From d4115e2f12d6042a976983bacca3ba87343e91e3 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Mon, 2 Jan 2023 19:06:05 +1100 Subject: [PATCH] test: add refresh narrowing and broadening e2e --- cypress/integration/oauth2/refresh_token.js | 44 +++++++++++++++++++++ cypress/support/commands.js | 15 +++++++ 2 files changed, 59 insertions(+) diff --git a/cypress/integration/oauth2/refresh_token.js b/cypress/integration/oauth2/refresh_token.js index a3b1c6282bf..f1f1c72521e 100644 --- a/cypress/integration/oauth2/refresh_token.js +++ b/cypress/integration/oauth2/refresh_token.js @@ -89,4 +89,48 @@ describe("The OAuth 2.0 Refresh Token Grant", function () { }) }) }) + + it("should narrow Refresh Token scopes correctly", function () { + const referrer = `${Cypress.env("client_url")}/empty` + cy.visit(referrer, { + failOnStatusCode: false, + }) + + createClient({ + scope: "offline_access openid foo bar baz", + redirect_uris: [referrer], + grant_types: ["authorization_code", "refresh_token"], + response_types: ["code"], + token_endpoint_auth_method: "none", + }).then((client) => { + cy.authCodeFlowBrowser(client, { + consent: { scope: ["offline_access openid foo bar baz"] }, + createClient: false, + }).then((originalResponse) => { + expect(originalResponse.status).to.eq(200) + expect(originalResponse.body.refresh_token).to.not.be.empty + expect(originalResponse.body.scope).to.eq("offline_access openid foo bar baz") + + const originalToken = originalResponse.body.refresh_token + + cy.refreshTokenBrowserScope(client, originalToken, "offline_access openid foo").then( + (refreshedResponse) => { + expect(refreshedResponse.status).to.eq(200) + expect(refreshedResponse.body.refresh_token).to.not.be.empty + expect(refreshedResponse.body.scope).to.eq("offline_access openid foo") + + const refreshedToken = refreshedResponse.body.refresh_token + + cy.refreshTokenBrowserScope(client, refreshedToken, "offline_access openid foo bar baz").then( + (finalRefreshedResponse) => { + expect(finalRefreshedResponse.status).to.eq(200) + expect(finalRefreshedResponse.body.refresh_token).to.not.be.empty + expect(finalRefreshedResponse.body.scope).to.eq("offline_access openid foo bar baz") + }, + ) + }, + ) + }) + }) + }) }) diff --git a/cypress/support/commands.js b/cypress/support/commands.js index 2f75293404d..08b7be6b4f7 100644 --- a/cypress/support/commands.js +++ b/cypress/support/commands.js @@ -216,3 +216,18 @@ Cypress.Commands.add("refreshTokenBrowser", (client, token) => failOnStatusCode: false, }), ) + +Cypress.Commands.add("refreshTokenBrowserScope", (client, token, scope) => + cy.request({ + url: `${Cypress.env("public_url")}/oauth2/token`, + method: "POST", + form: true, + body: { + grant_type: "refresh_token", + client_id: client.client_id, + refresh_token: token, + scope: scope, + }, + failOnStatusCode: false, + }), +)