Maybe/test/integration/oauth_mobile_test.rb

# frozen_string_literal: true

require "test_helper"

class OauthMobileTest < ActionDispatch::IntegrationTest
  setup do
    @user = users(:empty)
    sign_in(@user)

    @oauth_app = Doorkeeper::Application.create!(
      name: "Maybe Mobile App",
      redirect_uri: "maybeapp://oauth/callback",
      scopes: "read"
    )
  end

  test "mobile oauth authorization with custom scheme redirect" do
    get "/oauth/authorize", params: {
      client_id: @oauth_app.uid,
      redirect_uri: @oauth_app.redirect_uri,
      response_type: "code",
      scope: "read",
      display: "mobile"
    }

    assert_response :success

    # Check that Turbo is disabled in the form
    assert_match(/data-turbo="false"/, response.body)
    assert_match(/maybeapp:\/\/oauth\/callback/, response.body)
  end

  test "mobile oauth detects custom scheme in redirect_uri" do
    get "/oauth/authorize", params: {
      client_id: @oauth_app.uid,
      redirect_uri: "maybeapp://oauth/callback",
      response_type: "code",
      scope: "read"
    }

    assert_response :success

    # Should detect mobile flow from redirect_uri
    assert_match(/data-turbo="false"/, response.body)
  end

  test "mobile oauth authorization flow completes successfully" do
    post "/oauth/authorize", params: {
      client_id: @oauth_app.uid,
      redirect_uri: @oauth_app.redirect_uri,
      response_type: "code",
      scope: "read",
      display: "mobile"
    }

    # Should redirect to the custom scheme
    assert_response :redirect
    assert response.location.start_with?("maybeapp://oauth/callback")
  end

  test "mobile oauth preserves display parameter through forms" do
    get "/oauth/authorize", params: {
      client_id: @oauth_app.uid,
      redirect_uri: @oauth_app.redirect_uri,
      response_type: "code",
      scope: "read",
      display: "mobile"
    }

    assert_response :success

    # Check that display parameter is preserved in hidden fields
    assert_match(/<input[^>]*name="display"[^>]*value="mobile"/, response.body)
  end
end
Fix OAuth mobile app support with custom URL schemes - Configure Doorkeeper to allow custom URL schemes (maybeapp://) - Disable force_ssl_in_redirect_uri to support non-HTTPS schemes - Add custom Doorkeeper views with mobile OAuth detection - Disable Turbo for mobile OAuth flows to prevent redirect interference - Add display parameter preservation through OAuth flow - Create custom Doorkeeper layouts with proper styling - Add comprehensive integration tests for mobile OAuth flows - Ensure all OAuth pages use proper doorkeeper/application layout This allows the mobile app to complete OAuth authorization flows without the web app interfering with custom URL scheme redirects. 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com> 2025-06-18 05:38:23 -05:00			`# frozen_string_literal: true`

			`require "test_helper"`

			`class OauthMobileTest < ActionDispatch::IntegrationTest`
			`setup do`
			`@user = users(:empty)`
			`sign_in(@user)`

			`@oauth_app = Doorkeeper::Application.create!(`
			`name: "Maybe Mobile App",`
			`redirect_uri: "maybeapp://oauth/callback",`
			`scopes: "read"`
			`)`
			`end`

			`test "mobile oauth authorization with custom scheme redirect" do`
			`get "/oauth/authorize", params: {`
			`client_id: @oauth_app.uid,`
			`redirect_uri: @oauth_app.redirect_uri,`
			`response_type: "code",`
			`scope: "read",`
			`display: "mobile"`
			`}`

			`assert_response :success`

			`# Check that Turbo is disabled in the form`
			`assert_match(/data-turbo="false"/, response.body)`
			`assert_match(/maybeapp:\/\/oauth\/callback/, response.body)`
			`end`

			`test "mobile oauth detects custom scheme in redirect_uri" do`
			`get "/oauth/authorize", params: {`
			`client_id: @oauth_app.uid,`
			`redirect_uri: "maybeapp://oauth/callback",`
			`response_type: "code",`
			`scope: "read"`
			`}`

			`assert_response :success`

			`# Should detect mobile flow from redirect_uri`
			`assert_match(/data-turbo="false"/, response.body)`
			`end`

			`test "mobile oauth authorization flow completes successfully" do`
			`post "/oauth/authorize", params: {`
			`client_id: @oauth_app.uid,`
			`redirect_uri: @oauth_app.redirect_uri,`
			`response_type: "code",`
			`scope: "read",`
			`display: "mobile"`
			`}`

			`# Should redirect to the custom scheme`
			`assert_response :redirect`
			`assert response.location.start_with?("maybeapp://oauth/callback")`
			`end`

			`test "mobile oauth preserves display parameter through forms" do`
			`get "/oauth/authorize", params: {`
			`client_id: @oauth_app.uid,`
			`redirect_uri: @oauth_app.redirect_uri,`
			`response_type: "code",`
			`scope: "read",`
			`display: "mobile"`
			`}`

			`assert_response :success`

			`# Check that display parameter is preserved in hidden fields`
			`assert_match(/<input[^>]name="display"[^>]value="mobile"/, response.body)`
			`end`
			`end`