OIDC test login button added to settings page
Admins configuring Single Sign-On with OIDC providers can now click a Test button to verify their setup works before going live. The test flow shows what user attributes the identity provider would return, without creating any sessions or user records.
Setting up Single Sign-On with OIDC providers has always been a leap of faith — configure everything, save, then hope it works when users try to log in. If something was misconfigured, you'd find out when employees couldn't access the platform.
The OIDC settings page now includes a Test button that opens a new browser tab and walks through the full authentication flow with your identity provider. After entering credentials, the tab displays the attributes your IdP would return: email address, first name, last name, and subject identifier. If anything goes wrong, a failure page shows the exact error.
The test flow is intentionally isolated. No session cookie gets set. No user record is created or modified. It's purely diagnostic — a safe way to validate that the discovery endpoint, client ID, and client secret are all correct before relying on OIDC for real logins.
The button is enabled once all three required fields are filled in: discovery endpoint, client ID, and client secret. The backend encodes a test mode flag in the OIDC state JWT so the callback handler knows to render the result page instead of proceeding with normal authentication.
View Original GitHub Description
Summary
- Add
POST /sso/oidc/config/testendpoint that initiates an OIDC authorization flow in test mode — captures IdP claims and renders a result page without creating a session or modifying user data - Encode a
testModeflag in the OIDC state JWT so the callback handler can distinguish test flows from real logins - Add a "Test" button to the OIDC settings form in the frontend (enabled when discovery endpoint, client ID, and client secret are configured)
- Render success/failure HTML pages showing returned OIDC attributes (email, name, subject) with proper HTML escaping
Related Linear tickets, Github issues, and Community forum posts
https://linear.app/n8n/issue/IAM-502/oidc-add-test-login
Review / Merge checklist
- PR title and summary are descriptive. (conventions)
- Docs updated or follow-up ticket created.
- Tests included.
How to test
- Configure an OIDC provider in Settings → SSO → OIDC (discovery endpoint, client ID, client secret)
- Click the Test button — a new browser tab opens with the IdP login page
- Authenticate with the IdP — the tab should render a success page showing the returned attributes (email, first name, last name, subject)
- If authentication fails or the provider returns an error, the tab should render a failure page with the error message
- Verify that no session cookie is set and no user record is created/modified after the test flow