test: validate the stored tokens in the session cookie

author: mo khan <mo@mokhan.ca> 2025-04-17 13:52:52 -0600
committer: mo khan <mo@mokhan.ca> 2025-04-17 13:52:52 -0600
commit: f5ddc9d954fae327409b7480970ce171049d4ab7 (patch)
tree: abcbdf52de69295839cc72ac9fa03911b00072cb /app/controllers/sessions/controller_test.go
parent: 493d1e35a7f88451f07a9a3711d6bfd071174b5f (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go
index 8f2118f..d2f903f 100644
--- a/app/controllers/sessions/controller_test.go
+++ b/app/controllers/sessions/controller_test.go
@@ -99,10 +99,30 @@ func TestSessions(t *testing.T) {
 			t.Run("stores the access token in a session cookie", func(t *testing.T) {
 				assert.NotEmpty(t, tokens["access_token"])
 				assert.Equal(t, "bearer", tokens["token_type"])
+
+				keypair, err := mockoidc.DefaultKeypair()
+				require.NoError(t, err)
+
+				token, err := keypair.VerifyJWT(tokens["access_token"].(string), nil)
+				require.NoError(t, err)
+
+				sub, err := token.Claims.GetSubject()
+				require.NoError(t, err)
+				assert.Equal(t, user.Subject, sub)
 			})
 
 			t.Run("stores the refresh token in a session cookie", func(t *testing.T) {
 				assert.NotEmpty(t, tokens["refresh_token"])
+
+				keypair, err := mockoidc.DefaultKeypair()
+				require.NoError(t, err)
+
+				token, err := keypair.VerifyJWT(tokens["refresh_token"].(string), nil)
+				require.NoError(t, err)
+
+				sub, err := token.Claims.GetSubject()
+				require.NoError(t, err)
+				assert.Equal(t, user.Subject, sub)
 			})
 
 			t.Run("redirects to the homepage", func(t *testing.T) {
author	mo khan <mo@mokhan.ca>	2025-04-17 13:52:52 -0600
committer	mo khan <mo@mokhan.ca>	2025-04-17 13:52:52 -0600
commit	f5ddc9d954fae327409b7480970ce171049d4ab7 (patch)
tree	abcbdf52de69295839cc72ac9fa03911b00072cb /app/controllers/sessions/controller_test.go
parent	493d1e35a7f88451f07a9a3711d6bfd071174b5f (diff)