test: /.well-known/oauth-authorization-server

author: mo khan <mo@mokhan.ca> 2025-03-11 16:45:30 -0600
committer: mo khan <mo@mokhan.ca> 2025-03-11 16:45:30 -0600
commit: bb0dc45f591e2bb52f505fff65e6ccd344c643e8 (patch)
tree: a28c3a419d75018a46f7245a05adad7a1e3de3d5 /test
parent: 9309624a902427449dc26a24495534a46f915271 (diff)
1 files changed, 37 insertions, 9 deletions
diff --git a/test/e2e_test.go b/test/e2e_test.go
index e4ef0a0..32737c7 100644
--- a/test/e2e_test.go
+++ b/test/e2e_test.go
@@ -92,17 +92,45 @@ func TestAuthx(t *testing.T) {
 	})
 
 	t.Run("OAuth", func(t *testing.T) {
-		conf := &oauth2.Config{
-			ClientID:     "client_id",
-			ClientSecret: "client_secret",
-			Scopes:       []string{"openid"},
-			Endpoint: oauth2.Endpoint{
-				TokenURL: "http://idp.example.com:8080/oauth/token",
-				AuthURL:  "http://idp.example.com:8080/oauth/authorize",
-			},
-		}
+		t.Run("GET /.well-known/oauth-authorization-server", func(t *testing.T) {
+			response := x.Must(client.Get("http://idp.example.com:8080/.well-known/oauth-authorization-server"))
+			assert.Equal(t, http.StatusOK, response.StatusCode)
+			metadata := x.Must(serde.FromJSON[map[string]interface{}](response.Body))
+			assert.Equal(t, "http://idp.example.com:8080/.well-known/oauth-authorization-server", metadata["issuer"])
+			assert.Equal(t, "http://idp.example.com:8080/oauth/authorize", metadata["authorization_endpoint"])
+			assert.Equal(t, "http://idp.example.com:8080/oauth/token", metadata["token_endpoint"])
+			// assert.NotEmpty(t, metadata["jwks_uri"])
+			// assert.NotEmpty(t, metadata["registration_endpoint"])
+			assert.NotEmpty(t, metadata["scopes_supported"])
+			assert.NotEmpty(t, metadata["response_types_supported"])
+			assert.NotEmpty(t, metadata["response_modes_supported"])
+			assert.NotEmpty(t, metadata["grant_types_supported"])
+			assert.NotEmpty(t, metadata["token_endpoint_auth_methods_supported"])
+			assert.NotEmpty(t, metadata["token_endpoint_auth_signing_alg_values_supported"])
+			// assert.NotEmpty(t, metadata["service_documentation"])
+			assert.NotEmpty(t, metadata["ui_locales_supported"])
+			// assert.NotEmpty(t, metadata["op_policy_uri"])
+			// assert.NotEmpty(t, metadata["op_tos_uri"])
+			assert.NotEmpty(t, metadata["revocation_endpoint"])
+			assert.NotEmpty(t, metadata["revocation_endpoint_auth_methods_supported"])
+			assert.NotEmpty(t, metadata["revocation_endpoint_auth_signing_alg_values_supported"])
+			assert.NotEmpty(t, metadata["introspection_endpoint"])
+			assert.NotEmpty(t, metadata["introspection_endpoint_auth_methods_supported"])
+			assert.NotEmpty(t, metadata["introspection_endpoint_auth_signing_alg_values_supported"])
+			// assert.NotEmpty(t, metadata["code_challenge_methods_supported"])
+		})
 
 		t.Run("authorization code grant", func(t *testing.T) {
+			conf := &oauth2.Config{
+				ClientID:     "client_id",
+				ClientSecret: "client_secret",
+				Scopes:       []string{"openid"},
+				Endpoint: oauth2.Endpoint{
+					TokenURL: "http://idp.example.com:8080/oauth/token",
+					AuthURL:  "http://idp.example.com:8080/oauth/authorize",
+				},
+			}
+
 			authURL := conf.AuthCodeURL(
 				"state",
 				oauth2.SetAuthURLParam("client_id", "client_id"),
author	mo khan <mo@mokhan.ca>	2025-03-11 16:45:30 -0600
committer	mo khan <mo@mokhan.ca>	2025-03-11 16:45:30 -0600
commit	bb0dc45f591e2bb52f505fff65e6ccd344c643e8 (patch)
tree	a28c3a419d75018a46f7245a05adad7a1e3de3d5 /test
parent	9309624a902427449dc26a24495534a46f915271 (diff)