Show HN: Dev SSO IdP, a mock single sign-on provider as a development aide https://ift.tt/Z9knTIr

Ads by Eonads

Show HN: Dev SSO IdP, a mock single sign-on provider as a development aide Hi HN! This project grew out of my want for the development of my web UIs to not get hung up on integration with OpenID Connect single sign-on. SSO was only available in our stage and prod environments. Getting this integration laid down and tested fast, without having to jury-rig something in stage, would've been huge. And so I decided to build a solution myself. Hence, Dev SSO IdP. The vision for it is to mock all the features of an OIDC SSO server that would be pertinent to the development of web apps. To try it out: 1) Create a file called `.production.env` and paste in it the following 2 lines to start with: DEVSSOIDP_PERCENT_ENCODED_REDIRECT_URIS=http%3A%2F%2Flocalhost%3A5173 DEVSSOIDP_CLIENT_IDS=my_cool_app 2a) (with Node) Clone the repo with `git clone https://ift.tt/WJ2cSZw `, then overwrite the project's `.production.env` with yours, then in the project's folder run `npm install`, then `npm start` 2b) (with Docker) Run `docker run -p 3000:3000 --rm --env-file .production.env bmcase/devssoidp:1.0.0` You can then see it at (and have your app redirect to) http://localhost:3000/authorize?response_type=code&client_id... You can add or change environment variables in `.production.env` in the likely case that its defaults don't apply to you. The GitHub readme goes into more detail on all of this. They say "be flexible in what you accept and strict in what you output". But Dev SSO IdP is intentionally strict in what it accepts so that I could catch issues faster. It raises an alarm in dev so you don't later get one in prod. This version I am comfortable designating v1.0.0. It has all the features needed for the OIDC code flow. I'd appreciate any advice, and in particular am interested in: * Would this actually be useful in your projects? Is there anything else it would need? * Do you use the OIDC implicit flow? I've never had reason to, and I understand it's regarded as a bad practice. But I worry I may be in a bubble and so I want to know if there's in fact a lot of folks out there who use the implicit flow. Aside, I'm open to work, and would be interested in bringing my full stack skills to your team (or the team of someone you want to do a favor for), in the Austin TX area or remotely. I'm happy to hear from you by email (ben@benswords.com) or LinkedIn ( https://ift.tt/m0cGkW5 ). https://ift.tt/a8LHGr5 February 14, 2025 at 01:53AM