@@ -18,3 +18,123 @@ services:
1818 environment :
1919 # Match PHP_MAX_EXECUTION_TIME above
2020 - NGINX_FASTCGI_READ_TIMEOUT=300
21+
22+ idp-citizen :
23+ image : ghcr.io/soluto/oidc-server-mock:0.8.6
24+ profiles :
25+ - oidc
26+ - test
27+ # Let this container be accessible both internally and externally on the same domain.
28+ container_name : idp-citizen.${COMPOSE_DOMAIN}
29+ networks :
30+ - app
31+ - frontend
32+ ports :
33+ # https://github.com/Soluto/oidc-server-mock?tab=readme-ov-file#https
34+ # - '80'
35+ - ' 443'
36+ volumes :
37+ - .:/tmp/config:ro
38+ labels :
39+ - " traefik.enable=true"
40+ - " traefik.docker.network=frontend"
41+ - " traefik.http.routers.${COMPOSE_PROJECT_NAME}_idp-citizen.rule=Host(`idp-citizen.${COMPOSE_DOMAIN}`)"
42+ - " traefik.http.services.${COMPOSE_PROJECT_NAME}_idp-citizen.loadbalancer.server.port=443"
43+ - " traefik.http.services.${COMPOSE_PROJECT_NAME}_idp-citizen.loadbalancer.server.scheme=https"
44+ - " traefik.http.routers.${COMPOSE_PROJECT_NAME}_idp-citizen.middlewares=redirect-to-https"
45+ - " traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
46+
47+ environment :
48+ # https://github.com/Soluto/oidc-server-mock?tab=readme-ov-file#https
49+ ASPNETCORE_URLS : https://+:443;http://+:80
50+ ASPNETCORE_Kestrel__Certificates__Default__Password : mock
51+ ASPNETCORE_Kestrel__Certificates__Default__Path : /tmp/config/.docker/oidc-server-mock/cert/docker.pfx
52+
53+ ASPNETCORE_ENVIRONMENT : Development
54+ SERVER_OPTIONS_INLINE : |
55+ AccessTokenJwtType: JWT
56+ Discovery:
57+ ShowKeySet: true
58+ Authentication:
59+ CookieSameSiteMode: Lax
60+ CheckSessionCookieSameSiteMode: Lax
61+
62+ LOGIN_OPTIONS_INLINE : |
63+ {
64+ "AllowRememberLogin": false
65+ }
66+
67+ LOGOUT_OPTIONS_INLINE : |
68+ {
69+ "AutomaticRedirectAfterSignOut": true
70+ }
71+
72+ CLIENTS_CONFIGURATION_INLINE : |
73+ - ClientId: client-id
74+ ClientSecrets: [client-secret]
75+ Description: Mock IdP
76+ AllowedGrantTypes:
77+ # - client_credentials
78+ # - implicit
79+ - authorization_code
80+ # https://github.com/Soluto/oidc-server-mock/issues/46#issuecomment-704963181
81+ RequireClientSecret: false
82+ AllowAccessTokensViaBrowser: true
83+ # https://github.com/Soluto/oidc-server-mock/issues/26#issuecomment-705022941
84+ AlwaysIncludeUserClaimsInIdToken: true
85+ AllowedScopes:
86+ - openid
87+ - profile
88+ - email
89+ ClientClaimsPrefix: ''
90+ RedirectUris:
91+ - '*'
92+ # https://github.com/Soluto/oidc-server-mock/issues/60
93+ PostLogoutRedirectUris:
94+ - '*'
95+ # https://github.com/Soluto/oidc-server-mock/issues/46#issuecomment-704845375
96+ RequirePkce: false
97+
98+ # Needed to set custom claim types in "profile"
99+ # https://github.com/Soluto/oidc-server-mock/issues/123#issuecomment-1427129278
100+ # https://github.com/Soluto/oidc-server-mock/blob/master/README.md#simple-configuration
101+ # https://docs.docker.com/compose/compose-file/compose-file-v3/#environment
102+ OVERRIDE_STANDARD_IDENTITY_RESOURCES : ' true'
103+ IDENTITY_RESOURCES_INLINE : |
104+ # https://auth0.com/docs/get-started/apis/scopes/openid-connect-scopes#standard-claims
105+ - Name: openid
106+ ClaimTypes:
107+ - sub
108+ - Name: email
109+ ClaimTypes:
110+ - email
111+ - Name: profile
112+ ClaimTypes:
113+ # Add your custom claims here
114+ - dk_ssn
115+ - name
116+ - email
117+ - zip
118+ - uuid
119+
120+ USERS_CONFIGURATION_INLINE : |
121+ - SubjectId: 1
122+ Username: citizen1
123+ Password: citizen1
124+ Claims:
125+ # Claims added here must be defined above in IDENTITY_RESOURCES_INLINE
126+ - Type: dk_ssn
127+ Value: '1111111111'
128+ ValueType: string
129+ - Type: name
130+ Value: 'Anders And'
131+ ValueType: string
132+ - Type: email
133+ 134+ ValueType: string
135+ - Type: zip
136+ Value: '1111'
137+ ValueType: string
138+ - Type: uuid
139+ Value: '11111111-1111-1111-1111-111111111111'
140+ ValueType: string
0 commit comments