TestOAuth2ManagementErrorCodes tests all RFC 7592 error codes
(t *testing.T)
| 177 | |
| 178 | // TestOAuth2ManagementErrorCodes tests all RFC 7592 error codes |
| 179 | func TestOAuth2ManagementErrorCodes(t *testing.T) { |
| 180 | t.Parallel() |
| 181 | |
| 182 | tests := []struct { |
| 183 | name string |
| 184 | useWrongClientID bool |
| 185 | useWrongToken bool |
| 186 | useEmptyToken bool |
| 187 | expectedError string |
| 188 | expectedCode int |
| 189 | }{ |
| 190 | { |
| 191 | name: "InvalidToken_WrongToken", |
| 192 | useWrongToken: true, |
| 193 | expectedError: "invalid_token", |
| 194 | expectedCode: http.StatusUnauthorized, |
| 195 | }, |
| 196 | { |
| 197 | name: "InvalidToken_EmptyToken", |
| 198 | useEmptyToken: true, |
| 199 | expectedError: "invalid_token", |
| 200 | expectedCode: http.StatusUnauthorized, |
| 201 | }, |
| 202 | { |
| 203 | name: "InvalidClient_WrongClientID", |
| 204 | useWrongClientID: true, |
| 205 | expectedError: "invalid_token", |
| 206 | expectedCode: http.StatusUnauthorized, |
| 207 | }, |
| 208 | // Skip empty client ID test as it causes routing issues |
| 209 | } |
| 210 | |
| 211 | for _, test := range tests { |
| 212 | t.Run(test.name, func(t *testing.T) { |
| 213 | t.Parallel() |
| 214 | |
| 215 | client := coderdtest.New(t, nil) |
| 216 | _ = coderdtest.CreateFirstUser(t, client) |
| 217 | ctx := testutil.Context(t, testutil.WaitLong) |
| 218 | |
| 219 | // First register a valid client to use for management tests |
| 220 | clientName := fmt.Sprintf("test-client-%d", time.Now().UnixNano()) |
| 221 | regReq := codersdk.OAuth2ClientRegistrationRequest{ |
| 222 | RedirectURIs: []string{"https://example.com/callback"}, |
| 223 | ClientName: clientName, |
| 224 | } |
| 225 | regResp, err := client.PostOAuth2ClientRegistration(ctx, regReq) |
| 226 | require.NoError(t, err) |
| 227 | |
| 228 | // Determine clientID and token based on test configuration |
| 229 | var clientID, token string |
| 230 | switch { |
| 231 | case test.useWrongClientID: |
| 232 | clientID = "550e8400-e29b-41d4-a716-446655440000" // Valid UUID format but non-existent |
| 233 | token = regResp.RegistrationAccessToken |
| 234 | case test.useWrongToken: |
| 235 | clientID = regResp.ClientID |
| 236 | token = "invalid-token" |
nothing calls this directly
no test coverage detected