Mock access token validator
A mock access token validator is a special access token validator type used for development or testing purposes. It accepts arbitrary tokens without validating whether a trusted source issued them. This approach allows a developer or tester to make bearer token-authenticated requests without first setting up an authorization server.
Mock access tokens are formatted as plain-text JSON objects using standard JWT claims.
Always provide the Boolean active
claim when creating a mock token. If this value is true
, the token is accepted. If this value is false
, the token is rejected.
If the sub
claim is provided, a token owner lookup populates the TokenOwner
policy request attribute, as with the other access token validator types.
The following example cURL command provides a mock access token in an HTTP request:
curl -k -X GET https://localhost:8443/scim/v2/Me -H 'Authorization: Bearer {"active": true, "sub":"user.3", "scope":"email profile", "client":"client1"}'
Never use mock access token validators in a production environment because they do not verify whether a trusted source issued an access token. |
Example mock access token validator configuration
The configuration for a mock access token validator resembles the configuration for a JWT access token validator. However, the JSON web signature (JWS) signatures require no configuration because mock tokens are not authenticated.
# Create the Access Token Validator dsconfig create-access-token-validator \ --validator-name "Mock Access Token Validator" \ --type mock --set enabled:true \ --set evaluation-order-index:9999 # Match the token's subject (sub) claim to the uid attribute # of a SCIM resource dsconfig create-token-resource-lookup-method \ --validator-name "Mock Access Token Validator" \ --method-name "User by uid" \ --type scim \ --set 'match-filter:uid eq "%sub%"' \ --set evaluation-order-index:1000