test(verify): M4 — OAuth login via in-process mock OIDC#17
Merged
Conversation
- mock-oidc.ts: minimal OIDC IdP (/authorize, /token with PKCE S256, /userinfo), started in global-setup; the API reaches it via host.docker.internal, the harness drives /authorize via localhost. - compose: a 'mock' OAUTH_PROVIDERS entry (+ oauth in LOGIN_METHODS, extra_hosts). - oauthLogin flow helper (generic over api '' / adapter '/auth'): start -> follow the authorize redirect for the code -> callback -> session. - api/oauth + adapter/oauth specs. Full suite 24/24. React OAuth is deferred (the starter/SDK has no provider UI yet) per scope.
Drives the provider button -> IdP redirect -> /oauth/callback -> signed-in flow. Green under --local against the local @seamless-auth/react OAuth UI; released-green once that ships (seamless-auth-react#44) and the starter bumps to it.
Contributor
Author
|
Added a React browser OAuth case ( |
Bump the adapter to @seamless-auth/express 0.6.0-beta.20260629083811 (latest beta, includes the non-JSON-response fix). Drop the explicit OAuth provider JSON paths now that the API applies the schema defaults (seamless-auth-api#50), so the harness config relies on those defaults. Released and --local runs are both 25/25.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds M4 of the
seamless verifyharness: OAuth login via an in-process mock OIDC provider.Full suite is 24/24 green (
seamless verify).New cases
POST /oauth/mock/start→ follow the authorize redirect for the code →POST /oauth/mock/callback→ session (token + refresh + sub).cookie (
/users/me→ 200).Mock OIDC (
verify/harness/mock-oidc.ts)Minimal IdP started in global-setup:
/authorize(mint a code + fresh user, redirect back),/token(validate PKCE S256 + consume the code),/userinfo. The API only uses theaccess token + userinfo (no id_token/JWKS), so that's all it needs.
Networking: the API calls token/userinfo server-side while the harness drives
/authorize, so the provider config splits URLs —authorizationUrlvialocalhost,tokenUrl/userInfoUrlviahost.docker.internal(+ anextra_hostsentry on auth-api).Findings surfaced (filed, not blocking)
OAUTH_PROVIDERSenv config skipsOAuthProviderConfigSchemadefaults (
subjectJsonPathetc. stay undefined → silent "OAuth login failed"). Worked around hereby setting the JSON paths explicitly in the compose config.
callback route, so browser OAuth isn't yet coverable. React OAuth case deferred until that lands.