Multi-module Maven structure:
- pom.xml (parent POM)
- game-platform/ (Quarkus app — Game Platform/Identity Provider)
- game-provider/ (Quarkus app — Game Provider)
How to run and test locally (from repo root). Start each module directly:
- mvn -pl game-platform quarkus:dev
- mvn -pl game-provider quarkus:dev
NOTE: The following test cases are described using Postman tool, but feel free to use any other tool you prefer. It's just a simple API :)
-
Login to Game-Platform
POST http://localhost:8081/player/login Body: {"username":"test","password":"test"}
-
Verify Response:
- Status: 200
- Body:
{"username": "test", "status": "ok"} - Cookie:
PLATFORM_SESSwith value is returned
-
Get Game Token
POST http://localhost:8081/issue Body: {"gameId":"game-roulette"}
Note: Include session cookie in request
-
Verify Token Response:
- Status: 200
- Body:
{"token": "your.new_ready_to_use_shiny.token"}
-
Access Game Provider
POST http://localhost:8080/game-roulette/play
Authorization:
- Type: Bearer Token
- Token: use previously received token
-
Verify Game Access:
- Status: 200
- Body:
{ "gameId": "game-roulette", "status": "ok" }
-
Attempt Game Access Without Token
POST http://localhost:8080/game-roulette/play
No token provided
-
Verify Unauthorized Response:
- Status: 401
- Body:
{ "error": "missing_token", "message": "Authorization header missing" }
successfully authenticated against that Platform.
-
Login to Game-Platform
POST http://localhost:8081/player/login Body: {"username":"test","password":"test"}
-
Verify Login Response:
- Status: 200
- Body:
{"username": "test", "status": "ok"} - Cookie:
PLATFORM_SESSwith value is returned
-
Request Token for Unauthorized Game
POST http://localhost:8081/issue Body: {"gameId":"this-game-is-not-allowed-for-our-game-provider-but-we-try-anyways"}
Include session cookie in request
-
Verify Token Response:
- Status: 200
- Body:
{"token": "your.new_ready_to_use_shiny.token"}
-
Attempt Unauthorized Game Access
POST http://localhost:8080/this-game-is-not-allowed-for-our-game-provider-but-we-try-anyways/play
Include bearer token in Authorization header
-
Verify Forbidden Response:
- Status: 403
- Body:
{ "error": "game_not_allowed_for_platform", "message": "game_not_allowed_for_platform" }