I have a Firebase account that I basically just use for Authentication. It runs inside a Spring Boot that simply verifies them Using OAuth2Resource. In the production environment, Users have to verify their e-mail address and enable TOTP verification. But for testing I would like to simply create fake random profiles at the press of a button. I'm not sure how exactly to implement this but I was thinking of either disabling the signature verification on the tokens (Allowing me to simply add whatever claims myself) or figuring out some way to create an embedded JWT authority that replaces firebase (but then you wouldn't be able to test sign in flow in testing). But there is no information on how to do either (or anything else) anywhere. So how can I create fake JWTs or Sign Ins in my test environment?
I am assuming you are using spring-boot-starter-oauth2-resource-server dependency.
Just define a SecurityFilterChain bean for testing with test Profile with custom authenticationManager:
@Profile("test")
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http
.oauth2ResourceServer(c -> c
.jwt(jwt -> jwt.authenticationManager(authentication -> {
// some custom logic if you need
return new UsernamePasswordAuthenticationToken("some principal", "", List.of());
})
))
.build();
}
the authentication manager in this example doesn't do any checking, and blindly returns an Authentication object for everyone