The auth-mock directory contains a OAuth authentication server that allows the user to select its identity parameters without suplying any credentials. It is designed as a mock server for integration test.
The app-client directory contains a react app which uses the @auth0/auth0-react npm package to authenticate with an OAuth server.
The app-server directory contains a node / nest.js API server that uses @nestjs/{passport,jwt} to verify JWT tokens and retrieve information about the user.
The web client / api server combo was manually tested against an auth0 API. The integration directory contains an end2end integration test which performs a login operation against the mock oauth server and which is being run by github actions.
The app-client / app-server where configured by using 2 distinct applications under the same domain.
The react app-client requires the following environment variables when building:
REACT_APP_AUTH_DOMAIN=
REACT_APP_AUTH_CLIENT_ID=
REACT_APP_AUTH_AUDIENCE=Where DOMAIN is the auth0 domain which identifies the oauth server, CLIENT_ID is the identifier of the oauth application and AUDIENCE identifies the app-server application.
The application server is configured with:
AUTH_JWKS_URL=https://<domain>/.well-known/jwks.jsonwhich is the location of the JWKS json file that contains the public RS256 key used to verify the signed JWTs.
The mock server attempts to follow the oauth authorization process defined in RFC6749; however it has only been tested against the auth0-specific client APIs.
The integration directory contains a docker-compose configuration with an integration test that verifies that the authentication process against the fake auth server works as expected using the @auth0/auth0-react npm package in the client web application.
The initial authentication process uses by auth0-react is reasonably standard however on page refresh, the @auth0/auth0-spa-js package uses an iframe and an authorize request with a HTML5 web message option and stays in loading state for a long time if it doesn't receive the expected answer.