feat: require a login before authorizing an auth grant

1 files changed, 15 insertions, 1 deletions

diff --git a/test/e2e_test.go b/test/e2e_test.go
index 12e28edd..b465d764 100644
--- a/test/e2e_test.go
+++ b/test/e2e_test.go
@@ -43,6 +43,7 @@ func TestAuthx(t *testing.T) {
 		}
 
 		t.Run("GET http://ui.example.com:8080/saml/new", func(t *testing.T) {
+			assert.NoError(t, page.Context().ClearCookies())
 			x.Must(page.Goto("http://ui.example.com:8080/saml/new"))
 			action := x.Must(page.Locator("#idp-form").GetAttribute("action"))
 			assert.Equal(t, "http://idp.example.com:8080/saml/new", action)
@@ -61,8 +62,15 @@ func TestAuthx(t *testing.T) {
 
 	t.Run("OIDC", func(t *testing.T) {
 		t.Run("GET http://ui.example.com:8080/oidc/new", func(t *testing.T) {
+			assert.NoError(t, page.Context().ClearCookies())
 			x.Must(page.Goto("http://ui.example.com:8080/oidc/new"))
-			assert.Contains(t, page.URL(), "http://idp.example.com:8080/oauth/authorize")
+
+			assert.Contains(t, page.URL(), "http://idp.example.com:8080/sessions/new")
+			page.Locator("#username").Fill("username1")
+			page.Locator("#password").Fill("password1")
+			assert.NoError(t, page.Locator("#login-button").Click())
+
+			assert.Contains(t, page.URL(), "http://idp.example.com:8080/oauth/authorize/continue")
 			assert.NoError(t, page.Locator("#submit-button").Click())
 
 			assert.Contains(t, page.URL(), "http://ui.example.com:8080/oauth/callback")
@@ -177,7 +185,13 @@ func TestAuthx(t *testing.T) {
 				oauth2.SetAuthURLParam("response_type", "code"),
 				oauth2.SetAuthURLParam("response_mode", "fragment"),
 			)
+			assert.NoError(t, page.Context().ClearCookies())
 			x.Must(page.Goto(authURL))
+
+			page.Locator("#username").Fill("username1")
+			page.Locator("#password").Fill("password1")
+			assert.NoError(t, page.Locator("#login-button").Click())
+
 			assert.NoError(t, page.Locator("#submit-button").Click())
 
 			uri := x.Must(url.Parse(page.URL()))