oidc-server-mock

oidc-server-mock is a mock OpenID Connect (OIDC) provider/server intended to emulate OIDC flows for development and testing (e.g., for verifying login integrations without a real identity provider).

Evaluated Apr 04, 2026 (27d ago)
Homepage ↗ Repo ↗ Auth oidc oauth2 mock identity authentication testing devtools
⚙ Agent Friendliness
30
/ 100
Can an agent use this?
🔒 Security
40
/ 100
Is it safe for agents?
⚡ Reliability
28
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
0
Documentation
30
Error Messages
0
Auth Simplicity
60
Rate Limits
0

🔒 Security

TLS Enforcement
60
Auth Strength
25
Scope Granularity
20
Dep. Hygiene
40
Secret Handling
60

As a mock identity provider, it is likely not designed for production security guarantees. Ensure it is confined to test networks; do not reuse its keys/tokens in real environments. TLS enforcement cannot be confirmed from provided info, but typical deployments should use HTTPS.

⚡ Reliability

Uptime/SLA
0
Version Stability
40
Breaking Changes
40
Error Recovery
30
AF Security Reliability

Best When

You need a lightweight, controllable OIDC endpoint to test client behavior in CI/local dev.

Avoid When

You require strict compliance guarantees, production-grade security controls, or high-availability deployment characteristics.

Use Cases

  • Integration testing of OIDC/OAuth2 client applications
  • Local development environments that need a fake identity provider
  • E2E testing of login/redirect/callback behavior
  • Validation of JWT/OIDC-related client logic and configuration

Not For

  • Production identity/authorization use
  • Security-critical testing that requires production-grade threat modeling and hardening

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: OIDC/OAuth2 endpoints typical for a mock provider (e.g., authorization, token, discovery, jwks)
OAuth: No Scopes: No

Authentication method for callers is the OIDC flow itself; no evidence was provided here of API-key/OAuth scope design for administrative APIs.

Pricing

Free tier: No
Requires CC: No

No pricing information provided; treat as self-hosted tooling.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • OIDC flows often involve redirects and state/nonce handling; agents must persist cookies/query params across steps.
  • Mock providers may return non-production error shapes; clients may need tolerant parsing during testing.
  • JWKS/JWT signing keys and issuer/audience values must match client configuration exactly.

Alternatives

Keycloak (dev/test realm) Okta/Entra ID OIDC in sandbox mode Auth0 test tenant AppAuth/OIDC test toolchains and local brokers

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for oidc-server-mock.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered