fix(oauth): correct test expectation for invalid scope error handling

Auto-indexing service and GraphQL API for AT Protocol Records quickslice.slices.network/

atproto gleam graphql

Per OAuth 2.0 spec (RFC 6749 Section 4.1.2.1), once redirect_uri is
validated, errors like invalid scope should redirect to the client
rather than return HTTP 400.

chadtmiller.com 3 months ago 66d69e8b 47f2d32f

+4 -3

1 changed file

expand all

server

test

oauth

authorize_test.gleam

+4 -3

server/test/oauth/authorize_test.gleam

··· 30 response.status |> should.equal(400) 31 } 32 33 - pub fn authorize_invalid_scope_returns_400_test() { 34 let assert Ok(cache) = did_cache.start() 35 let assert Ok(conn) = sqlight.open(":memory:") 36 let assert Ok(_) = tables.create_oauth_client_table(conn) ··· 76 None, 77 ) 78 79 - // Should return 400 due to invalid scope format 80 - response.status |> should.equal(400) 81 }

··· 30 response.status |> should.equal(400) 31 } 32 33 + pub fn authorize_invalid_scope_redirects_with_error_test() { 34 let assert Ok(cache) = did_cache.start() 35 let assert Ok(conn) = sqlight.open(":memory:") 36 let assert Ok(_) = tables.create_oauth_client_table(conn) ··· 76 None, 77 ) 78 79 + // Per OAuth 2.0 spec (RFC 6749 Section 4.1.2.1), once redirect_uri is validated, 80 + // errors should be redirected to the client, not returned as 400 81 + response.status |> should.equal(303) 82 }