refresh_token 통합 테스트 실행 경로 정리

2026-06-12 19:52:55 +09:00
parent ec55d4847e
commit e365c97dc0
6 changed files with 188 additions and 5 deletions
--- a/devfront/tests/devfront-refresh-token.spec.ts
+++ b/devfront/tests/devfront-refresh-token.spec.ts
@@ -0,0 +1,99 @@
+import { expect, test } from "@playwright/test";
+import {
+  getPersistedOidcUser,
+  installDevApiMock,
+  seedAuth,
+} from "./helpers/devfront-fixtures";
+import { captureEvidence } from "./helpers/evidence";
+
+test.describe("DevFront refresh token renewal", () => {
+  test.afterEach(async ({ page }, testInfo) => {
+    if (testInfo.status === "passed") {
+      await captureEvidence(page, testInfo, testInfo.title);
+    }
+  });
+
+  test.beforeEach(async ({ page }) => {
+    await seedAuth(page, {
+      expiresInSeconds: 60,
+      refreshToken: "playwright-refresh-token",
+      state: { returnTo: "/clients" },
+    });
+
+    await installDevApiMock(page, {
+      clients: [],
+      consents: [],
+      auditLogs: [],
+      users: [],
+      tenants: [],
+    });
+  });
+
+  test("exchanges the refresh token for a new access token on silent renewal", async ({
+    page,
+  }) => {
+    let tokenRequestBody = "";
+    let authorizeRequested = false;
+
+    await page.route("**/oidc/token", async (route) => {
+      const request = route.request();
+      tokenRequestBody = request.postData() ?? "";
+
+      await route.fulfill({
+        status: 200,
+        contentType: "application/json",
+        headers: { "Access-Control-Allow-Origin": "*" },
+        body: JSON.stringify({
+          access_token: "rotated-access-token",
+          expires_in: 3600,
+          refresh_token: "rotated-refresh-token",
+          scope: "openid offline_access profile email",
+          session_state: "rotated-session-state",
+          token_type: "Bearer",
+        }),
+      });
+    });
+
+    await page.route("**/oidc/auth**", async (route) => {
+      authorizeRequested = true;
+      await route.fulfill({
+        status: 500,
+        body: "unexpected authorize request",
+      });
+    });
+
+    await page.goto("/clients");
+
+    await expect(page.getByRole("link", { name: "Clients" })).toBeVisible();
+
+    const tokenRequestPromise = page.waitForRequest(
+      (request) =>
+        request.url().endsWith("/oidc/token") && request.method() === "POST",
+    );
+
+    await page.getByRole("button", { name: "Open account menu" }).click();
+    await page.getByRole("menuitem", { name: "My Profile" }).click();
+
+    const tokenRequest = await tokenRequestPromise;
+    const tokenParams = new URLSearchParams(tokenRequestBody);
+
+    expect(tokenParams.get("grant_type")).toBe("refresh_token");
+    expect(tokenParams.get("refresh_token")).toBe("playwright-refresh-token");
+
+    await expect(page.getByRole("heading", { name: "내 정보" })).toBeVisible();
+    await expect
+      .poll(async () => {
+        const storedUser = await getPersistedOidcUser(page);
+        return storedUser?.access_token;
+      })
+      .toBe("rotated-access-token");
+    await expect
+      .poll(async () => {
+        const storedUser = await getPersistedOidcUser(page);
+        return storedUser?.refresh_token;
+      })
+      .toBe("rotated-refresh-token");
+    expect(tokenRequest.url()).toContain("/oidc/token");
+    expect(authorizeRequested).toBe(false);
+  });
+});