Commit bb0dc45

mo khan <mo@mokhan.ca>
2025-03-11 22:45:30
test: /.well-known/oauth-authorization-server
main
1 parent 9309624
Changed files (1)
test
e2e_test.go
test/e2e_test.go
@@ -92,17 +92,45 @@ func TestAuthx(t *testing.T) {
 	})
 
 	t.Run("OAuth", func(t *testing.T) {
-		conf := &oauth2.Config{
-			ClientID:     "client_id",
-			ClientSecret: "client_secret",
-			Scopes:       []string{"openid"},
-			Endpoint: oauth2.Endpoint{
-				TokenURL: "http://idp.example.com:8080/oauth/token",
-				AuthURL:  "http://idp.example.com:8080/oauth/authorize",
-			},
-		}
+		t.Run("GET /.well-known/oauth-authorization-server", func(t *testing.T) {
+			response := x.Must(client.Get("http://idp.example.com:8080/.well-known/oauth-authorization-server"))
+			assert.Equal(t, http.StatusOK, response.StatusCode)
+			metadata := x.Must(serde.FromJSON[map[string]interface{}](response.Body))
+			assert.Equal(t, "http://idp.example.com:8080/.well-known/oauth-authorization-server", metadata["issuer"])
+			assert.Equal(t, "http://idp.example.com:8080/oauth/authorize", metadata["authorization_endpoint"])
+			assert.Equal(t, "http://idp.example.com:8080/oauth/token", metadata["token_endpoint"])
+			// assert.NotEmpty(t, metadata["jwks_uri"])
+			// assert.NotEmpty(t, metadata["registration_endpoint"])
+			assert.NotEmpty(t, metadata["scopes_supported"])
+			assert.NotEmpty(t, metadata["response_types_supported"])
+			assert.NotEmpty(t, metadata["response_modes_supported"])
+			assert.NotEmpty(t, metadata["grant_types_supported"])
+			assert.NotEmpty(t, metadata["token_endpoint_auth_methods_supported"])
+			assert.NotEmpty(t, metadata["token_endpoint_auth_signing_alg_values_supported"])
+			// assert.NotEmpty(t, metadata["service_documentation"])
+			assert.NotEmpty(t, metadata["ui_locales_supported"])
+			// assert.NotEmpty(t, metadata["op_policy_uri"])
+			// assert.NotEmpty(t, metadata["op_tos_uri"])
+			assert.NotEmpty(t, metadata["revocation_endpoint"])
+			assert.NotEmpty(t, metadata["revocation_endpoint_auth_methods_supported"])
+			assert.NotEmpty(t, metadata["revocation_endpoint_auth_signing_alg_values_supported"])
+			assert.NotEmpty(t, metadata["introspection_endpoint"])
+			assert.NotEmpty(t, metadata["introspection_endpoint_auth_methods_supported"])
+			assert.NotEmpty(t, metadata["introspection_endpoint_auth_signing_alg_values_supported"])
+			// assert.NotEmpty(t, metadata["code_challenge_methods_supported"])
+		})
 
 		t.Run("authorization code grant", func(t *testing.T) {
+			conf := &oauth2.Config{
+				ClientID:     "client_id",
+				ClientSecret: "client_secret",
+				Scopes:       []string{"openid"},
+				Endpoint: oauth2.Endpoint{
+					TokenURL: "http://idp.example.com:8080/oauth/token",
+					AuthURL:  "http://idp.example.com:8080/oauth/authorize",
+				},
+			}
+
 			authURL := conf.AuthCodeURL(
 				"state",
 				oauth2.SetAuthURLParam("client_id", "client_id"),