SQRL Test Websites

Not open for further replies.


Staff member
May 6, 2018
SQRL Demonstration, Test and Development Websites

  • https://sqrl.grc.com/demo | GRC's clean and simple SQRL login demo site.
    This demonstration website is the best place to learn SQRL's operation. Although any complete logon and identity solution for the Internet must be flexible and offer many features, we'll get to those later. (See the next two websites.) You should first just explore logging on and off with this demonstration website which was designed just for that.

  • https://www.grc.com/sqrl/demo.htm | GRC's original SQRL development site with several unique features.
    This is the website where SQRL was born. The pages here are older and offer another (original) example of SQRL logon with somewhat different features. Here you can also find a simulation of SQRL's various attack detection and prevention measures, a demonstration of SQRL's "Ask" facility for secure website prompting and reply, and a diagnostic log page for use by developers who are building new SQRL clients and servers.

  • https://sqrl.grc.com/msa | GRC's more advanced demonstration of managed shared access login.
    In a world secured by usernames & passwords, providing shared access to a website is as simple as sharing your logon username and password. But SQRL resists that, since SQRL individual identities should never be shared. So SQRL solves the problem of the need for shared access by providing "managed shared access" (MSA) for websites. As its name suggests, managed shared access allows other SQRL identities to be securely added to a single website account and subsequently managed. This /msa page is a version of the first site above. It exposes and demonstrates SQRL's MSA features and allows its visitors to experiment with them freely to see how they work.

  • https://sqrl-test.herokuapp.com/ |
    This one seems to work fine, except that we get no indication if the identity is new when logging in the first time and we also can't verify that the identity has been deleted.

  • https://sqrl.webscale.co.uk/login |
    This Python-based site was created and is maintained by Jeff Arthur, the developer of the iOS client for SQRL. Jeff reports that it is still missing a few features, but it works with GRC's Windows reference client for SQRL, so it supports CPS and SameIP attack mitigations.

  • https://sqrljava.com:20000/sqrlexample/app |
    This site was implemented in the JAVA language. It does not currently appear to support SQRL's CPS (client provided session) I believe this one caused a connection error when trying to delete the identity. I was able to do the next best thing by disabling the SQRL login though.

  • https://atejl9kfzl.execute-api.us-east-1.amazonaws.com/prod/sqrl |
    This is @JJasonClark 's SQRL test site. It supports SQRL authentication with auto account creation and removal when using the ident and remove commands. Source is hosted at https://github.com/jjasonclark/sqrl-min-auth. The site is hosted on AWS Lambda using Javascript and Postgres DB.

  • ... please let Steve know of any others not listed above ...
Not open for further replies.