9 Commits

Author	SHA1	Message	Date
Emelia Smith	4a32e720f5	Rearrange code to flow better	2025-07-23 21:34:17 +02:00
Emelia Smith	514540d52e	Ensure the asserted scopes are the ones in the access grant	2025-07-23 21:32:17 +02:00
Emelia Smith	3c077e5fc8	Adjust the specs based on feedback from Claire to ensure we're still testing the invalid scope for authorization code grant flow case	2025-07-23 21:27:08 +02:00
Emelia Smith	4b72ac71e1	Improve /oauth/token request specs ... Previously these specs passed incorrect parameters to both the authorization_code and client_credentials grant flows. The authorization_code flow does not accept a `scope` parameter, instead the scope is set when the access grant is created, per RFC 6749 Section 4.1.2. The `code` parameter is accepted by this flow. https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2 The client_credentials flow does not accept a `code` parameter, and instead accepts a `scope` parameter, per RFC 6749 Section 4.4.1 https://www.rfc-editor.org/rfc/rfc6749#section-4.4.1 This ensures we're only testing valid oauth flows, and not deviating from the specification. The OAuth flows should ignore any unknown parameters (i.e., passing `code` to client_credentials would have no impact on the functionality, and this would be asserted at the Doorkeeper level).	2025-07-23 20:47:00 +02:00
Emelia Smith	9e8631b402	Change /oauth/token request specs to use client_secret_basic authentication	2025-07-23 20:47:00 +02:00
Matt Jankowski	6463415e06	Update rubocop-rspec to version 3.6.0 (#34497)	2025-04-24 14:56:13 +00:00
Matt Jankowski	8ef546fe6b	Convert oauth/tokens#revoke spec controller->request (#34174)	2025-03-18 08:16:42 +00:00
Matt Jankowski	6b6a80b407	Remove body_as_json in favor of built-in response.parsed_body for JSON response specs (#31749)	2024-09-06 09:58:46 +00:00
David Roetzel	0374918746	Add spec for doorkeeper behavior around issuing tokens (#31545)	2024-08-23 08:20:32 +00:00