Build mocks to work with GOV.UK One Login

Once you’ve integrated your service with Authorization Code Flow, you can build your mocks to work with GOV.UK One Login. This page describes:

• what to do before you start to build mocks
• how to set up your local development environment
• how to build mocks for the GOV.UK One Login integration environment endpoints

Before you start

Before you can build mocks, make sure you have completed the following steps. This confirms your service is connected with GOV.UK One Login’s integration environment.

1. Created a key pair.
2. Registered with GOV.UK One Login.
3. Configured your client ID and private key into your application so your application can create the OpenID Connect (OIDC) requests.
4. Check your application can call all GOV.UK One Login endpoints (https://oidc.integration.account.gov.uk/.well-known/openid-configuration, /authorize, /token, /userinfo, /logout). If you need to log in to the integration environment, use the user ID and password issued to you by email when you registered your service.

Set up your local development environment

To set up your local development environment, you can do one or both of these options, depending on your development needs:

• configure your application to use GOV.UK One Login’s integration environment – there’s further guidance on integrating with GOV.UK One Login’s integration environment
• mock out your calls to the endpoints to provide responses without having to call external systems

Access test data

There are 2 types of test data:

• example responses from the GOV.UK One Login API to help you build your mocks
• fictional users and their knowledge-based verification (KBV) answers to help you create a GOV.UK One Login and test your journeys - you’ll need to contact GOV.UK One Login to access test user data

Build your mocks

Build mock for /authorize endpoint

You should build a mock for the /authorize endpoint using:

• the request to the /authorize endpoint, depending on whether you’re making a request for authentication only or a request for authentication and identity
• the error handling for /authorize response

Build mock for /token endpoint

You should build a mock for the /token endpoint using:

• the /token endpoint request
• the error handling for /token response

Build mock for /userinfo endpoint

You should build a mock for the /userinfo endpoint using:

• the /userinfo endpoint request
• the error handling for /userinfo response

Build mock for /logout endpoint

You should build a mock for the /logout endpoint using:

• the /logout endpoint request

Build mock for the discovery endpoint

You should build a mock for the discovery endpoint. You can view the endpoint at https://oidc.integration.account.gov.uk/.well-known/openid-configuration.

This page was last reviewed on 18 June 2024.