avoid fallbacks

pcarleton · pcarleton · commit e2088dcaa259 · 2025-11-12T16:01:25.000Z
diff --git a/src/scenarios/client/auth/helpers/createAuthServer.ts b/src/scenarios/client/auth/helpers/createAuthServer.ts
@@ -6,6 +6,7 @@ export interface AuthServerOptions {
   metadataPath?: string;
   isOpenIdConfiguration?: boolean;
   loggingEnabled?: boolean;
+  routePrefix?: string;
 }
 
 export function createAuthServer(
@@ -16,8 +17,16 @@ export function createAuthServer(
   const {
     metadataPath = '/.well-known/oauth-authorization-server',
     isOpenIdConfiguration = false,
-    loggingEnabled = true
+    loggingEnabled = true,
+    routePrefix = ''
   } = options;
+
+  const authRoutes = {
+    authorization_endpoint: `${routePrefix}/authorize`,
+    token_endpoint: `${routePrefix}/token`,
+    registration_endpoint: `${routePrefix}/register`
+  };
+
   const app = express();
   app.use(express.json());
   app.use(express.urlencoded({ extended: true }));
@@ -52,9 +61,9 @@ export function createAuthServer(
 
     const metadata: any = {
       issuer: getAuthBaseUrl(),
-      authorization_endpoint: `${getAuthBaseUrl()}/authorize`,
-      token_endpoint: `${getAuthBaseUrl()}/token`,
-      registration_endpoint: `${getAuthBaseUrl()}/register`,
+      authorization_endpoint: `${getAuthBaseUrl()}${authRoutes.authorization_endpoint}`,
+      token_endpoint: `${getAuthBaseUrl()}${authRoutes.token_endpoint}`,
+      registration_endpoint: `${getAuthBaseUrl()}${authRoutes.registration_endpoint}`,
       response_types_supported: ['code'],
       grant_types_supported: ['authorization_code', 'refresh_token'],
       code_challenge_methods_supported: ['S256'],
@@ -71,7 +80,7 @@ export function createAuthServer(
     res.json(metadata);
   });
 
-  app.get('/authorize', (req: Request, res: Response) => {
+  app.get(authRoutes.authorization_endpoint, (req: Request, res: Response) => {
     checks.push({
       id: 'authorization-request',
       name: 'AuthorizationRequest',
@@ -105,7 +114,7 @@ export function createAuthServer(
     res.redirect(redirectUrl.toString());
   });
 
-  app.post('/token', (req: Request, res: Response) => {
+  app.post(authRoutes.token_endpoint, (req: Request, res: Response) => {
     checks.push({
       id: 'token-request',
       name: 'TokenRequest',
@@ -131,7 +140,7 @@ export function createAuthServer(
     });
   });
 
-  app.post('/register', (req: Request, res: Response) => {
+  app.post(authRoutes.registration_endpoint, (req: Request, res: Response) => {
     checks.push({
       id: 'client-registration',
       name: 'ClientRegistration',
diff --git a/src/scenarios/client/auth/march-spec-backcompat.ts b/src/scenarios/client/auth/march-spec-backcompat.ts
@@ -14,12 +14,15 @@ export class AuthMarchSpecBackcompatScenario implements Scenario {
 
   async start(): Promise<ScenarioUrls> {
     this.checks = [];
+    // TODO: I want to move the Auth URL's below a path.
 
     // Legacy server, so we create the auth server endpoints on the
     // same URL as the main server (rather than separating AS / RS).
     const authApp = createAuthServer(this.checks, this.server.getUrl, {
       // Disable logging since the main server will already have logging enabled
-      loggingEnabled: false
+      loggingEnabled: false,
+      // Add a prefix to auth endpoints to avoid being caught by auth fallbacks
+      routePrefix: '/oauth'
     });
     const app = createServer(
       this.checks,
