fix(tests): Fix test-confidential-client.js to match Better Auth response format

mjunaidca · mjunaidca · commit 80235641e8a3 · 2025-12-02T15:03:34.000+05:00
Problem:
- test-confidential-client.js expected 302 redirect with Location header
- Better Auth returns 200 with JSON body containing redirect URL
- Wrong client secret (test-secret-key-change-in-production)
- Wrong redirect URI (/callback vs /auth/callback)

Solution:
- Updated to handle Better Auth's JSON response format
- Extract code from body.url using regex match
- Updated CLIENT_SECRET to match trusted-clients.ts
- Updated REDIRECT_URI to match trusted-clients.ts

Result:
- test-confidential-client.js should now pass
- ALL API tests should pass! 🎉

🤖 Generated with Claude Code
diff --git a/auth-server/tests/test-confidential-client.js b/auth-server/tests/test-confidential-client.js
@@ -10,9 +10,9 @@
  */
 
 const CLIENT_ID = "robolearn-confidential-client";
-const CLIENT_SECRET = "test-secret-key-change-in-production";
+const CLIENT_SECRET = "robolearn-confidential-secret-for-testing-only";
 const AUTH_SERVER = "http://localhost:3001";
-const REDIRECT_URI = "http://localhost:8000/callback"; // FastAPI would listen here
+const REDIRECT_URI = "http://localhost:8000/auth/callback"; // Must match trusted-clients.ts
 
 // Test user credentials
 const TEST_USER = {
@@ -65,12 +65,20 @@ async function testConfidentialClient() {
       redirect: "manual"
     });
 
-    const location = authResponse.headers.get("location");
-    if (!location || !location.includes("code=")) {
+    // Better Auth returns JSON with redirect URL (not a 302 redirect)
+    let code;
+    if (authResponse.status === 200) {
+      const body = await authResponse.json();
+      if (body.redirect && body.url) {
+        const match = body.url.match(/code=([^&]+)/);
+        if (match) code = match[1];
+      }
+    }
+
+    if (!code) {
       throw new Error("No authorization code in redirect");
     }
 
-    const code = new URL(location, REDIRECT_URI).searchParams.get("code");
     console.log("✓ Authorization code received:", code.substring(0, 20) + "...\n");
 
     // Step 4: Exchange code for tokens using client secret
