From f5ddc9d954fae327409b7480970ce171049d4ab7 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Thu, 17 Apr 2025 13:52:52 -0600
Subject: test: validate the stored tokens in the session cookie

---
 app/controllers/sessions/controller_test.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'app')

diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go
index 8f2118f..d2f903f 100644
--- a/app/controllers/sessions/controller_test.go
+++ b/app/controllers/sessions/controller_test.go
@@ -99,10 +99,30 @@ func TestSessions(t *testing.T) {
 			t.Run("stores the access token in a session cookie", func(t *testing.T) {
 				assert.NotEmpty(t, tokens["access_token"])
 				assert.Equal(t, "bearer", tokens["token_type"])
+
+				keypair, err := mockoidc.DefaultKeypair()
+				require.NoError(t, err)
+
+				token, err := keypair.VerifyJWT(tokens["access_token"].(string), nil)
+				require.NoError(t, err)
+
+				sub, err := token.Claims.GetSubject()
+				require.NoError(t, err)
+				assert.Equal(t, user.Subject, sub)
 			})
 
 			t.Run("stores the refresh token in a session cookie", func(t *testing.T) {
 				assert.NotEmpty(t, tokens["refresh_token"])
+
+				keypair, err := mockoidc.DefaultKeypair()
+				require.NoError(t, err)
+
+				token, err := keypair.VerifyJWT(tokens["refresh_token"].(string), nil)
+				require.NoError(t, err)
+
+				sub, err := token.Claims.GetSubject()
+				require.NoError(t, err)
+				assert.Equal(t, user.Subject, sub)
 			})
 
 			t.Run("redirects to the homepage", func(t *testing.T) {
-- 
cgit v1.2.3