Skip to content

Commit ae754f4

Browse files
committed
chore: add OAuth2 device flow test scripts
Change-Id: Ic232851727e683ab3d8b7ce970c505588da2f827 Signed-off-by: Thomas Kosiewski <tk@coder.com>
1 parent bdc12a1 commit ae754f4

File tree

5 files changed

+426
-10
lines changed

5 files changed

+426
-10
lines changed

coderd/oauth2_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1576,7 +1576,7 @@ func TestOAuth2DeviceAuthorizationSimple(t *testing.T) {
15761576

15771577
client := coderdtest.New(t, nil)
15781578
coderdtest.CreateFirstUser(t, client)
1579-
ctx := testutil.Context(t, testutil.WaitLong)
1579+
ctx := t.Context()
15801580

15811581
// Create an OAuth2 app for testing
15821582
app, err := client.PostOAuth2ProviderApp(ctx, codersdk.PostOAuth2ProviderAppRequest{
@@ -1630,7 +1630,7 @@ func TestOAuth2DeviceAuthorization(t *testing.T) {
16301630

16311631
client := coderdtest.New(t, nil)
16321632
coderdtest.CreateFirstUser(t, client)
1633-
ctx := testutil.Context(t, testutil.WaitLong)
1633+
ctx := t.Context()
16341634

16351635
// Create an OAuth2 app for testing
16361636
app, err := client.PostOAuth2ProviderApp(ctx, codersdk.PostOAuth2ProviderAppRequest{

scripts/oauth2/README.md

Lines changed: 51 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,39 @@ export STATE="your-state"
102102
go run ./scripts/oauth2/oauth2-test-server.go
103103
```
104104

105+
### `test-device-flow.sh`
106+
107+
Tests the OAuth2 Device Authorization Flow (RFC 8628) using the golang.org/x/oauth2 library. This flow is designed for devices that either lack a web browser or have limited input capabilities.
108+
109+
Usage:
110+
111+
```bash
112+
# First set up an app
113+
eval $(./scripts/oauth2/setup-test-app.sh)
114+
115+
# Run the device flow test
116+
./scripts/oauth2/test-device-flow.sh
117+
```
118+
119+
Features:
120+
121+
- Implements the complete device authorization flow
122+
- Uses the `/x/oauth2` library for OAuth2 operations
123+
- Displays user code and verification URL
124+
- Automatically polls for token completion
125+
- Tests the access token with an API call
126+
- Colored output for better readability
127+
128+
### `oauth2-device-flow.go`
129+
130+
A Go program that implements the OAuth2 device authorization flow. Used internally by `test-device-flow.sh` but can also be run standalone:
131+
132+
```bash
133+
export CLIENT_ID="your-client-id"
134+
export CLIENT_SECRET="your-client-secret"
135+
go run ./scripts/oauth2/oauth2-device-flow.go
136+
```
137+
105138
## Example Workflow
106139

107140
1. **Run automated tests:**
@@ -126,7 +159,23 @@ go run ./scripts/oauth2/oauth2-test-server.go
126159
./scripts/oauth2/cleanup-test-app.sh
127160
```
128161

129-
3. **Generate PKCE for custom testing:**
162+
3. **Device authorization flow testing:**
163+
164+
```bash
165+
# Create app
166+
eval $(./scripts/oauth2/setup-test-app.sh)
167+
168+
# Run the device flow test
169+
./scripts/oauth2/test-device-flow.sh
170+
# - Shows device code and verification URL
171+
# - Polls for authorization completion
172+
# - Tests access token
173+
174+
# Clean up when done
175+
./scripts/oauth2/cleanup-test-app.sh
176+
```
177+
178+
4. **Generate PKCE for custom testing:**
130179

131180
```bash
132181
./scripts/oauth2/generate-pkce.sh
@@ -147,4 +196,5 @@ All scripts respect these environment variables:
147196
- Metadata: `GET /.well-known/oauth-authorization-server`
148197
- Authorization: `GET/POST /oauth2/authorize`
149198
- Token: `POST /oauth2/token`
199+
- Device Authorization: `POST /oauth2/device`
150200
- Apps API: `/api/v2/oauth2-provider/apps`

0 commit comments

Comments
 (0)