Skip to content

SSO Phase 1 Task 8: integration test — end-to-end silent second-app launch #264

Description

@ahmetabdullahgultekin

Why: Prove the whole Phase-1 flow end-to-end (and the flag-off parity + tenant isolation) before any canary.

Done when:

  • Add OAuth2SsoLaunchIntegrationTest.java (Testcontainers Postgres + Redis), flag ON: (1) complete login for app A via /authorize/complete → capture fv_sso; (2) GET /authorize for app B (reauth_policy=silent) with ONLY the cookie → 200 + code; (3) exchange B's code at /token → tokens whose sub is pairwise-for-B and tenant_id is the user's real tenant (isolation preserved). Then flag OFF → step (2) returns action:authenticate (no silent mint).

source: docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md:83


Migrated from docs/SSO_APP_LAUNCHER_PHASE1_PLAN.md (git history retains the original).

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions