test(oauth2provider): deflake OAuth2 metadata tests with readiness wait

ThomasK33 · ThomasK33 · commit 652ebde6d678 · 2025-09-12T15:55:57.000+02:00
Fix flake in TestOAuth2AuthorizationServerMetadata by polling the .well-known endpoints until they return 200 and valid JSON, using testutil.Eventually. Root cause: the test server can accept requests before the real handler is installed in coderdtest, returning 200 with an empty body which causes JSON decode EOF. The readiness loop avoids this race without sleeps and holds under t.Parallel(). This fixes the following issue: coder/internal#996 Change-Id: I466815d35f03bb75ef448d6f3431cd4b6efe2570 Signed-off-by: Thomas Kosiewski <tk@coder.com>
diff --git a/coderd/oauth2provider/metadata_test.go b/coderd/oauth2provider/metadata_test.go
@@ -23,20 +23,29 @@ func TestOAuth2AuthorizationServerMetadata(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 	defer cancel()
 
-	// Use a plain HTTP client since this endpoint doesn't require authentication
+	// Use a plain HTTP client since this endpoint doesn't require authentication.
+	// Add a short readiness wait to avoid rare races with server startup.
 	endpoint := serverURL.ResolveReference(&url.URL{Path: "/.well-known/oauth-authorization-server"}).String()
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
-	require.NoError(t, err)
-
-	resp, err := http.DefaultClient.Do(req)
-	require.NoError(t, err)
-	defer resp.Body.Close()
-
-	require.Equal(t, http.StatusOK, resp.StatusCode)
-
 	var metadata codersdk.OAuth2AuthorizationServerMetadata
-	err = json.NewDecoder(resp.Body).Decode(&metadata)
-	require.NoError(t, err)
+	ok := testutil.Eventually(ctx, t, func(ctx context.Context) (done bool) {
+		req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
+		if err != nil {
+			return false
+		}
+		resp, err := http.DefaultClient.Do(req)
+		if err != nil {
+			return false
+		}
+		defer resp.Body.Close()
+		if resp.StatusCode != http.StatusOK {
+			return false
+		}
+		if err := json.NewDecoder(resp.Body).Decode(&metadata); err != nil {
+			return false
+		}
+		return true
+	}, testutil.IntervalFast)
+	require.True(t, ok, "authorization server metadata endpoint not ready in time")
 
 	// Verify the metadata
 	require.NotEmpty(t, metadata.Issuer)
@@ -57,20 +66,29 @@ func TestOAuth2ProtectedResourceMetadata(t *testing.T) {
 	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 	defer cancel()
 
-	// Use a plain HTTP client since this endpoint doesn't require authentication
+	// Use a plain HTTP client since this endpoint doesn't require authentication.
+	// Add a short readiness wait to avoid rare races with server startup.
 	endpoint := serverURL.ResolveReference(&url.URL{Path: "/.well-known/oauth-protected-resource"}).String()
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
-	require.NoError(t, err)
-
-	resp, err := http.DefaultClient.Do(req)
-	require.NoError(t, err)
-	defer resp.Body.Close()
-
-	require.Equal(t, http.StatusOK, resp.StatusCode)
-
 	var metadata codersdk.OAuth2ProtectedResourceMetadata
-	err = json.NewDecoder(resp.Body).Decode(&metadata)
-	require.NoError(t, err)
+	ok := testutil.Eventually(ctx, t, func(ctx context.Context) (done bool) {
+		req, err := http.NewRequestWithContext(ctx, http.MethodGet, endpoint, nil)
+		if err != nil {
+			return false
+		}
+		resp, err := http.DefaultClient.Do(req)
+		if err != nil {
+			return false
+		}
+		defer resp.Body.Close()
+		if resp.StatusCode != http.StatusOK {
+			return false
+		}
+		if err := json.NewDecoder(resp.Body).Decode(&metadata); err != nil {
+			return false
+		}
+		return true
+	}, testutil.IntervalFast)
+	require.True(t, ok, "protected resource metadata endpoint not ready in time")
 
 	// Verify the metadata
 	require.NotEmpty(t, metadata.Resource)
