Add web tests covering the authorize endpoint, token exchange, PKCE verification, single-use codes, and refresh token rotation. Add unit tests for redirect URI validation and PKCE. Add E2E test for the full browser-based authorization code flow with login redirect. Extract setupApiUrl helper for E2E tests to avoid duplication. |
||
|---|---|---|
| .. | ||
| ldap | ||
| oauth2server | ||
| openid | ||
| auth.go | ||