explain valid token in apikey_test.go

spikecurtis · web-flow · commit 05131e29e4c5 · 2025-05-19T11:10:32.000+04:00
diff --git a/coderd/httpmw/apikey_test.go b/coderd/httpmw/apikey_test.go
@@ -530,10 +530,13 @@ func TestAPIKey(t *testing.T) {
 		)
 		r.Header.Set(codersdk.SessionTokenHeader, token)
 
-		oauthToken := &oauth2.Token{
-			AccessToken:  "wow",
-			RefreshToken: "moo",
-			Expiry:       dbtime.Now().AddDate(0, 0, 1),
+		// Include a valid oauth token for refreshing. If this token is invalid,
+		// it is difficult to tell an auth failure from a expired api key, or 
+		// an expired oauth key.
+		oauthToken := &oauth2.Token{
+			AccessToken:  "wow",
+			RefreshToken: "moo",
+			Expiry:       dbtime.Now().AddDate(0, 0, 1),
 		}
 		httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{
 			DB: db,
