TestOAuth2DynamicClientRegistration tests RFC 7591 dynamic client registration
(t *testing.T)
| 1341 | |
| 1342 | // TestOAuth2DynamicClientRegistration tests RFC 7591 dynamic client registration |
| 1343 | func TestOAuth2DynamicClientRegistration(t *testing.T) { |
| 1344 | t.Parallel() |
| 1345 | |
| 1346 | client := coderdtest.New(t, nil) |
| 1347 | _ = coderdtest.CreateFirstUser(t, client) |
| 1348 | |
| 1349 | t.Run("BasicRegistration", func(t *testing.T) { |
| 1350 | t.Parallel() |
| 1351 | ctx := testutil.Context(t, testutil.WaitLong) |
| 1352 | |
| 1353 | clientName := fmt.Sprintf("test-client-basic-%d", time.Now().UnixNano()) |
| 1354 | req := codersdk.OAuth2ClientRegistrationRequest{ |
| 1355 | RedirectURIs: []string{"https://example.com/callback"}, |
| 1356 | ClientName: clientName, |
| 1357 | ClientURI: "https://example.com", |
| 1358 | LogoURI: "https://example.com/logo.png", |
| 1359 | TOSURI: "https://example.com/tos", |
| 1360 | PolicyURI: "https://example.com/privacy", |
| 1361 | Contacts: []string{"admin@example.com"}, |
| 1362 | } |
| 1363 | |
| 1364 | // Register client |
| 1365 | resp, err := client.PostOAuth2ClientRegistration(ctx, req) |
| 1366 | require.NoError(t, err) |
| 1367 | |
| 1368 | // Verify response fields |
| 1369 | require.NotEmpty(t, resp.ClientID) |
| 1370 | require.NotEmpty(t, resp.ClientSecret) |
| 1371 | require.NotEmpty(t, resp.RegistrationAccessToken) |
| 1372 | require.NotEmpty(t, resp.RegistrationClientURI) |
| 1373 | require.Greater(t, resp.ClientIDIssuedAt, int64(0)) |
| 1374 | require.Equal(t, int64(0), resp.ClientSecretExpiresAt) // Non-expiring |
| 1375 | |
| 1376 | // Verify default values |
| 1377 | require.Contains(t, resp.GrantTypes, codersdk.OAuth2ProviderGrantTypeAuthorizationCode) |
| 1378 | require.Contains(t, resp.GrantTypes, codersdk.OAuth2ProviderGrantTypeRefreshToken) |
| 1379 | require.Contains(t, resp.ResponseTypes, codersdk.OAuth2ProviderResponseTypeCode) |
| 1380 | require.Equal(t, codersdk.OAuth2TokenEndpointAuthMethodClientSecretBasic, resp.TokenEndpointAuthMethod) |
| 1381 | |
| 1382 | // Verify request values are preserved |
| 1383 | require.Equal(t, req.RedirectURIs, resp.RedirectURIs) |
| 1384 | require.Equal(t, req.ClientName, resp.ClientName) |
| 1385 | require.Equal(t, req.ClientURI, resp.ClientURI) |
| 1386 | require.Equal(t, req.LogoURI, resp.LogoURI) |
| 1387 | require.Equal(t, req.TOSURI, resp.TOSURI) |
| 1388 | require.Equal(t, req.PolicyURI, resp.PolicyURI) |
| 1389 | require.Equal(t, req.Contacts, resp.Contacts) |
| 1390 | }) |
| 1391 | |
| 1392 | t.Run("MinimalRegistration", func(t *testing.T) { |
| 1393 | t.Parallel() |
| 1394 | ctx := testutil.Context(t, testutil.WaitLong) |
| 1395 | |
| 1396 | req := codersdk.OAuth2ClientRegistrationRequest{ |
| 1397 | RedirectURIs: []string{"https://minimal.com/callback"}, |
| 1398 | } |
| 1399 | |
| 1400 | // Register client with minimal fields |
nothing calls this directly
no test coverage detected