urlscan.io logo urlscan.io
SecurityTrails logo

sso-dev.therootcompany.com Open in urlscan Pro
2606:50c0:8000::153  Public Scan

Back to summary
URL: https://sso-dev.therootcompany.com/
Submission: On July 07 via automatic, source certstream-suspicious — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

SSO-DEV


STATIC OIDC ISSUER

github.com/therootcompany/sso-dev

A real, working OpenID Connect Configuration for Development
(host statically on GitHub Pages, or wherever)


USAGE

Add any of these issuers to your web app’s OpenID issuer whitelist:

 * https://sso-dev.therootcompany.com/ (primary, ecdsa)
 * https://sso-dev.therootcompany.com/dev/ (same as primary, but using subpath)
 * https://sso-dev.therootcompany.com/staging/ (a different set of keys)
 * https://sso-dev.therootcompany.com/ec/ (both ecdsa keys)
 * https://sso-dev.therootcompany.com/rsa/ (both rsa keys)

Then sign a token (with the corresponding key) and run with it:

keypairs sign --exp 1h ./key.ec.jwk.json \
    '{
        "issuer": "https://sso-dev.therootcompany.com"
        "sub": "me@example.com"
    }' \
    > token.jwt \
    2> sig.jws

curl https://example.com/api/profile \
    -H "Authorization: Bearer $(cat ./token.jwt)"



DIRECTORY STRUCTURE

From the root of https://sso-dev.therootcompany.com
(also https://therootcompany.github.io/sso-dev/)


.
├── key.ec.jwk.json
├── key.rsa.jwk.json
├── .well-known/
│   ├── jwks.json
│   └── openid-configuration
│
├── staging/
│   ├── key.ec.jwk.json
│   ├── key.rsa.jwk.json
│   │
│   └── .well-known/
│       ├── jwks.json
│       └── openid-configuration
│
├── dev/
│   └── .well-known/
│       ├── jwks.json
│       └── openid-configuration
├── ec/
│   └── .well-known/
│       ├── jwks.json
│       └── openid-configuration
└── rsa/
    └── .well-known/
        ├── jwks.json
        └── openid-configuration



MAKE IT YOURS

If you’d like to have your own test domain:

 1. DO NOT PUBLISH production keys
 2. Set a CNAME record
    <your-org>.github.io for <subdomain>.<your-org>.com
 3. Set the ./CNAME file to <subdomain>.<your-org>.com
 4. Install keypairs
    (because it’s easy and cross-platform)
    
     curl -sS https://webi.sh/keypairs | sh
     source ~/.config/envman/PATH.env
    

 5. Replace the originals with your own keys
    (uses keypairs in the script)
    
     rm -rf *.jwk.json ./ec/ ./rsa/ ./dev/ ./staging/
     ./bin/generate-keys https://sso-dev.therootcompany.com
    

 6. Host on GitHub Pages (or wherever)
    Settings => Pages => Branch: main


LICENSE

Source: https://github.com/therootcompany/sso-dev

Public Domain via CC0-1.0

This site is open source. Improve this page.