feat: add positive tests for the Authorization Code Grant

Author: Michito-Okai

src/index.ts

@@ -464,6 +464,14 @@ program
     'Run conformance tests against an authorization server implementation'
   )
   .requiredOption('--url <url>', 'URL of the authorization server issuer')
+  .requiredOption('--client-id <client>', 'Client ID')
+  .requiredOption('--secret <secret>', 'Client Secret')
+  .option(
+    '-p, --port <port>',
+    'redirect uri port',
+    (value) => Number(value),
+    3000
+  )
   .option('-o, --output-dir <path>', 'Save results to this directory')
   .option(
     '--spec-version <version>',
@@ -492,14 +500,22 @@ program
       );
 
       const allResults: { scenario: string; checks: ConformanceCheck[] }[] = [];
+      const details: Record<string, unknown> = {};
       for (const scenarioName of scenarios) {
         console.log(`\n=== Running scenario: ${scenarioName} ===`);
         try {
           const result = await runAuthorizationServerConformanceTest(
-            validated.url,
+            validated,
             scenarioName,
+            details,
             outputDir
           );
+          if (
+            result.checks[0].status === 'SUCCESS' &&
+            result.checks[0].details
+          ) {
+            details[scenarioName] = result.checks[0].details;
+          }
           allResults.push({ scenario: scenarioName, checks: result.checks });
         } catch (error) {
           console.error(`Failed to run scenario ${scenarioName}:`, error);

src/runner/authorization-server.ts

@@ -3,10 +3,12 @@ import path from 'path';
 import { ConformanceCheck } from '../types';
 import { getClientScenarioForAuthorizationServer } from '../scenarios';
 import { createResultDir } from './utils';
+import { AuthorizationServerOptions } from '../schemas';
 
 export async function runAuthorizationServerConformanceTest(
-  serverUrl: string,
+  option: AuthorizationServerOptions,
   scenarioName: string,
+  details: Record<string, unknown>,
   outputDir?: string
 ): Promise<{
   checks: ConformanceCheck[];
@@ -28,10 +30,10 @@ export async function runAuthorizationServerConformanceTest(
   const scenario = getClientScenarioForAuthorizationServer(scenarioName)!;
 
   console.log(
-    `Running client scenario for authorization server '${scenarioName}' against server: ${serverUrl}`
+    `Running client scenario for authorization server '${scenarioName}' against server: ${option.url}`
   );
 
-  const checks = await scenario.run(serverUrl);
+  const checks = await scenario.run(option, details);
 
   if (resultDir) {
     await fs.writeFile(

src/scenarios/authorization-server/auth/helpers/createCallbackServer.ts

@@ -0,0 +1,40 @@
+import express from 'express';
+
+export interface CallbackServer {
+  waitForCallback: (timeoutMs: number) => Promise<string>;
+}
+
+export function startCallbackServer(port: number): CallbackServer {
+  const app = express();
+
+  let resolveFn: (url: string) => void;
+
+  const promise = new Promise<string>((resolve) => {
+    resolveFn = resolve;
+  });
+
+  const server = app.listen(port, '127.0.0.1', () => {
+    console.log(`Callback server started: http://localhost:${port}`);
+  });
+
+  app.use((req, res) => {
+    const fullUrl = `${req.protocol}://${req.get('host')}${req.originalUrl}`;
+    res.send('OK. You can close this page.');
+
+    server.close();
+    resolveFn(fullUrl);
+  });
+
+  return {
+    waitForCallback: (timeoutMs: number) =>
+      Promise.race([
+        promise,
+        new Promise<string>((_, reject) =>
+          setTimeout(() => {
+            server.close();
+            reject(new Error('Timeout: No callback received'));
+          }, timeoutMs)
+        )
+      ])
+  };
+}

src/scenarios/authorization-server/auth/spec-references.ts

@@ -0,0 +1,12 @@
+import { SpecReference } from '../../../types';
+
+export const SpecReferences: { [key: string]: SpecReference } = {
+  MCP_AUTH_DISCOVERY: {
+    id: 'MCP-Authorization-metadata-discovery',
+    url: 'https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization#authorization-server-metadata-discovery'
+  },
+  OAUTH_2_1_AUTHORIZATION_CODE_GRANT: {
+    id: 'OAUTH-2.1-authorization-code-grant',
+    url: 'https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-13.html#section-4.1'
+  }
+};