21705484768

Committed 05 Feb 2026 09:09AM UTC coverage: 60.854% (+0.02%) from 60.83%

Build # 21705484768

Build Type

push

github

Committed by

web-flow

Commit Message

Add token endpoint error handling integration tests (#3611)

Extend the OAuth authorization server integration test suite to cover
token endpoint error handling, replay attack prevention, and refresh
token grants. The error handling tests use a table-driven approach to
verify that invalid PKCE verifiers, unknown auth codes, missing or
mismatched redirect URIs, wrong client IDs, missing PKCE verifiers, and
grant type confusion all produce the correct RFC 6749/7636 error codes
and HTTP status codes.

A dedicated replay attack test confirms that authorization codes are
single-use by exchanging a code successfully, then verifying a second
exchange attempt is rejected. The refresh token test exercises the full
refresh grant flow including token rotation, verifying that old refresh
tokens are invalidated after use and that refreshed access tokens carry
proper expiration metadata.

Run Details

40865 of 67153 relevant lines covered (60.85%)

78.53 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.37

/pkg/transport/proxy/httpsse/http_proxy.go

stacklok / toolhive / 21705484768

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source Not Available

Source File
Press 'n' to go to next uncovered line, 'b' for previous