To make developing your backend easier, we provide a way to simulate authentication without the need for a proxy server. We call this component DevAuth.
You can simulate logins using mail (a password is not necessary), or social login services. After a successful
authentication, you'll be redirected to loqal.host with the port you requested on the login
screen. loqal.host simply points to
127.0.0.1, but carries
the cookie we need for authentication.
The DevAuth cookie is signed with the HS256 algorithm, but the signing key is fixed
Sometime DNS servers won't resolve domains that point to 127.0.0.1 to prevent malicious attacks. Have a look at our respective troubleshooting section for more information and ways to resolve this issue.
DevAuth will give you a JWT with the iss claim pointing
to https://login.loqal.host (note, there is no
/.q in the path!). To logout you need to
send the user to https://login.loqal.host/logout, i.e. take the issuer and
/logout similarly to the production case.
Our cookie can only be set on the domain
loqal.host, not on
localhost, hence to access your application with a valid
authentication, you need to test your application using the domain
See the DevAuth Architecture for more information how this is configured.