mirrors/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-14 20:32:29 +00:00
Code Activity

feat: add OIDC refresh_token support (#325)

Browse Source 
Co-authored-by: Elias Schneider <login@eliasschneider.com>
This commit is contained in:
Kyle Mendell
2025-03-23 15:14:26 -05:00
committed by GitHub
parent 7888d70656
commit b8dcda8049
14 changed files with 339 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
frontend/tests/oidc.spec.ts
View File

@@ -1,5 +1,5 @@
import test, { expect } from '@playwright/test';
import { oidcClients } from './data';
import { oidcClients, refreshTokens } from './data';
import { cleanupBackend } from './utils/cleanup.util';
import passkeyUtil from './utils/passkey.util';
@@ -134,3 +134,60 @@ test('End session with id token hint redirects to callback URL', async ({ page }
expect(redirectedCorrectly).toBeTruthy();
});
test('Successfully refresh tokens with valid refresh token', async ({ request }) => {
const { token, clientId } = refreshTokens.filter((token) => !token.expired)[0];
const clientSecret = 'w2mUeZISmEvIDMEDvpY0PnxQIpj1m3zY';
const refreshResponse = await request.post('/api/oidc/token', {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
form: {
grant_type: 'refresh_token',
client_id: clientId,
refresh_token: token,
client_secret: clientSecret
}
});
// Verify we got new tokens
const tokenData = await refreshResponse.json();
expect(tokenData.access_token).toBeDefined();
expect(tokenData.refresh_token).toBeDefined();
expect(tokenData.token_type).toBe('Bearer');
expect(tokenData.expires_in).toBe(3600);
// The new refresh token should be different from the old one
expect(tokenData.refresh_token).not.toBe(token);
});
test('Using refresh token invalidates it for future use', async ({ request }) => {
const { token, clientId } = refreshTokens.filter((token) => !token.expired)[0];
const clientSecret = 'w2mUeZISmEvIDMEDvpY0PnxQIpj1m3zY';
await request.post('/api/oidc/token', {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
form: {
grant_type: 'refresh_token',
client_id: clientId,
refresh_token: token,
client_secret: clientSecret
}
});
const refreshResponse = await request.post('/api/oidc/token', {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
form: {
grant_type: 'refresh_token',
client_id: clientId,
refresh_token: token,
client_secret: clientSecret
}
});
expect(refreshResponse.status()).toBe(400);
});