apophis/apophis-fastify
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(mess) Stuffing commit.
CI / test (20.x) (push) Failing after 1m55s
Details
CI / test (22.x) (push) Failing after 35s
Details

Browse Source
This commit is contained in:
John Dvorak
2026-05-20 16:09:43 -07:00
parent 457a3495ab
commit 31530fe899
18 changed files with 3127 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/qualify.md
+7 -5
View File
@@ -58,11 +58,12 @@ Scenarios are multi-step flows with capture and rebind:
```javascript
await fastify.apophis.scenario({
name: 'oauth-basic',
steps: [
steps: [
{
name: 'authorize',
request: { method: 'GET', url: '/oauth/authorize?client_id=web&response_type=code' },
expect: ['status:200', 'response_payload(this).code != null'],
request: { method: 'GET', url: '/oauth/authorize?client_id=web&response_type=code&state=abc123' },
// Behavioral: state parameter round-trips for CSRF protection
expect: ['response_payload(this).state == request_query(this).state'],
capture: { code: 'response_payload(this).code' }
},
{
@@ -70,9 +71,10 @@ await fastify.apophis.scenario({
request: {
method: 'POST',
url: '/oauth/token',
form: { grant_type: 'authorization_code', code: '$authorize.code' }
form: { grant_type: 'authorization_code', code: '$authorize.code', scope: 'read' }
},
expect: ['status:200', 'response_payload(this).access_token != null']
// Behavioral: issued token preserves the requested scope
expect: ['response_payload(this).scope == request_body(this).scope']
}
]
})