From a2c6747a3bc3176ea083eb5e4f00390168da74f3 Mon Sep 17 00:00:00 2001
From: Timm Friebe <thekid@thekid.de>
Date: Sun, 12 Jan 2020 20:44:32 +0100
Subject: [PATCH] Extend test to verify scope

---
 .../php/web/auth/oauth/unittest/OAuth2FlowTest.class.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/test/php/web/auth/oauth/unittest/OAuth2FlowTest.class.php b/src/test/php/web/auth/oauth/unittest/OAuth2FlowTest.class.php
index 36b69e2..1f753cd 100755
--- a/src/test/php/web/auth/oauth/unittest/OAuth2FlowTest.class.php
+++ b/src/test/php/web/auth/oauth/unittest/OAuth2FlowTest.class.php
@@ -21,9 +21,9 @@ public function can_create() {
     new OAuth2Flow(self::AUTH, self::TOKENS, [self::ID, self::SECRET]);
   }
 
-  #[@test]
-  public function redirects_to_auth() {
-    $fixture= new OAuth2Flow(self::AUTH, self::TOKENS, [self::ID, self::SECRET]);
+  #[@test, @values([[['user']], [['user', 'openid']]])]
+  public function redirects_to_auth_and_passes_scope($scope) {
+    $fixture= new OAuth2Flow(self::AUTH, self::TOKENS, [self::ID, self::SECRET], $scope);
 
     $req= new Request(new TestInput('GET', '/'));
     $res= new Response(new TestOutput());
@@ -32,10 +32,11 @@ public function redirects_to_auth() {
     $fixture->authenticate($req, $res, $session);
 
     $url= sprintf(
-      '%s?response_type=code&client_id=%s&redirect_uri=%s&scope=user&state=%s',
+      '%s?response_type=code&client_id=%s&redirect_uri=%s&scope=%s&state=%s',
       self::AUTH,
       self::ID,
       urlencode('http://localhost/'),
+      implode('+', $scope),
       $session->value('oauth.state')
     );
     $this->assertEquals($url, $res->headers()['Location']);