

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Mock OAuth 2.0 Server

A lightweight mock OAuth 2.0 authorization server for local development and testing token refresh flows.

All state is held in memory — restarting the server clears all tokens.

Setup

npm install
npm start

The server runs on http://localhost:9090 by default. Set the PORT environment variable to override.

Endpoints

GET /authorize

Issues an authorization code and redirects back to the client. Auto-approves all requests (no login screen).

Query Param Required Description
response_type Yes Must be code
client_id Yes Any client identifier string
redirect_uri Yes Where to redirect with the auth code
state No Opaque value passed back to client

POST /token

Exchanges credentials for tokens. Supports three grant types:

grant_type=authorization_code — exchange an auth code for an access + refresh token pair.

Body Param Required Description
grant_type Yes authorization_code
code Yes The authorization code
client_id Yes Must match original
redirect_uri Yes Must match original

grant_type=client_credentials — get an access token directly (no refresh token).

Body Param Required Description
grant_type Yes client_credentials
client_id Yes Any client identifier
scope No Defaults to read

grant_type=refresh_token — exchange a refresh token for a new token pair. The old tokens are invalidated.

Body Param Required Description
grant_type Yes refresh_token
refresh_token Yes A valid refresh token
client_id Yes Must match original

Token expiration is done in store.js#createTokenPair

GET /resource

A protected endpoint that validates the bearer token.

Authorization: Bearer <access_token>

Returns 200 with sample data on success, 401 if the token is missing, invalid, or expired.

GET /debug/store

Dumps the current in-memory state of all auth codes, access tokens, and refresh tokens. Useful for debugging.

Token Lifetimes

Token Lifetime
Auth code 30s
Access token 10s
Refresh token 30s

Testing

A test script is included that walks through the full OAuth flow:

# In one terminal, start the server
npm start

# In another terminal, run the test
bash test-client.sh

About

simple oauth auth and resource server to mess with token validation

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors