@@ -212,11 +212,11 @@ describe("OAuth Authorization", () => {
212212 expect ( url . toString ( ) ) . toBe ( "https://resource.example.com/.well-known/oauth-protected-resource/path?param=value" ) ;
213213 } ) ;
214214
215- it ( "falls back to root discovery when path-aware discovery returns 404 " , async ( ) => {
216- // First call (path-aware) returns 404
215+ it . each ( [ 400 , 401 , 403 , 404 , 410 , 422 , 429 ] ) ( "falls back to root discovery when path-aware discovery returns %d " , async ( statusCode ) => {
216+ // First call (path-aware) returns 4xx
217217 mockFetch . mockResolvedValueOnce ( {
218218 ok : false ,
219- status : 404 ,
219+ status : statusCode ,
220220 } ) ;
221221
222222 // Second call (root fallback) succeeds
@@ -267,6 +267,20 @@ describe("OAuth Authorization", () => {
267267 expect ( calls . length ) . toBe ( 2 ) ;
268268 } ) ;
269269
270+ it ( "throws error on 500 status and does not fallback" , async ( ) => {
271+ // First call (path-aware) returns 500
272+ mockFetch . mockResolvedValueOnce ( {
273+ ok : false ,
274+ status : 500 ,
275+ } ) ;
276+
277+ await expect ( discoverOAuthProtectedResourceMetadata ( "https://resource.example.com/path/name" ) )
278+ . rejects . toThrow ( ) ;
279+
280+ const calls = mockFetch . mock . calls ;
281+ expect ( calls . length ) . toBe ( 1 ) ; // Should not attempt fallback
282+ } ) ;
283+
270284 it ( "does not fallback when the original URL is already at root path" , async ( ) => {
271285 // First call (path-aware for root) returns 404
272286 mockFetch . mockResolvedValueOnce ( {
@@ -907,7 +921,7 @@ describe("OAuth Authorization", () => {
907921 const metadata = await discoverAuthorizationServerMetadata ( "https://auth.example.com/tenant1" ) ;
908922
909923 expect ( metadata ) . toBeUndefined ( ) ;
910-
924+
911925 // Verify that all discovery URLs were attempted
912926 expect ( mockFetch ) . toHaveBeenCalledTimes ( 8 ) ; // 4 URLs × 2 attempts each (with and without headers)
913927 } ) ;
0 commit comments