cypress/integration/oauth2/refresh_token.js from ory-am/hydra

cypress/integration/oauth2/refresh_token.js
Summary

Maintainability

2 hrs
Test Coverage

Issues
// Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0

import { createClient, prng } from "../../helpers"

const accessTokenStrategies = ["opaque", "jwt"]

describe("The OAuth 2.0 Refresh Token Grant", function () {
  accessTokenStrategies.forEach((accessTokenStrategy) => {
    describe("access_token_strategy=" + accessTokenStrategy, function () {
      const nc = () => ({
        client_secret: prng(),
        scope: "offline_access openid",
        redirect_uris: [`${Cypress.env("client_url")}/oauth2/callback`],
        grant_types: ["authorization_code", "refresh_token"],
        access_token_strategy: accessTokenStrategy,
      })

      it("should return an Access and Refresh Token and refresh the Access Token", function () {
        const client = nc()
        cy.authCodeFlow(client, {
          consent: {
            scope: ["offline_access"],
            createClient: true,
          },
        })

        cy.request(`${Cypress.env("client_url")}/oauth2/refresh`)
          .its("body")
          .then((body) => {
            const { result, token } = body
            expect(result).to.equal("success")
            expect(token.access_token).to.not.be.empty
            expect(token.refresh_token).to.not.be.empty
          })
      })

      it("should return an Access, ID, and Refresh Token and refresh the Access Token and ID Token", function () {
        const client = nc()
        cy.authCodeFlow(client, {
          consent: {
            scope: ["offline_access", "openid"],
            createClient: true,
          },
        })

        cy.request(`${Cypress.env("client_url")}/oauth2/refresh`)
          .its("body")
          .then((body) => {
            const { result, token } = body
            expect(result).to.equal("success")
            expect(token.access_token).to.not.be.empty
            expect(token.id_token).to.not.be.empty
            expect(token.refresh_token).to.not.be.empty
          })
      })

      it("should revoke Refresh Token on reuse", function () {
        const referrer = `${Cypress.env("client_url")}/empty`
        cy.visit(referrer, {
          failOnStatusCode: false,
        })

        createClient({
          scope: "offline_access",
          redirect_uris: [referrer],
          grant_types: ["authorization_code", "refresh_token"],
          response_types: ["code"],
          token_endpoint_auth_method: "none",
        }).then((client) => {
          cy.authCodeFlowBrowser(client, {
            consent: { scope: ["offline_access"] },
            createClient: false,
          }).then((originalResponse) => {
            expect(originalResponse.status).to.eq(200)
            expect(originalResponse.body.refresh_token).to.not.be.empty

            const originalToken = originalResponse.body.refresh_token

            cy.refreshTokenBrowser(client, originalToken).then(
              (refreshedResponse) => {
                expect(refreshedResponse.status).to.eq(200)
                expect(refreshedResponse.body.refresh_token).to.not.be.empty

                const refreshedToken = refreshedResponse.body.refresh_token

                return cy
                  .refreshTokenBrowser(client, originalToken)
                  .then((response) => {
                    expect(response.status).to.eq(401)
                    expect(response.body.error).to.eq("token_inactive")
                  })
                  .then(() => cy.refreshTokenBrowser(client, refreshedToken))
                  .then((response) => {
                    expect(response.status).to.eq(401)
                    expect(response.body.error).to.eq("token_inactive")
                  })
              },
            )
          })
        })
      })
    })
  })
})