TestRefreshTokenGrant_Scopes tests that scopes can be requested during refresh
(t *testing.T)
| 372 | |
| 373 | // TestRefreshTokenGrant_Scopes tests that scopes can be requested during refresh |
| 374 | func TestRefreshTokenGrant_Scopes(t *testing.T) { |
| 375 | t.Parallel() |
| 376 | |
| 377 | // Test that refresh token requests can include scope parameter |
| 378 | // per RFC 6749 Section 6 |
| 379 | form := url.Values{} |
| 380 | form.Set("grant_type", "refresh_token") |
| 381 | form.Set("refresh_token", "test-refresh-token") |
| 382 | form.Set("scope", "reduced:scope subset:scope") |
| 383 | |
| 384 | callbackURL, err := url.Parse("http://localhost:3000/callback") |
| 385 | require.NoError(t, err) |
| 386 | |
| 387 | req := &http.Request{ |
| 388 | Method: http.MethodPost, |
| 389 | PostForm: form, |
| 390 | Form: form, |
| 391 | } |
| 392 | |
| 393 | tokenReq, validationErrs, err := extractTokenRequest(req, callbackURL) |
| 394 | |
| 395 | require.NoError(t, err) |
| 396 | require.Empty(t, validationErrs) |
| 397 | require.Equal(t, codersdk.OAuth2ProviderGrantTypeRefreshToken, tokenReq.GrantType) |
| 398 | require.Equal(t, []string{"reduced:scope", "subset:scope"}, parseScopes(tokenReq.Scope)) |
| 399 | } |
nothing calls this directly
no test coverage detected