oauth2

command
v2.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 5, 2025 License: AGPL-3.0 Imports: 12 Imported by: 0

README

OAuth2 Test Scripts

This directory contains test scripts for the MCP OAuth2 implementation in Coder.

Prerequisites

  1. Start Coder in development mode:

    ./scripts/develop.sh

  2. Login to get a session token:

    ./scripts/coder-dev.sh login

Scripts

test-mcp-oauth2.sh

Complete automated test suite that verifies all OAuth2 functionality:

  • Metadata endpoint
  • PKCE flow
  • Resource parameter support
  • Token refresh
  • Error handling

Usage:

chmod +x ./scripts/oauth2/test-mcp-oauth2.sh
./scripts/oauth2/test-mcp-oauth2.sh
setup-test-app.sh

Creates a test OAuth2 application and outputs environment variables.

Usage:

eval $(./scripts/oauth2/setup-test-app.sh)
echo "Client ID: $CLIENT_ID"
cleanup-test-app.sh

Deletes a test OAuth2 application.

Usage:

./scripts/oauth2/cleanup-test-app.sh $CLIENT_ID
# Or if CLIENT_ID is set as environment variable:
./scripts/oauth2/cleanup-test-app.sh
generate-pkce.sh

Generates PKCE code verifier and challenge for manual testing.

Usage:

./scripts/oauth2/generate-pkce.sh
test-manual-flow.sh

Launches a local Go web server to test the OAuth2 flow interactively. The server automatically handles the OAuth2 callback and token exchange, providing a user-friendly web interface with results.

Usage:

# First set up an app
eval $(./scripts/oauth2/setup-test-app.sh)

# Then run the test server
./scripts/oauth2/test-manual-flow.sh

Features:

  • Starts a local web server on port 9876
  • Automatically captures the authorization code
  • Performs token exchange without manual intervention
  • Displays results in a clean web interface
  • Shows example API calls you can make with the token
oauth2-test-server.go

A Go web server that handles OAuth2 callbacks and token exchange. Used internally by test-manual-flow.sh but can also be run standalone:

export CLIENT_ID="your-client-id"
export CLIENT_SECRET="your-client-secret"
export CODE_VERIFIER="your-code-verifier"
export STATE="your-state"
go run ./scripts/oauth2/oauth2-test-server.go

Example Workflow

  1. Run automated tests:

    ./scripts/oauth2/test-mcp-oauth2.sh

  2. Interactive browser testing:

    # Create app
eval $(./scripts/oauth2/setup-test-app.sh)

# Run the test server (opens in browser automatically)
./scripts/oauth2/test-manual-flow.sh
# - Opens authorization URL in terminal
# - Handles callback automatically
# - Shows token exchange results

# Clean up when done
./scripts/oauth2/cleanup-test-app.sh

  3. Generate PKCE for custom testing:

    ./scripts/oauth2/generate-pkce.sh
# Use the generated values in your own curl commands

Environment Variables

All scripts respect these environment variables:

  • SESSION_TOKEN: Coder session token (auto-read from .coderv2/session)
  • BASE_URL: Coder server URL (default: http://localhost:3000)
  • CLIENT_ID: OAuth2 client ID
  • CLIENT_SECRET: OAuth2 client secret

OAuth2 Endpoints

  • Metadata: GET /.well-known/oauth-authorization-server
  • Authorization: GET/POST /oauth2/authorize
  • Token: POST /oauth2/tokens
  • Apps API: /api/v2/oauth2-provider/apps

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.