GOV.UK One Login Simulator

Local Setup

To run the stub locally, you can simply run docker compose up --build.

If you would like to run it alongside an RP running locally in Docker, you'll need to turn on Docker host networking. This requires v4.34 or higher of Docker Desktop. In Docker Desktop, go into Settings -> Resources -> Network, and tick Enable host networking. In your docker compose file for the RP, add network_mode: host under the service that you're running.

Development environment setup:

Please ensure you are using the correct node version locally (Found in Dockerfile)

Build

To build the app

npm install && npm run build

Start

To start the app

npm run build && npm run start

Formatting & Linting

Scripts:

To check:

npm run check; # Check all
npm run check:pretty; # Check prettier
npm run check:lint; # Check linting

To fix formatting/linting:

npm run fix; # Fix all
npm run fix:pretty; # Fix prettier
npm run fix:lint; # Fix linting

To setup pre-commit hook

npm run prepare

Testing

To run tests run

npm run test

Configuration

Client configuration and configuration for the response can be set as environment variables, however there are also default values set. Parameters that are parsed as an array should be set as a comma separated string, for example

CLIENT_LOCS=P0,P2

The parameters to be set can be found in src/config.ts. The private key for the default public key is:

Error configuration:

You can setup the simulator to return specific error scenarios for the Core Identity JWT and ID Token issued. Multiple error states can be enabled and these should be passed to the following environment variables as a comma separated string:

AUTHORISE_ERRORS - These will enable an error response from the /authorize endpoint and can have the following valid values:

"ACCESS_DENIED": This error will return an access_denied response for all valid requests to the /authorize endpoint when enabled.

ID_TOKEN_ERRORS - This enables invalid ID Tokens to be issued by the simulator and has the following valid values:

"INVALID_ISS"

"INVALID_AUD"

"INVALID_ALG_HEADER"

"INVALID_SIGNATURE"

"TOKEN_EXPIRED"

"TOKEN_NOT_VALID_YET"

"NONCE_NOT_MATCHING"

"INCORRECT_VOT"

CORE_IDENTITY_ERRORS - This enables invalid ID Tokens to be issued by the simulator and has the following valid values:

"INVALID_ALG_HEADER"

"INVALID_SIGNATURE"

"INVALID_ISS"

"INVALID_AUD"

"INCORRECT_SUB"

"TOKEN_EXPIRED"

You can also setup these error scenarios using the /config endpoint by making a POST request with a body similar to the one below:

{
    "errorConfiguration":{
        "coreIdentityErrors": ["INVALID_ALG_HEADER"], 
        "idTokenErrors": ["INVALID_ISS"]
    }
}

To remove an error configuration, you can either unset the environment variables mentioned above, or you can POST the config endpoint without the errorConfiguration field in the body.

Note

Anytime you update your configuration using the /config endpoint you must include the errorConfiguration if you wish to maintain the configured errors

pauldougan/simulator