{"id":23521247,"url":"https://github.com/leplusorg/openid-connect-provider-debugger","last_synced_at":"2026-05-31T06:00:42.889Z","repository":{"id":43453301,"uuid":"263981074","full_name":"leplusorg/openid-connect-provider-debugger","owner":"leplusorg","description":"Multi-platform Docker image to test OpenID Connect Providers (OP) using a simple Relying Party (RP).","archived":false,"fork":false,"pushed_at":"2026-05-30T00:39:03.000Z","size":864,"stargazers_count":20,"open_issues_count":2,"forks_count":8,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-30T02:14:05.640Z","etag":null,"topics":["authentication","authentication-flow","debugging-tool","identity-provider","identityprovider","idp","keycloak","nginx","oauth2","op","openid","openid-client","openid-connect","openidconnect","openidconnect-client","openresty","relying-party","relyingparty","rp","testing-tools"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/leplusorg/openid-connect-provider-debugger","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/leplusorg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-05-14T17:28:25.000Z","updated_at":"2026-05-30T00:39:06.000Z","dependencies_parsed_at":"2023-02-15T13:55:43.453Z","dependency_job_id":"4a742af3-df2e-4629-b3d4-2a726880897b","html_url":"https://github.com/leplusorg/openid-connect-provider-debugger","commit_stats":{"total_commits":134,"total_committers":3,"mean_commits":"44.666666666666664","dds":0.02238805970149249,"last_synced_commit":"1f889d3529e5a807e924dfaa2198fddb4e83f997"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/leplusorg/openid-connect-provider-debugger","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leplusorg%2Fopenid-connect-provider-debugger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leplusorg%2Fopenid-connect-provider-debugger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leplusorg%2Fopenid-connect-provider-debugger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leplusorg%2Fopenid-connect-provider-debugger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/leplusorg","download_url":"https://codeload.github.com/leplusorg/openid-connect-provider-debugger/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leplusorg%2Fopenid-connect-provider-debugger/sbom","scorecard":{"id":590236,"data":{"date":"2025-08-19T16:11:14Z","repo":{"name":"github.com/leplusorg/openid-connect-provider-debugger","commit":"b292a605b83ffc4a4be31ae045f6175678b4c324"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":7.4,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/24 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":10,"reason":"all dependencies are pinned","details":["Info:  19 out of  19 GitHub-owned GitHubAction dependencies pinned","Info:  17 out of  17 third-party GitHubAction dependencies pinned","Info:   2 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'packages' permission set to 'read': .github/workflows/codeql-analysis.yml:27","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:30","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:31","Info: jobLevel 'actions' permission set to 'read': .github/workflows/devskim.yml:24","Info: jobLevel 'contents' permission set to 'read': .github/workflows/devskim.yml:25","Info: jobLevel 'contents' permission set to 'read': .github/workflows/super-linter.yml:40","Info: jobLevel 'packages' permission set to 'read': .github/workflows/super-linter.yml:41","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/super-linter.yml:42","Warn: topLevel 'actions' permission set to 'write': .github/workflows/automerge.yml:6","Warn: topLevel 'contents' permission set to 'write': .github/workflows/automerge.yml:7","Info: found token with 'none' permissions: .github/workflows/codeql-analysis.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:6","Info: found token with 'none' permissions: .github/workflows/devskim.yml:1","Info: found token with 'none' permissions: .github/workflows/dockerhub.yml:1","Info: found token with 'none' permissions: .github/workflows/msdo.yml:1","Warn: topLevel 'security-events' permission set to 'write': .github/workflows/osv-scanner.yml:26","Info: topLevel 'contents' permission set to 'read': .github/workflows/osv-scanner.yml:28","Info: topLevel 'actions' permission set to 'read': .github/workflows/osv-scanner.yml:30","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:12","Info: found token with 'none' permissions: .github/workflows/super-linter.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/update-prs.yml:12"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (7) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-build-push.yml:16"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"7 out of 7 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":3,"reason":"project has 1 contributing companies or organizations -- score normalized to 3","details":["Info: found contributions from: leplusorg"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-20T21:40:46.494Z","repository_id":43453301,"created_at":"2025-08-20T21:40:46.494Z","updated_at":"2025-08-20T21:40:46.494Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33720897,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authentication-flow","debugging-tool","identity-provider","identityprovider","idp","keycloak","nginx","oauth2","op","openid","openid-client","openid-connect","openidconnect","openidconnect-client","openresty","relying-party","relyingparty","rp","testing-tools"],"created_at":"2024-12-25T17:11:29.313Z","updated_at":"2026-05-31T06:00:42.881Z","avatar_url":"https://github.com/leplusorg.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OpenID Connect provider debugger\n\nMulti-platform Docker image to test and troubleshoot OpenID Connect (OIDC)\nProviders (OP). This containers provides a minimalist Relying Party\n(RP) with verbose logs enabled including all HTTP requests and\nresponses. Used in conjunction with the network logs of your web\nbrowser, it provides a full picture of the OP's behavior to help\nunderstand and troubleshoot the OIDC flow.\n\n[![Dockerfile](https://img.shields.io/badge/GitHub-Dockerfile-blue)](openid-connect-provider-debugger/Dockerfile)\n[![Docker Build](https://github.com/leplusorg/openid-connect-provider-debugger/workflows/Docker/badge.svg)](https://github.com/leplusorg/openid-connect-provider-debugger/actions?query=workflow:\"Docker\")\n[![Docker Stars](https://img.shields.io/docker/stars/leplusorg/openid-connect-provider-debugger)](https://hub.docker.com/r/leplusorg/openid-connect-provider-debugger)\n[![Docker Pulls](https://img.shields.io/docker/pulls/leplusorg/openid-connect-provider-debugger)](https://hub.docker.com/r/leplusorg/openid-connect-provider-debugger)\n[![Docker Version](https://img.shields.io/docker/v/leplusorg/openid-connect-provider-debugger?sort=semver)](https://hub.docker.com/r/leplusorg/openid-connect-provider-debugger)\n[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/10077/badge)](https://bestpractices.coreinfrastructure.org/projects/10077)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/leplusorg/openid-connect-provider-debugger/badge)](https://securityscorecards.dev/viewer/?uri=github.com/leplusorg/openid-connect-provider-debugger)\n\n## Run\n\nTo launch the debugger, you will need to get the following information from the OP:\n\n1. client ID.\n1. client secret.\n1. discovery URI (usually something like \u003chttps://www.provider.com/.well-known/openid-configuration\u003e).\n\nAlso typically your OP will ask you to provide the Redirect URI it\nshould accept (\u003chttp://localhost:8080/login\u003e in our example below).\n\n### Using the web UI\n\nOnce your have provided and gathered the above information, run the\nfollowing Docker command:\n\n```bash\ndocker run -i -p 127.0.0.1:8080:80 leplusorg/openid-connect-provider-debugger\n```\n\nFinally, open \u003chttp://localhost:8080\u003e in your favorite browser and\nfollow the instruction on the web page.\n\nYou should be redirected to your OP to begin the authentication\nflow. Remember that if you are already signed in, you may go through\nthe authentication without any prompt. If you authenticate\nsuccessfully, you should see a JSON document containing all the\ninformation received by the debugger from the OP. You can find more\ndetails (including the raw tokens) in the logs printed by the Docker\ncontainer.\n\nA successful sign in would result in the display of a JSON document like this one:\n\n```json\n{\n  \"options\": {\n    \"client_id\": \"debugger\",\n    \"discovery\": \"http://192.168.0.1:8081/realms/master/.well-known/openid-configuration\",\n    \"redirect_uri\": \"http://localhost:8080/login\",\n    \"ssl_verify\": \"no\",\n    \"client_secret\": \"835e0717-e0c8-4b57-b044-295fa0e3f61b\"\n  },\n  \"id_token\": {\n    \"azp\": \"debugger\",\n    \"iat\": 1590619714,\n    \"iss\": \"http://192.168.0.1:8081/realms/master\",\n    \"aud\": \"debugger\",\n    \"nonce\": \"1e23537bb06f2b4e324d12d8d51f2c6b\",\n    \"exp\": 1590619774,\n    \"jti\": \"9a1b5cf6-87ab-4557-a4aa-b771a67af1db\",\n    \"sub\": \"38b4a290-5332-4c4c-bb8f-46eb2826c7ea\",\n    \"email_verified\": false,\n    \"acr\": \"1\",\n    \"preferred_username\": \"tom\",\n    \"auth_time\": 1590619714,\n    \"session_state\": \"fb3edcc2-f5b3-47fa-84f6-60cbae792cde\",\n    \"typ\": \"ID\"\n  },\n  \"user\": {\n    \"email_verified\": false,\n    \"preferred_username\": \"tom\",\n    \"sub\": \"38b4a290-5332-4c4c-bb8f-46eb2826c7ea\"\n  },\n  \"access_token\": \"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSl...\",\n  \"id_token_encoded\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6Ikwv3Y...\"\n}\n```\n\nYou can use \u003chttps://jwt.io\u003e to decode the access token.\n\n### Using URL parameters\n\nIf you prefer to skip the UI, you can pass directly the required\nvalues as URL parameters using the following syntax:\n\u003chttp://localhost:8080/debug?oidc_client_id=debugger\u0026oidc_client_secret=secret\u0026oidc_discovery=http%3A%2F%2F192.168.0.1%3A8081%2Frealms%2Fmaster%2F.well-known%2Fopenid-configuration\u0026oidc_redirect_uri=http://localhost:8080/login\u003e\n\nSee section \"Parameters\" below for a description of each parameter.\n\nRemember to URL encode the parameter values if they contain any\nreserved characters ('\u0026', '?', '/' etc.).\n\n### Using environment variables\n\nYou can pass the parameters to the Docker container using environment\nvariables like this:\n\n```bash\ndocker run -i -e 'oidc_client_id=debugger' -e 'oidc_client_secret=secret' -e 'oidc_discovery=http://192.168.0.1:8081/realms/master/.well-known/openid-configuration' -e 'oidc_redirect_uri=http://localhost:8080/login' -p 127.0.0.1:8080:80 leplusorg/openid-connect-provider-debugger\n```\n\nSee section \"Parameters\" below for a description of each parameter.\n\nThen go to \u003chttp://localhost:8080/debug\u003e to skip the UI and initiate\nthe authentication flow.\n\n## Parameters\n\nSettings are passed to the Docker image using environment variables\n(e.g. using the -e command-line option) or directly to NGINX using URL\nparameters.\n\n### oidc_client_id\n\nDescription: the OpenID Connect Client ID.\n\nMandatory: yes\n\nDefault: none\n\n### oidc_client_secret\n\nDescription: the OpenID Connect Client Secret (WARNING: this sensitive\nvalue will appear in the logs of the Docker so please do not share\nyour logs without redacting this value).\n\nMandatory: yes\n\nDefault: none\n\n### oidc_discovery\n\nDescription: the URI of the OpenID Connect Provider discovery endpoint\n(usually a URI ending in something like\n\"/.well-known/openid-configuration\").\n\nMandatory: yes\n\nDefault: none\n\n### oidc_redirect_uri\n\nDescription: the OpenID Connect redirect URI (typically if you are\nrunning the instance locally on port 8080, it would be\n\u003chttp://localhost:8080/login\u003e).\n\nMandatory: yes\n\nDefault: none\n\n### oidc_scope\n\nDescription: the OpenID Connect scope (e.g. \"openid email profile\").\n\nMandatory: no\n\nDefault: \"openid email profile\" (coming from the \u003chttps://github.com/zmartzone/lua-resty-openidc\u003e dependency).\n\n### oidc_post_logout_uri\n\nDescription: the OpenID Connect post_logout_redirect_uri (if you running the\ninstance locally on port 8080, it could be \u003chttp://localhost:8080/status\u003e).\nYou might have to configure this URI in the OP's admin console.\n\nMandatory: no\n\nDefault: none.\n\n### page_content_type\n\nDescription: the content type of the resulting JSON (e.g. `application/json`).\nE.g. for cypress tests you might want to set this to `text/html`.\nNote: this does not change the content of the result only the content-type header.\n\nMandatory: no\n\nDefault: `application/json`\n\n## Endpoints\n\nThe following endpoints are available: `/debug`, `/login`, `/logout`, `/status`\n\n`/debug` is used to initiate and end the OpenID Connect flow. If the\nuser is authenticated, it will display the JSON document containing the\ntokens and user information.\n\n`/login` is the redirect URI where the OP will send the user after\nauthentication. It will build up the session state and redirect the\nuser back to the /debug endpoint.\n\n`/logout` is used to end the session and log the user out of the OP.\nIf a post_logout_redirect_uri (oidc_post_logout_uri argument) is\nprovided, the user will be redirected to that URL from the OP.\n\n`/status` is a simple page that displays the current session state as a\nJSON document. There are three possible states: \"not_authenticated\",\n\"authenticated\" and \"session_active_but_no_user\". This might be a good\nplace for a post_logout_redirect_uri.\n\nNote: `/debug`, `/login` and `/logout` share all the same code. `/debug`\nand `/login` behave absolutely identical, while `/logout` behaves\ndifferently because of the used OIDC lua library.\n\n## Testing\n\nTo test the debugger (or any other Relying Party), you can use JBoss\nKeycloak as a local OpenID Connect Provider.\n\nLaunch Keycloak using the following command (choosing the desired\nusername and password):\n\n```bash\ndocker run -i -e 'KC_BOOTSTRAP_ADMIN_USERNAME=admin' -e 'KC_BOOTSTRAP_ADMIN_PASSWORD=admin' -p 0.0.0.0:8081:8080 quay.io/keycloak/keycloak:latest start-dev\n```\n\nHere we use the IP address `0.0.0.0` to expose Keycloak on both\n`localhost` (`127.0.0.0.1`) and on your machine's public IP because we\nwill need to use that public IP to access it from the\nopenid-connect-provider-debugger Docker instance. We cannot use\n`localhost` because it would be interpreted by the\nopenid-connect-provider-debugger instance as referring to itself\ninstead of the `localhost` of the host where Keycloak's port is\nmapped. **If your host is running a firewall (as it should), this means\nthat you probably need to allow incoming connections to Keycloak's\nport (`8081` in our example) on your public IP.** Ideally your\nfirewall should let you allow only connection from and to the same\npublic IP so that you don't expose Keycloak to your whole local\nnetwork.\n\nNext go to the Keycloak's admin console at\n\u003chttp://localhost:8081/admin/master/console/#/master/clients\u003e\nand authenticate using the username and password chosen in the above\ncommand.\n\nClick the \"Create client\" button to create a new client. Choose a\nclient ID (e.g. \"debugger\") and click \"Next\". On the next screen,\ntoggle on the Client authentication then click Next again. Then on the\nfinal screen you need to provide the \"Valid Redirect URIs\". Put here\nthe value \u003chttp://localhost:8080/*\u003e assuming that you will be running\nthe debugger on port 8080 (see \"Run\" section above for details). Click\n\"Save\". Then go to the \"Credentials\" tab and copy the client secret.\n\nNow you can run the debugger (see \"Run\" section above for\ndetails). The client ID is the value that you just chose when creating\nthe client in Keycloak. The client secret is the value that you copied\nfrom the Credentials tab. The OpenID Connect Discovery URL will be\n\u003chttp://192.168.0.1:8081/realms/master/.well-known/openid-configuration\u003e\nwhere you need to replace the IP address `192.168.0.1` by your local\nmachine network address. You need to use an IP address that works from\ninside the debugger Docker container (for the debugger to be able to\nconnect to the OP to get the discovery metadata and later retrieve the\ntokens). This is why you can't use `localhost` or `127.0.0.1` which\nthe debugger would interpret as itself instead of the provider.\n\n## Software Bill of Materials (SBOM)\n\nTo get the SBOM for the latest image (in SPDX JSON format), use the\nfollowing command:\n\n```bash\ndocker buildx imagetools inspect leplusorg/openid-connect-provider-debugger --format '{{ json (index .SBOM \"linux/amd64\").SPDX }}'\n```\n\nReplace `linux/amd64` by the desired platform (`linux/amd64`, `linux/arm64` etc.).\n\n## Provenance\n\nTo get the provenance for the latest image (in JSON format), use the\nfollowing command:\n\n```bash\ndocker buildx imagetools inspect leplusorg/openid-connect-provider-debugger --format '{{ json .Provenance }}'\n```\n\n## Sigstore\n\n[Sigstore](https://docs.sigstore.dev) is trying to improve supply\nchain security by allowing you to verify the origin of an\nartifact. You can verify that the image that you use was actually\nproduced by this repository. This means that if you verify the\nsignature of the Docker image, you can trust the integrity of the\nwhole supply chain from code source, to CI/CD build, to distribution\non Maven Central or wherever you got the image from.\n\nYou can use the following command to verify the latest image using its\nsigstore signature attestation:\n\n```bash\ncosign verify leplusorg/openid-connect-provider-debugger --certificate-identity-regexp 'https://github\\.com/leplusorg/openid-connect-provider-debugger/\\.github/workflows/.+' --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'\n```\n\nThe output should look something like this:\n\n```text\nVerification for index.docker.io/leplusorg/xml:main --\nThe following checks were performed on each of these signatures:\n  - The cosign claims were validated\n  - Existence of the claims in the transparency log was verified offline\n  - The code-signing certificate was verified using trusted certificate authority certificates\n\n[{\"critical\":...\n```\n\nFor instructions on how to install `cosign`, please read this [documentation](https://docs.sigstore.dev/cosign/system_config/installation/).\n\n## Credits\n\nThis project is based on NGINX / OpenResty and all the actual OpenID\nConnect implementation comes from\n\u003chttps://github.com/zmartzone/lua-resty-openidc\u003e.\n\n## Alternatives\n\nIf all you need is to do a simple test and you do not need to see the\ndetails of each HTTP request and response, you can use this online\n[OIDC debugger](https://oidcdebugger.com) with the corresponding\n[source code](https://github.com/nbarbettini/oidc-debugger).\n\nAuth0 also provides a web-hosted [OpenID Connect Playground](https://openidconnect.net).\n\nAnother alternative is the official OpenID Foundation certification\ntests that can be run online at\n\u003chttps://op.certification.openid.net:60000\u003e and\n\u003chttps://rp.certification.openid.net:8080\u003e, with the corresponding\n[source code](https://github.com/openid-certification/oidctest).\n\n## Contributing\n\nPlease read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct and the process for submitting pull requests.\n\n## Security\n\nPlease read [SECURITY.md](SECURITY.md) for details on our security policy and how to report security vulnerabilities.\n\n## Code of Conduct\n\nPlease read [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for details on our code of conduct.\n\n## License\n\nThis project is licensed under the terms of the [LICENSE](LICENSE) file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleplusorg%2Fopenid-connect-provider-debugger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fleplusorg%2Fopenid-connect-provider-debugger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleplusorg%2Fopenid-connect-provider-debugger/lists"}