The GOV.UK One Login simulator is a development tool that lets you run end-to-end tests, so you can:
- test and verify specific user information such as names and email addresses
- request specific error codes and learn more about what they mean in a test environment
- test integrations with GOV.UK One Login without going through account creation
The simulator runs locally on your machine, or can be deployed. The simulator is distributed as a Docker image and is deployed via GitHub. The GOV.UK One Login team runs nightly acceptance tests against the live system, so you’ll always be testing with the most up-to-date version of GOV.UK One Login.
The simulator stands in as GOV.UK One Login in acting as the OpenID Provider (OP) for Relying Parties (RP) to test their integration.
The simulator provides similar testing functionality as building mocks but without the need for you to build anything yourself. This means the simulator is a quicker and easier way of testing your setup. The simulator also lets you use your own test data, meaning you can test a wider range of scenarios.
sequenceDiagram
RP->>Simulator:/authorize
Simulator-)RP: Redirect URL + Auth code
RP->>Simulator:/token
Simulator-)RP: access_token and id_token
RP->>Simulator:/userinfo
The simulator aims to mirror GOV.UK One Login but does not support all of the features, therefore there are some limitations to what RP features it supports:
- You must use the
private_key_jwtauthentication method or theclient_secret_postauthentication method at the/tokenendpoint - You must attach a
nonceparameter in the/authorizerequest - You must use a
GETrequest with either query parameters or a request object when making a request to/authorize.
- Setting up configuration
- Configuring Errors
- Default configuration values
- Running the simulator in interactive mode
Developer instructions can be found in CONTRIBUTING.md