Proposed change
Raising from #579
We have an example deploying with mock-oauth2-server, which is useful for manual testing with a 'real' oauth provider.
It runs easily in a container with JSON configuration from the environment, so we could use it to exercise some features hard to test without help from the provider side, such as PKCE and refresh tokens. I used it to test #579 by hand.
Alternative options
Keep mocking providers, which means we are only testing that we meet our own expectations, not reality.
Who would use this feature?
maintainers, implementers of new features that require interactions with a provider.
(Optional): Suggest a solution
Fixture to launch mock-oauth2-server in a container with a given configuration, use it to exercise a few features that involve the provider, such as basic full-flow login exercise, refresh_user, OIDC, and PKCE.
Proposed change
Raising from #579
We have an example deploying with mock-oauth2-server, which is useful for manual testing with a 'real' oauth provider.
It runs easily in a container with JSON configuration from the environment, so we could use it to exercise some features hard to test without help from the provider side, such as PKCE and refresh tokens. I used it to test #579 by hand.
Alternative options
Keep mocking providers, which means we are only testing that we meet our own expectations, not reality.
Who would use this feature?
maintainers, implementers of new features that require interactions with a provider.
(Optional): Suggest a solution
Fixture to launch mock-oauth2-server in a container with a given configuration, use it to exercise a few features that involve the provider, such as basic full-flow login exercise, refresh_user, OIDC, and PKCE.