MCPcopy
hub / github.com/github/github-mcp-server / TestHandleProtectedResource

Function TestHandleProtectedResource

pkg/http/oauth/oauth_test.go:367–517  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

365}
366
367func TestHandleProtectedResource(t *testing.T) {
368 t.Parallel()
369
370 tests := []struct {
371 name string
372 cfg *Config
373 path string
374 host string
375 method string
376 expectedStatusCode int
377 expectedScopes []string
378 validateResponse func(t *testing.T, body map[string]any)
379 }{
380 {
381 name: "GET request returns protected resource metadata",
382 cfg: &Config{
383 BaseURL: "https://api.example.com",
384 },
385 path: OAuthProtectedResourcePrefix,
386 host: "api.example.com",
387 method: http.MethodGet,
388 expectedStatusCode: http.StatusOK,
389 expectedScopes: SupportedScopes,
390 validateResponse: func(t *testing.T, body map[string]any) {
391 t.Helper()
392 assert.Equal(t, "GitHub MCP Server", body["resource_name"])
393 assert.Equal(t, "https://api.example.com/", body["resource"])
394
395 authServers, ok := body["authorization_servers"].([]any)
396 require.True(t, ok)
397 require.Len(t, authServers, 1)
398 assert.Equal(t, defaultAuthorizationServer, authServers[0])
399 },
400 },
401 {
402 name: "OPTIONS request for CORS preflight",
403 cfg: &Config{
404 BaseURL: "https://api.example.com",
405 },
406 path: OAuthProtectedResourcePrefix,
407 host: "api.example.com",
408 method: http.MethodOptions,
409 expectedStatusCode: http.StatusNoContent,
410 },
411 {
412 name: "path with /mcp suffix",
413 cfg: &Config{
414 BaseURL: "https://api.example.com",
415 },
416 path: OAuthProtectedResourcePrefix + "/mcp",
417 host: "api.example.com",
418 method: http.MethodGet,
419 expectedStatusCode: http.StatusOK,
420 validateResponse: func(t *testing.T, body map[string]any) {
421 t.Helper()
422 assert.Equal(t, "https://api.example.com/mcp", body["resource"])
423 },
424 },

Callers

nothing calls this directly

Calls 5

RegisterRoutesMethod · 0.95
NewAPIHostFunction · 0.92
NewAuthHandlerFunction · 0.85
ServeHTTPMethod · 0.80
HeaderMethod · 0.80

Tested by

no test coverage detected