I built ProtocolSoup because I was tired of protocol diagrams that relied on theoretical explanations without tactility or transparency.
So I built a sandbox where you run real flows against real infrastructure.
Live platform: https://protocolsoup.com GitHub: https://github.com/ParleSec/ProtocolSoup
The core features are the Looking Glass and SSF Sandbox. WebSocket-powered inspectors that show raw HTTP traffic in real-time as you step through a flow. See exactly what your browser sends, what comes back, and decode every token along the way.
Supported protocols: - OAuth 2.0 (authorization code, PKCE, client credentials, device code, refresh) - OpenID Connect (ID tokens, userinfo, discovery) - SAML 2.0 (SP-initiated, IdP-initiated, SLO) - SPIFFE/SPIRE (X.509-SVID, JWT-SVID against real SPIRE infrastructure) - SCIM 2.0 (user/group provisioning with integrated test application) - SSF (Shared Signals Framework - CAEP + RISC events)
Everything runs against a built-in Mock IdP, a real SCIM-integrated application, and a dedicated SPIRE server. Nothing to configure.
Stack: Go backend, React frontend, WebSocket for real-time inspection. You can run locally as well through Docker.
Feedback is welcome and greatly appreciated whether you're an experienced in navigating auth protocols or are just starting to learn auth protocols.