(t *testing.T)
| 30 | } |
| 31 | |
| 32 | func TestAuthenticatePKCEViaBrowser(t *testing.T) { |
| 33 | f := newFakeGitHub(t) |
| 34 | m := newManager(t, f) |
| 35 | |
| 36 | ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) |
| 37 | defer cancel() |
| 38 | |
| 39 | out, err := m.Authenticate(ctx, nil) |
| 40 | require.NoError(t, err) |
| 41 | assert.Nil(t, out, "browser flow completes without a user action") |
| 42 | assert.Equal(t, "gho_access", m.AccessToken()) |
| 43 | |
| 44 | // PKCE must have been exercised end to end. |
| 45 | f.mu.Lock() |
| 46 | defer f.mu.Unlock() |
| 47 | assert.Equal(t, "S256", f.codeChallengeMethod) |
| 48 | assert.NotEmpty(t, f.codeChallenge, "authorize must receive a code_challenge") |
| 49 | assert.NotEmpty(t, f.codeVerifier, "token exchange must send a code_verifier") |
| 50 | assert.Equal(t, []string{"authorization_code"}, f.grants) |
| 51 | } |
| 52 | |
| 53 | func TestAuthenticateRefreshesExpiringGitHubAppToken(t *testing.T) { |
| 54 | f := newFakeGitHub(t) |
nothing calls this directly
no test coverage detected