Add RSpec suite with WebMock: core, OAuth, pagination, and resource behavior

spec/fiken/oauth_spec.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+RSpec.describe Fiken::OAuth do
+  subject(:oauth) do
+    described_class.new(client_id: "id", client_secret: "secret", redirect_uri: "https://app/cb")
+  end
+
+  describe "#authorize_url" do
+    it "builds the authorize URL with the expected query params" do
+      url = oauth.authorize_url(state: "xyz")
+      query = URI.decode_www_form(URI(url).query).to_h
+
+      expect(url).to start_with("https://fiken.no/oauth/authorize?")
+      expect(query).to include(
+        "response_type" => "code",
+        "client_id" => "id",
+        "redirect_uri" => "https://app/cb",
+        "state" => "xyz"
+      )
+    end
+  end
+
+  describe "#exchange_code" do
+    it "POSTs the code with Basic auth and returns the token" do
+      stub_request(:post, "https://fiken.no/oauth/token")
+        .with(
+          body: hash_including("grant_type" => "authorization_code", "code" => "the-code"),
+          headers: { "Authorization" => "Basic #{Base64.strict_encode64('id:secret')}" }
+        )
+        .to_return(
+          status: 200,
+          body: JSON.generate("access_token" => "AT", "refresh_token" => "RT", "expires_in" => 3600),
+          headers: { "Content-Type" => "application/json" }
+        )
+
+      token = oauth.exchange_code("the-code")
+
+      expect(token.access_token).to eq("AT")
+      expect(token.refresh_token).to eq("RT")
+    end
+  end
+
+  describe "#refresh" do
+    it "POSTs the refresh grant" do
+      stub_request(:post, "https://fiken.no/oauth/token")
+        .with(body: hash_including("grant_type" => "refresh_token", "refresh_token" => "RT"))
+        .to_return(
+          status: 200,
+          body: JSON.generate("access_token" => "AT2"),
+          headers: { "Content-Type" => "application/json" }
+        )
+
+      expect(oauth.refresh("RT").access_token).to eq("AT2")
+    end
+  end
+end