@@ -1479,6 +1479,40 @@ async def test_cimd_authorization_invalid_client_id(
14791479 assert response .status_code == 400
14801480 assert "client id" in response .text .lower ()
14811481
1482+ @pytest .mark .anyio
1483+ async def test_cimd_authorization_metadata_fetch_error (
1484+ self , test_client : httpx .AsyncClient , pkce_challenge : dict [str , str ]
1485+ ):
1486+ """Test authorization endpoint when fetching client metadata fails."""
1487+ client_id_url = "https://example.com/client-metadata"
1488+
1489+ # Mocking httpx.AsyncClient to raise an exception
1490+ mock_client_instance = unittest .mock .AsyncMock (spec = httpx .AsyncClient )
1491+ mock_client_instance .get .side_effect = httpx .RequestError ("Network error" )
1492+
1493+ # Setup context manager return
1494+ mock_client_instance .__aenter__ .return_value = mock_client_instance
1495+ mock_client_instance .__aexit__ .return_value = None
1496+
1497+ with unittest .mock .patch ("httpx.AsyncClient" , return_value = mock_client_instance ):
1498+ response = await test_client .get (
1499+ "/authorize" ,
1500+ params = {
1501+ "response_type" : "code" ,
1502+ "client_id" : client_id_url ,
1503+ "redirect_uri" : "https://client.example.com/callback" ,
1504+ "code_challenge" : pkce_challenge ["code_challenge" ],
1505+ "code_challenge_method" : "S256" ,
1506+ "state" : "cimd_test_state" ,
1507+ },
1508+ )
1509+
1510+ # verify that we get a 400 error (because we can't fetch metadata to verify,
1511+ # and we can't redirect because we don't trust the client yet or don't know its redirect URIs)
1512+ assert response .status_code == 400
1513+ assert "invalid_request" in response .text
1514+ assert "Failed to fetch client metadata" in response .text
1515+
14821516
14831517class TestAuthorizeEndpointErrors :
14841518 """Test error handling in the OAuth authorization endpoint."""
0 commit comments