this commit introduces improvements to the oauth2 authorization code flow test with pkce by making master user authentication and token usage explicit, adding tenant user creation and authentication, generating and validating the pkce flow with code_verifier and code_challenge, retrieving the newly created user from the database to manually create an authorization code, and simulating the authorization code exchange for an access token to fully cover the oauth2 flow

https-richardy · https-richardy · commit 2c6cb72f7591 · 2026-01-24T14:15:22.000-03:00
diff --git a/Tests/Integration/Endpoints/ConnectEndpointTests.cs b/Tests/Integration/Endpoints/ConnectEndpointTests.cs
@@ -103,7 +103,7 @@ public async Task WhenPostTokenWithInvalidClientSecret_ShouldReturnUnauthorized(
         /* arrange: create a tenant */
         var payload = _fixture.Build<TenantCreationScheme>()
             .With(tenant => tenant.Name, $"test-tenant-{Guid.NewGuid()}")
-            .With(tenant => tenant.Description, $"test-description-{Guid.NewGuid()}.com")
+            .With(tenant => tenant.Description, $"test-description-{Guid.NewGuid()}")
             .Create();
 
         var httpResponse = await httpClient.PostAsJsonAsync("api/v1/tenants", payload);
@@ -201,13 +201,13 @@ public async Task WhenPostTokenWithValidAuthorizationCode_ShouldReturnAccessToke
         var tokenCollection = factory.Services.GetRequiredService<ITokenCollection>();
         var userCollection = factory.Services.GetRequiredService<IUserCollection>();
 
+        // arrange: authenticate as master to create tenant
         var masterClient = factory.HttpClient.WithTenantHeader("master");
         var masterCredentials = new AuthenticationCredentials
         {
             Username = "vinder.testing.user",
             Password = "vinder.testing.password"
         };
-
         var authentication = await masterClient.PostAsJsonAsync("api/v1/identity/authenticate", masterCredentials);
         var grantedToken = await authentication.Content.ReadFromJsonAsync<AuthenticationResult>();
 
@@ -216,6 +216,7 @@ public async Task WhenPostTokenWithValidAuthorizationCode_ShouldReturnAccessToke
 
         masterClient.WithAuthorization(grantedToken.AccessToken);
 
+        // arrange: create tenant
         var payload = _fixture.Build<TenantCreationScheme>()
             .With(tenant => tenant.Name, $"test-tenant-{Guid.NewGuid()}")
             .With(tenant => tenant.Description, $"test-description-{Guid.NewGuid()}")
@@ -227,6 +228,7 @@ public async Task WhenPostTokenWithValidAuthorizationCode_ShouldReturnAccessToke
         Assert.NotNull(tenant);
         Assert.Equal(HttpStatusCode.Created, tenantResponse.StatusCode);
 
+        // arrange: create user for tenant
         var credentials = new IdentityEnrollmentCredentials
         {
             Username = $"user.{Guid.NewGuid()}@email.com",
@@ -241,6 +243,7 @@ public async Task WhenPostTokenWithValidAuthorizationCode_ShouldReturnAccessToke
         Assert.NotNull(identity);
         Assert.Equal(HttpStatusCode.Created, enrollment.StatusCode);
 
+        // arrange: authenticate new user
         var authenticationCredentials = new AuthenticationCredentials
         {
             Username = credentials.Username,
@@ -255,10 +258,12 @@ public async Task WhenPostTokenWithValidAuthorizationCode_ShouldReturnAccessToke
 
         tenantClient.WithAuthorization(authenticationResult.AccessToken);
 
+        // arrange: generate PKCE
         var codeVerifier = Guid.NewGuid().ToString("N") + Guid.NewGuid().ToString("N");
         var codeChallenge = Application.Utilities.Base64UrlEncoder.Encode(SHA256.HashData(System.Text.Encoding.ASCII.GetBytes(codeVerifier)));
         var codeChallengeMethod = "S256";
 
+        // arrange: get user from db
         var filters = UserFilters.WithSpecifications()
             .WithUsername(credentials.Username)
             .Build();
@@ -269,6 +274,7 @@ public async Task WhenPostTokenWithValidAuthorizationCode_ShouldReturnAccessToke
         Assert.NotEmpty(users);
         Assert.NotNull(user);
 
+        // arrange: create authorization code token
         var authorizationCode = Guid.NewGuid().ToString("N");
         var token = new Domain.Aggregates.SecurityToken
         {
@@ -286,6 +292,7 @@ public async Task WhenPostTokenWithValidAuthorizationCode_ShouldReturnAccessToke
 
         await tokenCollection.InsertAsync(token);
 
+        // arrange: prepare authorization_code grant request
         var parameters = new Dictionary<string, string>
         {
             { "grant_type", "authorization_code" },
