OAuth/OIDC Mock Provider
A complete mock identity provider that issues real JWTs. Test OAuth flows, token validation, and OIDC discovery without Keycloak, Auth0, or any cloud dependency.
Features
Everything you need to mock OAuth and OIDC flows for testing.
Full OAuth 2.0 Flows
Authorization Code, Client Credentials, Refresh Token, and PKCE flows. Complete OAuth provider without running Keycloak or Auth0.
OpenID Connect
OIDC-compliant discovery endpoint, ID tokens, userinfo endpoint, and JWKS. Works with any OIDC client library.
Configurable Clients & Users
Define OAuth clients with client IDs, secrets, redirect URIs, and scopes. Add mock users with custom claims.
JWT Token Generation
Issues real signed JWTs with configurable expiry, claims, and scopes. Your services validate them like production tokens.
JWKS Endpoint
Auto-generated JSON Web Key Set endpoint. Your microservices can verify token signatures without any mocking of the verification layer.
Token Introspection
RFC 7662 token introspection endpoint for opaque token validation. Supports active/inactive responses with configurable claims.
Configuration
Define your OAuth provider in YAML. Clients, users, scopes, and token settings — all in one file.
# mockd.yaml - OAuth/OIDC Mock Provider
version: "1.0"
admins:
- name: local
port: 4290
engines:
- name: default
httpPort: 4280
admin: local
workspaces:
- name: default
engines: [default]
mocks:
- id: auth-provider
workspace: default
type: oauth
oauth:
issuer: http://localhost:4280/oauth
tokenExpiry: 3600
clients:
- clientId: my-app
clientSecret: secret123
redirectUris:
- http://localhost:3000/callback
allowedScopes:
- openid
- profile
- email
- api:read
- api:write
users:
- username: testuser
password: password
email: test@example.com
claims:
name: Test User
role: adminAuto-Generated Endpoints
Once configured, mockd automatically exposes all standard OAuth 2.0 / OIDC endpoints.
| Endpoint | Path | Purpose |
|---|---|---|
| Discovery | .well-known/openid-configuration | OIDC provider metadata |
| Authorization | /oauth/authorize | Authorization Code flow start |
| Token | /oauth/token | Token exchange and refresh |
| UserInfo | /oauth/userinfo | Authenticated user claims |
| JWKS | /oauth/.well-known/jwks.json | Token signature verification |
| Introspection | /oauth/introspect | Token validation (RFC 7662) |
Use Cases
Microservice Auth Testing
Test service-to-service authentication without a real identity provider. Client Credentials flow with real JWTs.
Frontend Login Flows
Test OAuth login redirects, token exchange, and refresh flows against a local provider. No Auth0 sandbox needed.
CI/CD Without Secrets
Run integration tests with OAuth-protected APIs without storing real credentials in CI. Mock provider issues valid tokens locally.
Multi-Tenant Testing
Configure multiple OAuth clients and users to test tenant isolation, scope-based access control, and RBAC scenarios.
vs Running a Real Identity Provider
You don't need Keycloak or Auth0 for testing.
| Feature | Keycloak / Auth0 | Mockd |
|---|---|---|
| Setup time | Minutes to hours (Keycloak, Auth0) | Seconds (YAML config) |
| Dependencies | JVM + database (Keycloak), Cloud (Auth0) | Zero (single binary) |
| Memory usage | 500MB+ (Keycloak) | <30MB total |
| Token format | Real JWTs (requires full server) | Real signed JWTs (same format) |
| OIDC Discovery | Full spec support | Full .well-known/openid-configuration |
| API mocking included | No (auth only) | Yes (7 protocols + OAuth) |
Mock OAuth in Minutes, Not Hours
Stop spinning up Keycloak containers for testing. Mockd gives you a complete OAuth provider in a single binary.
curl -sSL https://get.mockd.io | sh