kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

offline_access 기본 강제 제거 및 refresh_token grant 정책 정리

Browse Source
This commit is contained in:
김용연
2026-06-12 16:01:24 +09:00
parent e41a2162da
commit 568dc258e7
8 changed files with 20 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/internal/handler/dev_handler_test.go
View File

@@ -2229,9 +2229,9 @@ func TestCreateClient_StripsOfflineScopesAndKeepsRefreshTokenGrant(t *testing.T)
resp, _ := app.Test(req, -1)
assert.Equal(t, http.StatusCreated, resp.StatusCode)
assert.Equal(t, "openid profile offline_access email", captured.Scope)
assert.Equal(t, "openid profile email", captured.Scope)
assert.NotContains(t, strings.Fields(captured.Scope), "offline")
assert.Contains(t, strings.Fields(captured.Scope), "offline_access")
assert.NotContains(t, strings.Fields(captured.Scope), "offline_access")
assert.Contains(t, captured.GrantTypes, "refresh_token")
}
@@ -2296,9 +2296,9 @@ func TestUpdateClient_StripsStoredOfflineScopesAndKeepsRefreshTokenGrant(t *test
resp, _ := app.Test(req, -1)
assert.Equal(t, http.StatusOK, resp.StatusCode)
assert.Equal(t, "openid profile offline_access email", captured.Scope)
assert.Equal(t, "openid profile email", captured.Scope)
assert.NotContains(t, strings.Fields(captured.Scope), "offline")
assert.Contains(t, strings.Fields(captured.Scope), "offline_access")
assert.NotContains(t, strings.Fields(captured.Scope), "offline_access")
assert.Contains(t, captured.GrantTypes, "refresh_token")
}