oauth2-test-server 0.2.3

A fast, fully configurable, in-memory OAuth 2.0 + OpenID Connect authorization server for testing, zero-HTTP mode and DCR support for testing auth flow in MCP Servers and MCP Clients
Documentation
# OAuth2 Test Server — Sample Configuration
# Copy this file, edit the values, and load it via
#   IssuerConfig::from_file("path/to/config.yaml")
#
# All fields are optional — defaults are shown below.

# --- Server ---
scheme: "http"
host: "localhost"
port: 8090                                       # 0 = random free port

# --- User Identity ---
default_user_id: "test-user-123"                 # sub claim in tokens/userinfo

# --- Security ---
require_state: true                              # require state param in /authorize
generate_client_secret_for_dcr: true             # auto-generate secret on DCR
allowed_origins: []                              # CORS (empty = allow all)

# --- Token Lifetimes (seconds) ---
access_token_expires_in: 3600                    # 1 hour
refresh_token_expires_in: 2592000                # 30 days
authorization_code_expires_in: 600               # 10 minutes
cleanup_interval_secs: 300                       # cleanup expired every 5 min (0 = off)

# --- OIDC Capabilities ---
scopes_supported:
  - openid
  - profile
  - email
  - offline_access
  - address
  - phone

claims_supported:
  - sub
  - name
  - given_name
  - family_name
  - email
  - email_verified
  - picture
  - locale

grant_types_supported:
  - authorization_code
  - refresh_token
  - client_credentials

response_types_supported:
  - code
  - token
  - id_token

token_endpoint_auth_methods_supported:
  - client_secret_basic
  - client_secret_post
  - none
  - private_key_jwt

code_challenge_methods_supported:
  - plain
  - S256

subject_types_supported:
  - public

id_token_signing_alg_values_supported:
  - RS256