Packages/kandi-login/Conformance Validator
🔐

kandi-login

Integration Conformance Validator

Point this at your server to verify your kandi-login/server integration is implemented correctly. Tests validate all auth endpoints, JWT structure, token lifecycle, test personas, and UserAdapter conformance.

Full: .../login
Try the reference server:

Connection

Server reachable

OPTIONS request returns CORS headers

Error Handling

POST /native → missing token

Returns 400 when id_token is missing

POST /refresh → invalid token

Returns 401 for invalid refresh token

GET /validate → no bearer

Returns 401 without Authorization header

POST /logout → 200

Returns 200 for stateless logout

OAuth Redirect

GET /login → redirect

Returns 302 redirect to OAuth provider

Test Personas

POST /test/seed

Creates test personas in database via UserAdapter

GET /test/personas

Returns list of available test personas

POST /test/login-as

Signs real JWTs for a test persona

Token Lifecycle

GET /validate → valid bearer

Returns user profile for valid access token

POST /refresh → valid token

Returns new access + refresh token pair (rolling)

JWT claims structure

Access token contains sub, email, iss, type="access"

UserAdapter Conformance

Idempotent seed

Re-seeding does not duplicate users (findByProviderId works)

getUserById

Validate endpoint resolves user from token sub claim

User shape

Returned user has required id and email fields

What this validates

createAuthServer() returns all 6 handlers + 3 test handlers
JWT access tokens contain sub, email, iss, type claims
Error responses use correct HTTP status codes (400, 401)
Rolling refresh returns both new access and refresh tokens
UserAdapter.findByProviderId() prevents duplicate users on re-seed
UserAdapter.getUserById() resolves user from JWT sub claim
Test personas are seeded via the same UserAdapter as production
KandiLoginUser shape has required id and email fields
View kandi-login documentation and source