A mock access token validator is a special access token validator type for development or testing purposes.
A mock access token validator accepts arbitrary tokens without validating whether a trusted source issued them. This allows you to make bearer token-authenticated requests without first setting up an authorization server.
Mock access tokens are formatted as plain-text JSON objects using standard JSON web token (JWT) claims.
Always provide the boolean active
claim when creating a mock token.
If this value is true, the token is accepted. If this value is
false, the token is rejected.
If the sub
claim is provided, a token owner lookup populates the
TokenOwner
policy request attribute as with the other access
token validator types.
The following example cURL command shows a mock access token in an HTTP request.
curl -k -X GET https://localhost:1443/directory/v1/Me -H 'Authorization: Bearer {"active": true, "sub":"user.1", "scope":"email profile", "client_id":"client1"}'
Never use mock access token validators in a production environment because they do not verify whether a trusted source issued an access token.
Sample configuration
The configuration for a mock access token validator resembles the configuration for a JWT access token validator. However, the JSON web signature (JWS) signatures require no configuration because mock tokens are not authenticated.
# Create an identity mapper that expects the token subject to be a uid
dsconfig create-identity-mapper \
--validator-name "User ID Identity Mapper" \
--type exact-match \
--set enabled:true \
--set match-attribute:uid \
--set match-base-dn:ou=people,dc=example,dc=com
# Create the Access Token Validator
dsconfig create-access-token-validator \
--validator-name "Mock Access Token Validator" \
--type mock --set enabled:true \
--set evaluation-order-index:9999 \
--set "identity-mapper:User ID Identity Mapper"
Learn more about the configuration options for a mock access token validator.