feat: e2e test for verification

Author: SoulPancake

build.gradle

@@ -173,3 +173,10 @@ tasks.register('test-integration') {
 tasks.named('check').configure {
     dependsOn 'spotlessCheck'
 }
+
+// Temporary task for running the E2E streaming auth test against Docker containers.
+// Usage: ./gradlew e2eStreamingAuth
+tasks.register('e2eStreamingAuth', JavaExec) {
+    classpath = sourceSets.test.runtimeClasspath
+    mainClass = 'dev.openfga.sdk.e2e.E2EStreamingAuthTest'
+}

e2e-test/E2EStreamingAuthTest.java

@@ -0,0 +1,228 @@
+package dev.openfga.sdk.e2e;
+
+import dev.openfga.sdk.api.client.OpenFgaClient;
+import dev.openfga.sdk.api.client.model.*;
+import dev.openfga.sdk.api.configuration.*;
+import dev.openfga.sdk.api.model.*;
+import dev.openfga.sdk.api.model.CreateStoreRequest;
+import dev.openfga.sdk.api.model.WriteAuthorizationModelRequest;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * End-to-end verification against real Docker containers.
+ * NOT a JUnit test — run manually after docker-compose up.
+ *
+ * Tests:
+ *   1. API_TOKEN auth  → preshared-key OpenFGA on port 8082
+ *   2. CLIENT_CREDENTIALS auth → OIDC OpenFGA on port 8080 + mock OAuth2 on port 9090
+ *
+ * For each auth method, exercises:
+ *   - CreateStore
+ *   - WriteAuthorizationModel
+ *   - Write (tuples)
+ *   - Check (non-streaming)
+ *   - ListObjects (non-streaming)
+ *   - StreamedListObjects (streaming) ← the bug from #330
+ */
+public class E2EStreamingAuthTest {
+
+    // The mock-oauth2-server token endpoint URL.
+    // Both the host SDK client and the openfga container reach mock-oauth2 via
+    // localhost:9090 (the container uses extra_hosts: localhost → host-gateway).
+    // This ensures the JWT "iss" claim matches OpenFGA's configured OIDC issuer.
+    private static final String OAUTH2_TOKEN_ENDPOINT = "http://localhost:9090/default/token";
+    private static final String OIDC_AUDIENCE = "openfga";
+
+    private static int passed = 0;
+    private static int failed = 0;
+
+    public static void main(String[] args) throws Exception {
+        System.out.println("╔══════════════════════════════════════════════════════════╗");
+        System.out.println("║  E2E Streaming Auth Test — openfga/java-sdk#330 fix     ║");
+        System.out.println("╚══════════════════════════════════════════════════════════╝\n");
+
+        testApiTokenAuth();
+        System.out.println();
+        testClientCredentialsAuth();
+
+        System.out.println("\n════════════════════════════════════════════════════════════");
+        System.out.printf("  Results: %d passed, %d failed%n", passed, failed);
+        System.out.println("════════════════════════════════════════════════════════════");
+
+        if (failed > 0) {
+            System.exit(1);
+        }
+    }
+
+    // -----------------------------------------------------------------------
+    // Test 1: API_TOKEN (preshared key)
+    // -----------------------------------------------------------------------
+    private static void testApiTokenAuth() throws Exception {
+        System.out.println("─── Test Suite: API_TOKEN (preshared key on port 8082) ───");
+
+        ClientConfiguration config = new ClientConfiguration()
+                .apiUrl("http://localhost:8082")
+                .credentials(new Credentials(new ApiToken("test-api-key-123")));
+
+        OpenFgaClient client = new OpenFgaClient(config);
+
+        // Create store
+        var store = client.createStore(new CreateStoreRequest().name("e2e-apitoken-test")).get();
+        String storeId = store.getId();
+        check("createStore", storeId != null && !storeId.isEmpty());
+        System.out.println("       Store ID: " + storeId);
+
+        config.storeId(storeId);
+        client = new OpenFgaClient(config);
+
+        // Write auth model
+        var model = writeModel(client);
+        check("writeAuthModel", model != null);
+
+        // Write tuples
+        writeTuples(client);
+        check("writeTuples", true);
+
+        // Non-streaming check
+        var checkResult = client.check(new ClientCheckRequest()
+                        .user("user:anne").relation("reader")._object("document:readme"))
+                .get();
+        check("check (non-streaming)", checkResult.getAllowed());
+
+        // Non-streaming listObjects
+        var listResult = client.listObjects(new ClientListObjectsRequest()
+                        .user("user:anne").relation("reader").type("document"))
+                .get();
+        check("listObjects (non-streaming)", listResult.getObjects().contains("document:readme"));
+
+        // ★ STREAMING listObjects — this is the #330 regression
+        List<StreamedListObjectsResponse> streamResults = new ArrayList<>();
+        client.streamedListObjects(
+                        new ClientListObjectsRequest().user("user:anne").relation("reader").type("document"),
+                        streamResults::add)
+                .get();
+        boolean streamOk = streamResults.stream().anyMatch(r -> "document:readme".equals(r.getObject()));
+        check("streamedListObjects (streaming) ★ #330 fix", streamOk);
+
+        System.out.println("       Streamed objects: "
+                + streamResults.stream().map(StreamedListObjectsResponse::getObject).toList());
+    }
+
+    // -----------------------------------------------------------------------
+    // Test 2: CLIENT_CREDENTIALS (OAuth2 OIDC)
+    // -----------------------------------------------------------------------
+    private static void testClientCredentialsAuth() throws Exception {
+        System.out.println("─── Test Suite: CLIENT_CREDENTIALS (OIDC on port 8080) ───");
+
+        // The mock-oauth2-server accepts any client_id/secret for client_credentials grant.
+        ClientConfiguration config = new ClientConfiguration()
+                .apiUrl("http://localhost:8080")
+                .credentials(new Credentials(new ClientCredentials()
+                        .clientId("e2e-test-client")
+                        .clientSecret("e2e-test-secret")
+                        .apiAudience(OIDC_AUDIENCE)
+                        .apiTokenIssuer(OAUTH2_TOKEN_ENDPOINT)));
+
+        OpenFgaClient client = new OpenFgaClient(config);
+
+        // Create store
+        var store = client.createStore(new CreateStoreRequest().name("e2e-oidc-test")).get();
+        String storeId = store.getId();
+        check("createStore", storeId != null && !storeId.isEmpty());
+        System.out.println("       Store ID: " + storeId);
+
+        config.storeId(storeId);
+        client = new OpenFgaClient(config);
+
+        // Write auth model
+        var model = writeModel(client);
+        check("writeAuthModel", model != null);
+
+        // Write tuples
+        writeTuples(client);
+        check("writeTuples", true);
+
+        // Non-streaming check
+        var checkResult = client.check(new ClientCheckRequest()
+                        .user("user:anne").relation("reader")._object("document:readme"))
+                .get();
+        check("check (non-streaming)", checkResult.getAllowed());
+
+        // Non-streaming listObjects
+        var listResult = client.listObjects(new ClientListObjectsRequest()
+                        .user("user:anne").relation("reader").type("document"))
+                .get();
+        check("listObjects (non-streaming)", listResult.getObjects().contains("document:readme"));
+
+        // ★ STREAMING listObjects — the bug from #330
+        List<StreamedListObjectsResponse> streamResults = new ArrayList<>();
+        client.streamedListObjects(
+                        new ClientListObjectsRequest().user("user:anne").relation("reader").type("document"),
+                        streamResults::add)
+                .get();
+        boolean streamOk = streamResults.stream().anyMatch(r -> "document:readme".equals(r.getObject()));
+        check("streamedListObjects (streaming) ★ #330 fix", streamOk);
+
+        System.out.println("       Streamed objects: "
+                + streamResults.stream().map(StreamedListObjectsResponse::getObject).toList());
+    }
+
+    // -----------------------------------------------------------------------
+    // Helpers
+    // -----------------------------------------------------------------------
+
+    private static String writeModel(OpenFgaClient client) throws Exception {
+        var response = client.writeAuthorizationModel(new WriteAuthorizationModelRequest()
+                        .schemaVersion("1.1")
+                        .typeDefinitions(List.of(
+                                new TypeDefinition().type("user"),
+                                new TypeDefinition().type("document").relations(Map.of(
+                                        "reader", new Userset()._this(new HashMap<>()),
+                                        "writer", new Userset()._this(new HashMap<>())
+                                )).metadata(new Metadata().relations(Map.of(
+                                        "reader", new RelationMetadata().directlyRelatedUserTypes(
+                                                List.of(new RelationReference().type("user"))),
+                                        "writer", new RelationMetadata().directlyRelatedUserTypes(
+                                                List.of(new RelationReference().type("user")))
+                                ))))))
+                .get();
+        String modelId = response.getAuthorizationModelId();
+        System.out.println("       Auth Model ID: " + modelId);
+        return modelId;
+    }
+
+    private static void writeTuples(OpenFgaClient client) throws Exception {
+        client.write(new ClientWriteRequest()
+                        .writes(List.of(
+                                new ClientTupleKey()
+                                        .user("user:anne")
+                                        .relation("reader")
+                                        ._object("document:readme"),
+                                new ClientTupleKey()
+                                        .user("user:anne")
+                                        .relation("reader")
+                                        ._object("document:changelog"),
+                                new ClientTupleKey()
+                                        .user("user:anne")
+                                        .relation("writer")
+                                        ._object("document:readme")
+                        )), new ClientWriteOptions())
+                .get();
+        System.out.println("       Wrote 3 tuples");
+    }
+
+    private static void check(String name, boolean ok) {
+        if (ok) {
+            passed++;
+            System.out.printf("  ✅ %s%n", name);
+        } else {
+            failed++;
+            System.out.printf("  ❌ %s%n", name);
+        }
+    }
+}
+
+

e2e-test/Makefile

@@ -0,0 +1,101 @@
+.PHONY: help up down restart build run test clean logs status
+
+# SDK jar — resolved dynamically from the parent build output
+SDK_JAR := $(wildcard ../build/libs/openfga-sdk-*.jar)
+BUILD_DIR := /tmp/e2e-build
+GRADLE_CACHE := $(HOME)/.gradle/caches/modules-2/files-2.1
+
+# Dependency versions (must match ../build.gradle)
+JACKSON_VER     := 2.21.2
+JACKSON_ANN_VER := 2.21
+NULLABLE_VER    := 0.2.10
+JSR305_VER      := 3.0.2
+OTEL_VER        := 1.61.0
+
+# Resolve jars from Gradle cache
+DEP_JARS := $(shell find $(GRADLE_CACHE) -name "*.jar" 2>/dev/null | \
+	grep -E "jackson-core-$(JACKSON_VER)|jackson-databind-$(JACKSON_VER)|jackson-annotations-$(JACKSON_ANN_VER)\b|jackson-datatype-jsr310-$(JACKSON_VER)|jackson-databind-nullable-$(NULLABLE_VER)|jsr305-$(JSR305_VER)|opentelemetry-api-$(OTEL_VER)|opentelemetry-context-$(OTEL_VER)" | \
+	sort -u | paste -sd: -)
+
+COMPILE_CP := $(SDK_JAR):$(DEP_JARS)
+RUN_CP     := $(BUILD_DIR):$(COMPILE_CP)
+
+# Default target
+help:
+	@echo ""
+	@echo "  E2E Streaming Auth Test — openfga/java-sdk#330"
+	@echo "  ─────────────────────────────────────────────────"
+	@echo ""
+	@echo "  Targets:"
+	@echo "    up       - Start Docker containers (OpenFGA + mock OAuth2)"
+	@echo "    down     - Stop and remove Docker containers"
+	@echo "    restart  - Recreate Docker containers from scratch"
+	@echo "    status   - Show container status"
+	@echo "    logs     - Tail container logs"
+	@echo ""
+	@echo "    build    - Build the SDK jar and compile the E2E test"
+	@echo "    run      - Compile (if needed) and run the E2E test"
+	@echo "    test     - Full end-to-end: up → build → run → report"
+	@echo ""
+	@echo "    clean    - Remove compiled E2E classes"
+	@echo ""
+
+# ── Docker ──────────────────────────────────────────────────
+
+up:
+	@echo "Starting Docker containers..."
+	docker-compose up -d
+	@echo "Waiting for services to be ready..."
+	@sleep 3
+	@curl -sf http://localhost:9090/default/.well-known/openid-configuration > /dev/null && \
+		echo "  ✅ mock-oauth2 ready" || echo "  ⏳ mock-oauth2 not ready yet"
+	@curl -sf -o /dev/null -w "" http://localhost:8082/healthz && \
+		echo "  ✅ openfga-preshared ready" || echo "  ⏳ openfga-preshared not ready yet"
+	@curl -sf -o /dev/null -w "" http://localhost:8080/healthz && \
+		echo "  ✅ openfga-oidc ready" || echo "  ⏳ openfga-oidc not ready yet"
+
+down:
+	docker-compose down
+
+restart: down up
+
+status:
+	docker-compose ps
+
+logs:
+	docker-compose logs -f --tail=50
+
+# ── Build & Run ─────────────────────────────────────────────
+
+# Build the SDK jar (delegates to parent Gradle)
+../build/libs/openfga-sdk-%.jar:
+	@echo "Building SDK jar..."
+	cd .. && ./gradlew jar
+
+build: ../build/libs/openfga-sdk-*.jar
+	@mkdir -p $(BUILD_DIR)
+	@echo "Compiling E2EStreamingAuthTest..."
+	javac -cp "$(COMPILE_CP)" -d $(BUILD_DIR) E2EStreamingAuthTest.java 2>&1 | \
+		grep -v "^warning:" || true
+	@echo "  ✅ Compiled"
+
+run: build
+	@echo ""
+	java -cp "$(RUN_CP)" dev.openfga.sdk.e2e.E2EStreamingAuthTest
+
+# Full lifecycle: start containers, build, run tests
+test: up build
+	@echo ""
+	@java -cp "$(RUN_CP)" dev.openfga.sdk.e2e.E2EStreamingAuthTest; \
+		EXIT=$$?; \
+		echo ""; \
+		if [ $$EXIT -eq 0 ]; then \
+			echo "🎉 All E2E tests passed!"; \
+		else \
+			echo "💥 Some E2E tests failed (exit $$EXIT)"; \
+		fi; \
+		exit $$EXIT
+
+clean:
+	rm -rf $(BUILD_DIR)
+