mcp: authorize request (pt1) (#5585)

internal/oauth21/validate_client_test.go

@@ -0,0 +1,73 @@
+package oauth21_test
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/proto"
+
+	"github.com/pomerium/pomerium/internal/oauth21"
+	"github.com/pomerium/pomerium/internal/oauth21/gen"
+	rfc7591v1 "github.com/pomerium/pomerium/internal/rfc7591"
+)
+
+func TestValidateRequest(t *testing.T) {
+	t.Parallel()
+	for _, tc := range []struct {
+		name   string
+		client *rfc7591v1.ClientMetadata
+		req    *gen.AuthorizationRequest
+		err    bool
+	}{
+		{
+			"optional redirect_uri, multiple redirect_uris",
+			&rfc7591v1.ClientMetadata{
+				RedirectUris: []string{"https://example.com/callback", "https://example.com/other-callback"},
+			},
+			&gen.AuthorizationRequest{
+				RedirectUri: nil,
+			},
+			true,
+		},
+		{
+			"optional redirect_uri, single redirect_uri",
+			&rfc7591v1.ClientMetadata{
+				RedirectUris: []string{"https://example.com/callback"},
+			},
+			&gen.AuthorizationRequest{
+				RedirectUri: nil,
+			},
+			false,
+		},
+		{
+			"matching redirect_uri",
+			&rfc7591v1.ClientMetadata{
+				RedirectUris: []string{"https://example.com/callback", "https://example.com/other-callback"},
+			},
+			&gen.AuthorizationRequest{
+				RedirectUri: proto.String("https://example.com/callback"),
+			},
+			false,
+		},
+		{
+			"non-matching redirect_uri",
+			&rfc7591v1.ClientMetadata{
+				RedirectUris: []string{"https://example.com/callback", "https://example.com/other-callback"},
+			},
+			&gen.AuthorizationRequest{
+				RedirectUri: proto.String("https://example.com/invalid-callback"),
+			},
+			true,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			err := oauth21.ValidateAuthorizationRequest(tc.client, tc.req)
+			if tc.err {
+				assert.Error(t, err)
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}