MCPcopy Index your code
hub / github.com/coder/coder / TestOAuth2ProviderResourceIndicators

Function TestOAuth2ProviderResourceIndicators

coderd/oauth2_test.go:934–1117  ·  view source on GitHub ↗

TestOAuth2ProviderResourceIndicators tests RFC 8707 Resource Indicators support including resource parameter validation in authorization and token exchange flows.

(t *testing.T)

Source from the content-addressed store, hash-verified

932// TestOAuth2ProviderResourceIndicators tests RFC 8707 Resource Indicators support
933// including resource parameter validation in authorization and token exchange flows.
934func TestOAuth2ProviderResourceIndicators(t *testing.T) {
935 t.Parallel()
936
937 db, pubsub := dbtestutil.NewDB(t)
938 ownerClient := coderdtest.New(t, &coderdtest.Options{
939 Database: db,
940 Pubsub: pubsub,
941 })
942 owner := coderdtest.CreateFirstUser(t, ownerClient)
943 ctx := testutil.Context(t, testutil.WaitLong)
944 apps := generateApps(ctx, t, ownerClient, "resource-indicators")
945
946 //nolint:gocritic // OAauth2 app management requires owner permission.
947 secret, err := ownerClient.PostOAuth2ProviderAppSecret(ctx, apps.Default.ID)
948 require.NoError(t, err)
949
950 resource := ownerClient.URL.String()
951
952 tests := []struct {
953 name string
954 authResource string // Resource parameter during authorization
955 tokenResource string // Resource parameter during token exchange
956 refreshResource string // Resource parameter during refresh
957 expectAuthError bool
958 expectTokenError bool
959 expectRefreshError bool
960 }{
961 {
962 name: "NoResourceParameter",
963 // Standard flow without resource parameter
964 },
965 {
966 name: "ValidResourceParameter",
967 authResource: resource,
968 tokenResource: resource,
969 refreshResource: resource,
970 },
971 {
972 name: "ResourceInAuthOnly",
973 authResource: resource,
974 tokenResource: "", // Missing in token exchange
975 expectTokenError: true,
976 },
977 {
978 name: "ResourceInTokenOnly",
979 authResource: "", // Missing in auth
980 tokenResource: resource,
981 expectTokenError: true,
982 },
983 {
984 name: "ResourceMismatch",
985 authResource: "https://resource1.example.com",
986 tokenResource: "https://resource2.example.com", // Different resource
987 expectTokenError: true,
988 },
989 {
990 name: "RefreshWithDifferentResource",
991 authResource: resource,

Callers

nothing calls this directly

Calls 15

AuthCodeURLMethod · 0.95
TokenSourceMethod · 0.95
NewDBFunction · 0.92
NewFunction · 0.92
CreateFirstUserFunction · 0.92
ContextFunction · 0.92
CreateAnotherUserFunction · 0.92
OAuth2GetCodeFunction · 0.92
NewFunction · 0.92
generatePKCEFunction · 0.85
customTokenExchangeFunction · 0.85

Tested by

no test coverage detected