Using DevAuth

To make developing your backend easier, we provide a way to simulate authentication without the need for a proxy server. We call this component DevAuth.

You can simulate logins using mail (a password is not necessary), or social login services. After a successful authentication, you'll be redirected to loqal.host with the port you requested on the login screen. loqal.host simply points to 127.0.0.1, but carries the cookie we need for authentication.

The DevAuth cookie is signed with the HS256 algorithm, but the signing key is fixed to 00000000000000000000000000000000!

DNS not resolving loqal.host

Sometime DNS servers won't resolve domains that point to 127.0.0.1 to prevent malicious attacks. Have a look at our respective troubleshooting section for more information and ways to resolve this issue.

DevAuth will give you a JWT with the iss claim pointing to https://login.loqal.host (note, there is no /.q in the path!). To logout you need to send the user to https://login.loqal.host/logout, i.e. take the issuer and append /logout similarly to the production case.

Use loqal.host instead of localhost

Our cookie can only be set on the domain loqal.host, not on localhost, hence to access your application with a valid authentication, you need to test your application using the domain loqal.host.

See the DevAuth Architecture for more information how this is configured.