This is a very simple OpenID Connect client to debug OIDC flows. It can easily be adapted to other OAuth2-based flows.

It uses the endpoints obtained from the well-known/openid-configuration endpoint to do a full OpenID-Connect authorization code flow.

• The flow is initiated by spawning a webbrowser to a (temporary) file to easily do a POST.
• It uses a localhost (python) webserver as redirect_uri. We're polling that server's log to see when the code is returned.
• The code is used by cURL to obtain the tokens and used for accessing the userinfo endpoint.
• During the flow, it will print out all the responses and tokens using json_pp.

When the access_token is not a JWT, you want to change the relevant line in the script (look for Print access_token).

You will need to obtain a client_id and client_secret from the OIDC Provider and make sure it has http(s)://localhost:PORT/index.html as one of its redirect_uri. Put all the relevant settings in a .cnf file, such as the example test_oidc_client.cnf.

./test_oidc_client.sh myconfig.cnf