refactor(keycloak): remove authentik naming and switch to keycloak-only paths

2026-04-01 02:01:41 +08:00
parent 34fc865b30
commit 0bc667847d
21 changed files with 368 additions and 681 deletions
--- a/tests/test_idp_jwt.py
+++ b/tests/test_idp_jwt.py
@@ -0,0 +1,17 @@
+from fastapi.testclient import TestClient
+
+from app.main import app
+from app.security.idp_jwt import KeycloakTokenVerifier
+
+
+def test_infer_jwks_url() -> None:
+    assert KeycloakTokenVerifier._infer_jwks_url("https://auth.ose.tw/application/o/member/") == (
+        "https://auth.ose.tw/application/o/member/protocol/openid-connect/certs"
+    )
+
+
+def test_me_requires_bearer_token() -> None:
+    client = TestClient(app)
+    resp = client.get("/me")
+    assert resp.status_code == 401
+    assert resp.json()["detail"] == "missing_bearer_token"