Merge pull request #956 from vmware-tanzu/fix-scopes-access-token-refresh-test

Keep all scopes except offline_access in access token refresh integration test
2022-01-19 16:19:13 -08:00 · 2022-01-19 16:19:13 -08:00 · 6c923d3bc6
commit 6c923d3bc6
parent 956f6f1eab 513c943e87
1 changed files with 12 additions and 1 deletions
--- a/test/integration/supervisor_login_test.go
+++ b/test/integration/supervisor_login_test.go
@ -136,6 +136,17 @@ func TestSupervisorLogin(t *testing.T) {
 			},
 			createIDP: func(t *testing.T) string {
 				t.Helper()
+				var additionalScopes []string
+				// keep all the scopes except for offline access so we can test the access token based refresh flow.
+				if len(env.ToolsNamespace) == 0 {
+					additionalScopes = env.SupervisorUpstreamOIDC.AdditionalScopes
+				} else {
+					for _, additionalScope := range env.SupervisorUpstreamOIDC.AdditionalScopes {
+						if additionalScope != "offline_access" {
+							additionalScopes = append(additionalScopes, additionalScope)
+						}
+					}
+				}
 				oidcIDP := testlib.CreateTestOIDCIdentityProvider(t, idpv1alpha1.OIDCIdentityProviderSpec{
 					Issuer: env.SupervisorUpstreamOIDC.Issuer,
 					TLS: &idpv1alpha1.TLSSpec{
@ -149,7 +160,7 @@ func TestSupervisorLogin(t *testing.T) {
 						Groups:   env.SupervisorUpstreamOIDC.GroupsClaim,
 					},
 					AuthorizationConfig: idpv1alpha1.OIDCAuthorizationConfig{
-						AdditionalScopes: []string{"email"}, // does not ask for offline_access.
+						AdditionalScopes: additionalScopes,
 					},
 				}, idpv1alpha1.PhaseReady)
 				return oidcIDP.Name