nsklikas
diff --git a/‎cypress/integration/oauth2/device_auth.js‎
Lines changed: 118 additions & 0 deletions b/‎cypress/integration/oauth2/device_auth.js‎
Lines changed: 118 additions & 0 deletions
diff --git a/‎cypress/support/commands.js‎
Lines changed: 87 additions & 0 deletions b/‎cypress/support/commands.js‎
Lines changed: 87 additions & 0 deletions
diff --git a/‎test/e2e/circle-ci.bash‎
Lines changed: 2 additions & 0 deletions b/‎test/e2e/circle-ci.bash‎
Lines changed: 2 additions & 0 deletions
@@ -0,0 +1,118 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+import { prng } from "../../helpers"
+
+const accessTokenStrategies = ["opaque", "jwt"]
+
+describe("The OAuth 2.0 Device Authorization Grant", function () {
+  accessTokenStrategies.forEach((accessTokenStrategy) => {
+    describe("access_token_strategy=" + accessTokenStrategy, function () {
+      const nc = (extradata) => ({
+        client_secret: prng(),
+        scope: "offline_access openid",
+        subject_type: "public",
+        token_endpoint_auth_method: "client_secret_basic",
+        grant_types: [
+          "urn:ietf:params:oauth:grant-type:device_code",
+          "refresh_token",
+        ],
+        access_token_strategy: accessTokenStrategy,
+        ...extradata,
+      })
+
+      it("should return an Access, Refresh, and ID Token when scope offline_access and openid are granted", function () {
+        const client = nc()
+        cy.deviceAuthFlow(client, {
+          consent: { scope: ["offline_access", "openid"] },
+        })
+
+        cy.postDeviceAuthFlow().then((resp) => {
+          const {
+            result,
+            token: { access_token, id_token, refresh_token },
+          } = resp.body
+
+          expect(result).to.equal("success")
+          expect(access_token).to.not.be.empty
+          expect(id_token).to.not.be.empty
+          expect(refresh_token).to.not.be.empty
+        })
+      })
+
+      it("should return an Access and Refresh Token when scope offline_access is granted", function () {
+        const client = nc()
+        cy.deviceAuthFlow(client, { consent: { scope: ["offline_access"] } })
+
+        cy.postDeviceAuthFlow().then((resp) => {
+          console.log(resp)
+          const {
+            result,
+            token: { access_token, id_token, refresh_token },
+          } = resp.body
+
+          expect(result).to.equal("success")
+          expect(access_token).to.not.be.empty
+          expect(id_token).to.be.undefined
+          expect(refresh_token).to.not.be.empty
+        })
+      })
+
+      it("should return an Access and ID Token when scope offline_access is granted", function () {
+        const client = nc()
+        cy.deviceAuthFlow(client, { consent: { scope: ["openid"] } })
+
+        cy.postDeviceAuthFlow().then((resp) => {
+          console.log(resp)
+          const {
+            result,
+            token: { access_token, id_token, refresh_token },
+          } = resp.body
+
+          expect(result).to.equal("success")
+          expect(access_token).to.not.be.empty
+          expect(id_token).to.not.be.empty
+          expect(refresh_token).to.be.undefined
+        })
+      })
+
+      it("should return an Access Token when no scope is granted", function () {
+        const client = nc()
+        cy.deviceAuthFlow(client, { consent: { scope: [] } })
+
+        cy.postDeviceAuthFlow().then((resp) => {
+          console.log(resp)
+          const {
+            result,
+            token: { access_token, id_token, refresh_token },
+          } = resp.body
+
+          expect(result).to.equal("success")
+          expect(access_token).to.not.be.empty
+          expect(id_token).to.be.undefined
+          expect(refresh_token).to.be.undefined
+        })
+      })
+
+      it("should skip consent if the client is confgured thus", function () {
+        const client = nc({ skip_consent: true })
+        cy.deviceAuthFlow(client, {
+          consent: { scope: ["offline_access", "openid"], skip: true },
+        })
+
+        cy.postDeviceAuthFlow().then((resp) => {
+          console.log(resp)
+          const {
+            result,
+            token: { access_token, id_token, refresh_token },
+          } = resp.body
+
+          expect(result).to.equal("success")
+          expect(access_token).to.not.be.empty
+          expect(id_token).to.not.be.empty
+          expect(refresh_token).to.not.be.empty
+        })
+      })
+    })
+  })
+})
@@ -216,3 +216,90 @@ Cypress.Commands.add("refreshTokenBrowser", (client, token) =>
     failOnStatusCode: false,
   }),
 )
+
+Cypress.Commands.add(
+  "deviceAuthFlow",
+  (
+    client,
+    {
+      override: { scope, client_id, client_secret } = {},
+      consent: {
+        accept: acceptConsent = true,
+        skip: skipConsent = false,
+        remember: rememberConsent = false,
+        scope: acceptScope = [],
+      } = {},
+      login: {
+        accept: acceptLogin = true,
+        skip: skipLogin = false,
+        remember: rememberLogin = false,
+        username = "foo@bar.com",
+        password = "foobar",
+      } = {},
+      prompt = "",
+      createClient: doCreateClient = true,
+    } = {},
+    path = "oauth2",
+  ) => {
+    const run = (client) => {
+      cy.visit(
+        `${Cypress.env("client_url")}/${path}/device?client_id=${
+          client_id || client.client_id
+        }&client_secret=${client_secret || client.client_secret}&scope=${
+          scope || client.scope
+        }`,
+        { failOnStatusCode: false },
+      )
+
+      cy.get("#verify").click()
+
+      if (!skipLogin) {
+        cy.get("#email").type(username, { delay: 1 })
+        cy.get("#password").type(password, { delay: 1 })
+
+        if (rememberLogin) {
+          cy.get("#remember").click()
+        }
+
+        if (acceptLogin) {
+          cy.get("#accept").click()
+        } else {
+          cy.get("#reject").click()
+        }
+      }
+
+      if (!skipConsent) {
+        acceptScope.forEach((s) => {
+          cy.get(`#${s}`).click()
+        })
+
+        if (rememberConsent) {
+          cy.get("#remember").click()
+        }
+
+        if (acceptConsent) {
+          cy.get("#accept").click()
+        } else {
+          cy.get("#reject").click()
+        }
+
+        cy.location().should((loc) => {
+          expect(loc.origin).to.eq(Cypress.env("consent_url"))
+          expect(loc.pathname).to.eq("/oauth2/device/success")
+        })
+      }
+    }
+
+    if (doCreateClient) {
+      createClient(client).should((client) => {
+        run(client)
+      })
+      return
+    }
+    run(client)
+  },
+)
+
+Cypress.Commands.add("postDeviceAuthFlow", (path = "oauth2") =>
+  cy.request(`${Cypress.env("client_url")}/${path}/device/success`),
+)
@@ -38,6 +38,8 @@ fi
 (cd oauth2-client; PORT=5002 HYDRA_ADMIN_URL=http://127.0.0.1:5001 npm run consent > ../login-consent-logout.e2e.log 2>&1 &)
 
 export URLS_SELF_ISSUER=http://127.0.0.1:5004/
+export URLS_DEVICE_VERIFICATION=http://127.0.0.1:5002/device/verify
+export URLS_DEVICE_SUCCESS=http://127.0.0.1:5002/oauth2/device/success
 export URLS_CONSENT=http://127.0.0.1:5002/consent
 export URLS_LOGIN=http://127.0.0.1:5002/login
 export URLS_LOGOUT=http://127.0.0.1:5002/logout