Looking for: Native debug/test app similar to debugger at https://openidconnect.net/


I am working on an implementation of OIDC/OAuth2 with my company’s service as Provider, so that a third party developer can integrate their mobile application our service. We are using Rails/Doorkeeper, but I do not think that is relevant to the question.

As far as I can tell, we have a correct implementation for OIDC. I have various unit tests and manual tests running OK, everything works at the debugger on https://openidconnect.net/ which I would expect to be standard.

For integration with the mobile application we are using PKCE. The mobile application can successfully login, but there is a mysterious extra re-direct to the Provider’s (i.e. our) login screen, meaning that users have to log in twice. It is very odd, it doesn’t occur in any broswer-based tests I have run, and I am working with the developer for the Relying Party to try and isolate the issue. Of course I think it could be a problem with the native code on the mobile app/Relying Party and our partner thinks it could be a problem with the Provider service.

We have a few avenues of research to isolate the issue. One thing that would help me would be any native app that is designed purely to test/debug OIDC, similar to the debugger at https://openidconnect.net/ but designed around using PKCE and a native app style redirect. Does anyone here know if there is such a thing? So far I have not found anything

Update on the issue that triggered me asking for this. It turns out that the problem is on the Provider side. My company’s version of Doorkeeper does not properly handle the prompt parameter which is often sent with OIDC authorisation requests. It is relatively simple to add handling that removes this parameter from redirects if the OAuth authorisation has already determined that it needs to log in. So my current crisis is solved.

However, the investigation and testing would have been a lot simpler if I could fire up some standards-compliant native app relying party with some debug outputs. So I am still interested to see if anyone knows of one.

As an aside: It does not seem possible to add prompt=login to the redirect from the Debugger at https://openidconnect.net/ That would be a nice-to-have feature.