1
0
forked from baron/baron-sso

RP 테넌트 접근 정책 변경 시 기존 consent 자동 폐기

This commit is contained in:
2026-04-24 17:59:54 +09:00
parent b9232687b5
commit 3f85f6cfe3
8 changed files with 500 additions and 0 deletions

View File

@@ -118,6 +118,22 @@ func TestCreateClient_RejectsTenantAccessWithoutAllowedTenants(t *testing.T) {
assert.False(t, hydraCalled)
}
func TestMergeRequestedScopesWithClientRequirements_AddsTenantScope(t *testing.T) {
client := domain.HydraClient{
Metadata: map[string]any{
"tenant_access_restricted": true,
"structured_scopes": []map[string]any{
{"name": "openid", "mandatory": true},
{"name": "tenant", "mandatory": true, "locked": true},
{"name": "profile", "mandatory": false},
},
},
}
merged := mergeRequestedScopesWithClientRequirements(client, []string{"openid", "profile"})
assert.Equal(t, []string{"openid", "tenant", "profile"}, merged)
}
func TestGetConsentRequest_DeniesTenantAccess(t *testing.T) {
transport := roundTripFunc(func(r *http.Request) (*http.Response, error) {
switch {