emulate

Okta

Okta identity provider emulation with OAuth 2.0 / OIDC, user management, groups, apps, and authorization servers. Supports both default org server and custom authorization server paths.

OAuth / OIDC

Default org server and custom authorization server paths (/oauth2/:authServerId/...):

  • GET /.well-known/openid-configuration — OIDC discovery (default)
  • GET /oauth2/:authServerId/.well-known/openid-configuration — per-server discovery
  • GET /oauth2/v1/keys — JSON Web Key Set (JWKS)
  • GET /oauth2/v1/authorize — authorization endpoint
  • POST /oauth2/v1/token — token endpoint
  • GET /oauth2/v1/userinfo — user info
  • POST /oauth2/v1/revoke — token revocation
  • POST /oauth2/v1/introspect — token introspection
  • GET /oauth2/v1/logout — end session

Users

  • GET /api/v1/users — list users
  • POST /api/v1/users — create user
  • GET /api/v1/users/me — current user (from token)
  • GET /api/v1/users/:userId — get user
  • PUT /api/v1/users/:userId — replace user
  • POST /api/v1/users/:userId — partial update
  • DELETE /api/v1/users/:userId — delete user
  • GET /api/v1/users/:userId/groups — list user groups
  • POST /api/v1/users/:userId/lifecycle/activate — activate
  • POST /api/v1/users/:userId/lifecycle/deactivate — deactivate
  • POST /api/v1/users/:userId/lifecycle/suspend — suspend
  • POST /api/v1/users/:userId/lifecycle/unsuspend — unsuspend
  • POST /api/v1/users/:userId/lifecycle/reactivate — reactivate

Groups

  • GET /api/v1/groups — list groups
  • POST /api/v1/groups — create group
  • GET /api/v1/groups/:groupId — get group
  • PUT /api/v1/groups/:groupId — update group
  • DELETE /api/v1/groups/:groupId — delete group
  • GET /api/v1/groups/:groupId/users — list group members
  • PUT /api/v1/groups/:groupId/users/:userId — add user to group
  • DELETE /api/v1/groups/:groupId/users/:userId — remove user from group

Apps

  • GET /api/v1/apps — list apps
  • POST /api/v1/apps — create app
  • GET /api/v1/apps/:appId — get app
  • PUT /api/v1/apps/:appId — update app
  • DELETE /api/v1/apps/:appId — delete app
  • GET /api/v1/apps/:appId/users — list assigned users
  • PUT /api/v1/apps/:appId/users/:userId — assign user
  • DELETE /api/v1/apps/:appId/users/:userId — unassign user
  • POST /api/v1/apps/:appId/lifecycle/activate — activate app
  • POST /api/v1/apps/:appId/lifecycle/deactivate — deactivate app

Authorization Servers

  • GET /api/v1/authorizationServers — list
  • POST /api/v1/authorizationServers — create
  • GET /api/v1/authorizationServers/:authServerId — get
  • PUT /api/v1/authorizationServers/:authServerId — update
  • DELETE /api/v1/authorizationServers/:authServerId — delete
  • POST /api/v1/authorizationServers/:authServerId/lifecycle/activate — activate
  • POST /api/v1/authorizationServers/:authServerId/lifecycle/deactivate — deactivate