Voiden OAuth Lab

Minimal local OAuth 2.0 / OIDC server for testing authorization code, implicit, device authorization, refresh, client credentials, introspection, revocation, userinfo, and dynamic client registration against a single predictable issuer.

Discovery document Flow runner Protected resource JWKS Implicit callback page Device verification

Test Clients

voiden-web / voiden-secret
voiden-device / voiden-device-secret
voiden-machine / voiden-machine-secret

Demo User

sub: demo-user
username: demo
password: demo-password
email: demo@example.com
scopes: openid profile email offline_access api:read api:write

Device Authorization

curl -X POST http://localhost:8081/device/authorize \
  -d client_id=voiden-device \
  -d client_secret=voiden-device-secret \
  -d scope="openid profile email offline_access api:read"

Client Credentials

curl -X POST http://localhost:8081/token \
  -d grant_type=client_credentials \
  -d client_id=voiden-machine \
  -d client_secret=voiden-machine-secret \
  -d scope="api:read api:write"