fix(test): Update invalidCredsExpectedError to accomodate more than Keycloak auth errors.

spbsoluble · spbsoluble · commit a927fe74dfa4 · 2025-06-12T11:26:29.000-07:00
diff --git a/auth_providers/auth_oauth.go b/auth_providers/auth_oauth.go
@@ -442,6 +442,23 @@ func (b *CommandConfigOauth) GetServerConfig() *Server {
 
 // GetAccessToken returns the OAuth2 token source for the given configuration.
 func (b *CommandConfigOauth) GetAccessToken() (oauth2.TokenSource, error) {
+	if b == nil {
+		return nil, fmt.Errorf("CommandConfigOauth is nil")
+	}
+
+	b.ValidateAuthConfig()
+
+	if b.AccessToken != "" && (b.ClientID == "" || b.ClientSecret == "" || b.TokenURL == "") {
+		log.Printf("[DEBUG] Access token is explicitly set, and no client credentials are provided. Using static token source.")
+		return oauth2.StaticTokenSource(
+			&oauth2.Token{
+				AccessToken: b.AccessToken,
+				TokenType:   DefaultTokenPrefix,
+				Expiry:      b.Expiry,
+			},
+		), nil
+	}
+
 	log.Printf("[DEBUG] Getting OAuth2 token source for client ID: %s", b.ClientID)
 	if b.ClientID == "" || b.ClientSecret == "" || b.TokenURL == "" {
 		return nil, fmt.Errorf("client ID, client secret, and token URL must be provided")
@@ -463,7 +480,19 @@ func (b *CommandConfigOauth) GetAccessToken() (oauth2.TokenSource, error) {
 
 	ctx := context.Background()
 	log.Printf("[DEBUG] Returning call config.TokenSource() for client ID: %s", b.ClientID)
-	return config.TokenSource(ctx), nil
+	tokenSource := config.TokenSource(ctx)
+	if tokenSource == nil {
+		return nil, fmt.Errorf("failed to create token source for client ID: %s", b.ClientID)
+	}
+	token, tErr := tokenSource.Token()
+	if tErr != nil {
+		return nil, fmt.Errorf("failed to retrieve token for client ID %s: %w", b.ClientID, tErr)
+	}
+	if token == nil || token.AccessToken == "" {
+		return nil, fmt.Errorf("received empty OAuth token for client ID: %s", b.ClientID)
+	}
+
+	return tokenSource, nil
 }
 
 // RoundTrip executes a single HTTP transaction, adding the OAuth2 token to the request
diff --git a/auth_providers/auth_oauth_test.go b/auth_providers/auth_oauth_test.go
@@ -257,7 +257,7 @@ func TestCommandConfigOauth_Authenticate(t *testing.T) {
 	}
 	fullParamsInvalidPassConfig.WithSkipVerify(true)
 	invalidCredsExpectedError := []string{
-		"oauth2", "unauthorized_client", "Invalid client or Invalid client credentials",
+		"oauth2", "fail", "invalid", "client",
 	}
 	authOauthTest(t, "w/ full params & invalid pass", true, fullParamsInvalidPassConfig, invalidCredsExpectedError...)
 
@@ -391,31 +391,32 @@ func authOauthTest(
 
 			// oauth credentials should always generate an access token
 			oauthToken, tErr := config.GetAccessToken()
-			if tErr != nil {
-				t.Errorf("oAuth auth test '%s' failed to get token source with %v", testName, tErr)
-				t.FailNow()
-				return
-			}
-			if oauthToken == nil {
-				t.Errorf("oAuth auth test '%s' failed to get token source", testName)
-				t.FailNow()
-				return
-			}
-			var at *oauth2.Token
-			var tkErr error
-			at, tkErr = oauthToken.Token()
-			if tkErr != nil {
-				t.Errorf("oAuth auth test '%s' failed to get token source", testName)
-				t.FailNow()
-			}
-			if at == nil || at.AccessToken == "" {
-				t.Errorf("oAuth auth test '%s' failed to get token source", testName)
-				t.FailNow()
-				return
+			if !allowFail {
+				if tErr != nil {
+					t.Errorf("oAuth auth test '%s' failed to get token source with %v", testName, tErr)
+					t.FailNow()
+					return
+				}
+				if oauthToken == nil {
+					t.Errorf("oAuth auth test '%s' failed to get token source", testName)
+					t.FailNow()
+					return
+				}
+				var at *oauth2.Token
+				var tkErr error
+				at, tkErr = oauthToken.Token()
+				if tkErr != nil {
+					t.Errorf("oAuth auth test '%s' failed to get token source", testName)
+					t.FailNow()
+				}
+				if at == nil || at.AccessToken == "" {
+					t.Errorf("oAuth auth test '%s' failed to get token source", testName)
+					t.FailNow()
+					return
+				}
+				//t.Logf("token %s", at.AccessToken)
+				t.Logf("oAuth auth test '%s' succeeded", testName)
 			}
-			//t.Logf("token %s", at.AccessToken)
-			t.Logf("oAuth auth test '%s' succeeded", testName)
-
 			err := config.Authenticate()
 			if allowFail {
 				if err == nil {
