@jskit-ai/auth-web 0.1.56 → 0.1.58

package/package.descriptor.mjs

@@ -1,7 +1,7 @@
 export default Object.freeze({
   "packageVersion": 1,
   "packageId": "@jskit-ai/auth-web",
-  "version": "0.1.56",
+  "version": "0.1.58",
   "kind": "runtime",
   "description": "Auth web module: Fastify auth routes plus web login/sign-out scaffolds.",
   "dependsOn": [
@@ -219,11 +219,10 @@ export default Object.freeze({
       "runtime": {
         "@tanstack/vue-query": "5.92.12",
         "@mdi/js": "^7.4.47",
-        "@fastify/type-provider-typebox": "^6.1.0",
-        "@jskit-ai/auth-core": "0.1.54",
-        "@jskit-ai/http-runtime": "0.1.54",
-        "@jskit-ai/kernel": "0.1.55",
-        "@jskit-ai/shell-web": "0.1.54",
+        "@jskit-ai/auth-core": "0.1.56",
+        "@jskit-ai/http-runtime": "0.1.56",
+        "@jskit-ai/kernel": "0.1.57",
+        "@jskit-ai/shell-web": "0.1.56",
         "vuetify": "^4.0.0"
       },
       "dev": {}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jskit-ai/auth-web",
-  "version": "0.1.56",
+  "version": "0.1.58",
   "type": "module",
   "scripts": {
     "test": "node --test"
@@ -18,13 +18,16 @@
   },
   "dependencies": {
     "@tanstack/vue-query": "^5.90.5",
-    "@jskit-ai/auth-core": "0.1.54",
+    "@jskit-ai/auth-core": "0.1.56",
     "@mdi/js": "^7.4.47",
-    "@fastify/type-provider-typebox": "^6.1.0",
-    "@jskit-ai/kernel": "0.1.55",
-    "@jskit-ai/shell-web": "0.1.54",
+    "@jskit-ai/kernel": "0.1.57",
+    "@jskit-ai/shell-web": "0.1.56",
     "pinia": "^3.0.4",
     "vuetify": "^4.0.0",
-    "@jskit-ai/http-runtime": "0.1.54"
+    "@jskit-ai/http-runtime": "0.1.56"
+  },
+  "peerDependencies": {
+    "vue": "^3.5.13",
+    "vue-router": "^5.0.4"
   }
 }

package/src/client/composables/loginView/useLoginViewActions.js

@@ -150,7 +150,7 @@ export function useLoginViewActions({
       email: normalizedEmail,
       password: String(state.password.value || "")
     };
-    ensureCommandSectionValid(authRegisterCommand, "bodyValidator", registerPayload, "Unable to register.");
+    ensureCommandSectionValid(authRegisterCommand, "body", registerPayload, "Unable to register.");
 
     const registerResult = await request(AUTH_PATHS.REGISTER, {
       method: "POST",
@@ -178,7 +178,7 @@ export function useLoginViewActions({
     const forgotPayload = { email: normalizedEmail };
     ensureCommandSectionValid(
       authPasswordResetRequestCommand,
-      "bodyValidator",
+      "body",
       forgotPayload,
       "Unable to request password reset."
     );
@@ -196,7 +196,7 @@ export function useLoginViewActions({
       token: String(state.otpCode.value || "").trim(),
       type: "email"
     };
-    ensureCommandSectionValid(authLoginOtpVerifyCommand, "bodyValidator", otpPayload, "Unable to verify one-time code.");
+    ensureCommandSectionValid(authLoginOtpVerifyCommand, "body", otpPayload, "Unable to verify one-time code.");
 
     const otpResult = await request(AUTH_PATHS.LOGIN_OTP_VERIFY, {
       method: "POST",
@@ -215,7 +215,7 @@ export function useLoginViewActions({
       email: normalizedEmail,
       password: String(state.password.value || "")
     };
-    ensureCommandSectionValid(authLoginPasswordCommand, "bodyValidator", loginPayload, "Unable to sign in.");
+    ensureCommandSectionValid(authLoginPasswordCommand, "body", loginPayload, "Unable to sign in.");
 
     const loginResult = await request(AUTH_PATHS.LOGIN, {
       method: "POST",
@@ -284,7 +284,7 @@ export function useLoginViewActions({
       });
       ensureCommandSectionValid(
         authLoginOAuthCompleteCommand,
-        "bodyValidator",
+        "body",
         payload,
         "Invalid OAuth callback payload."
       );
@@ -358,7 +358,7 @@ export function useLoginViewActions({
       };
       ensureCommandSectionValid(
         authLoginOtpRequestCommand,
-        "bodyValidator",
+        "body",
         otpRequestPayload,
         "Unable to request one-time code."
       );
@@ -389,7 +389,7 @@ export function useLoginViewActions({
       };
       ensureCommandSectionValid(
         authRegisterConfirmationResendCommand,
-        "bodyValidator",
+        "body",
         resendPayload,
         "Unable to resend confirmation email."
       );
@@ -441,13 +441,13 @@ export function useLoginViewActions({
     try {
       ensureCommandSectionValid(
         authLoginOAuthStartCommand,
-        "paramsValidator",
+        "params",
         paramsPayload,
         "OAuth provider id is invalid."
       );
       ensureCommandSectionValid(
         authLoginOAuthStartCommand,
-        "queryValidator",
+        "query",
         queryPayload,
         "OAuth return path is invalid."
       );

package/src/client/composables/loginView/useLoginViewValidation.js

@@ -13,7 +13,7 @@ export function useLoginViewValidation({ state } = {}) {
   function resolveFieldErrorMessages({
     shouldValidate,
     commandResource,
-    section = "bodyValidator",
+    section = "body",
     payload,
     fieldName
   } = {}) {

package/src/client/providers/bootAuthClientProvider.js

@@ -2,8 +2,8 @@ import { AUTH_GUARD_RUNTIME_INJECTION_KEY } from "../runtime/inject.js";
 import { useAuthStore } from "../stores/useAuthStore.js";
 
 async function bootAuthClientProvider(app) {
-  if (!app || typeof app.make !== "function") {
-    throw new Error("AuthWebClientProvider requires application make().");
+  if (!app || typeof app.make !== "function" || typeof app.has !== "function") {
+    throw new Error("AuthWebClientProvider requires application make()/has().");
   }
 
   const authGuardRuntime = app.make("runtime.auth-guard.client");
@@ -15,6 +15,15 @@ async function bootAuthClientProvider(app) {
   authStore.attachRuntime(authGuardRuntime);
   await authStore.initialize();
 
+  if (app.has("runtime.web-bootstrap.client")) {
+    const bootstrapRuntime = app.make("runtime.web-bootstrap.client");
+    if (bootstrapRuntime && typeof bootstrapRuntime.refresh === "function") {
+      authStore.subscribe(() => {
+        void bootstrapRuntime.refresh("auth.state");
+      });
+    }
+  }
+
   if (!app.has("jskit.client.vue.app")) {
     return;
   }

package/src/server/providers/AuthWebServiceProvider.js

@@ -1,5 +1,29 @@
 import { AuthWebService } from "../services/AuthWebService.js";
 
+function parseBoolean(value, fallback = false) {
+  const raw = String(value || "").trim().toLowerCase();
+  if (!raw) {
+    return fallback;
+  }
+  if (["1", "true", "yes", "on"].includes(raw)) {
+    return true;
+  }
+  if (["0", "false", "no", "off"].includes(raw)) {
+    return false;
+  }
+  return fallback;
+}
+
+function resolveDevAuthBootstrapEnabled(scope) {
+  const env =
+    scope && typeof scope.has === "function" && scope.has("jskit.env")
+      ? scope.make("jskit.env")
+      : {};
+
+  return parseBoolean(env?.AUTH_DEV_BYPASS_ENABLED, false) &&
+    String(env?.NODE_ENV || "development").trim().toLowerCase() !== "production";
+}
+
 class AuthWebServiceProvider {
   static id = "auth.web";
 
@@ -14,8 +38,12 @@ class AuthWebServiceProvider {
     }
 
     app.singleton("auth.web.service", (scope) => {
-      const authService = scope.make("authService");
-      return new AuthWebService({ authService });
+      return new AuthWebService({
+        getAuthService() {
+          return scope.make("authService");
+        },
+        devAuthBootstrapEnabled: resolveDevAuthBootstrapEnabled(scope)
+      });
     });
   }
 }

package/src/server/routes/authRoutes.js

@@ -32,10 +32,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Register a new user"
       },
-      bodyValidator: authRegisterCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authRegisterCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          201: authRegisterCommand.operation.responseValidator
+          201: authRegisterCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -53,10 +53,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Resend sign-up email confirmation"
       },
-      bodyValidator: authRegisterConfirmationResendCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authRegisterConfirmationResendCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          200: authRegisterConfirmationResendCommand.operation.responseValidator
+          200: authRegisterConfirmationResendCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -74,10 +74,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Log in with configured credentials"
       },
-      bodyValidator: authLoginPasswordCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authLoginPasswordCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          200: authLoginPasswordCommand.operation.responseValidator
+          200: authLoginPasswordCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -95,10 +95,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Request one-time email login code"
       },
-      bodyValidator: authLoginOtpRequestCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authLoginOtpRequestCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          200: authLoginOtpRequestCommand.operation.responseValidator
+          200: authLoginOtpRequestCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -116,10 +116,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Verify one-time email login code and create session"
       },
-      bodyValidator: authLoginOtpVerifyCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authLoginOtpVerifyCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          200: authLoginOtpVerifyCommand.operation.responseValidator
+          200: authLoginOtpVerifyCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -138,11 +138,11 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Start OAuth login with configured provider"
       },
-      paramsValidator: authLoginOAuthStartCommand.operation.paramsValidator,
-      queryValidator: authLoginOAuthStartCommand.operation.queryValidator,
-      responseValidators: withStandardErrorResponses(
+      params: authLoginOAuthStartCommand.operation.params,
+      query: authLoginOAuthStartCommand.operation.query,
+      responses: withStandardErrorResponses(
         {
-          302: authLoginOAuthStartCommand.operation.responseValidator
+          302: authLoginOAuthStartCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -160,10 +160,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Complete OAuth code exchange and set session cookies"
       },
-      bodyValidator: authLoginOAuthCompleteCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authLoginOAuthCompleteCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          200: authLoginOAuthCompleteCommand.operation.responseValidator
+          200: authLoginOAuthCompleteCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -181,10 +181,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Dev-only: create a local session for an existing user"
       },
-      bodyValidator: authDevLoginAsCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authDevLoginAsCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          200: authDevLoginAsCommand.operation.responseValidator
+          200: authDevLoginAsCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -202,10 +202,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Request a password reset email"
       },
-      bodyValidator: authPasswordResetRequestCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authPasswordResetRequestCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          200: authPasswordResetRequestCommand.operation.responseValidator
+          200: authPasswordResetRequestCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -223,10 +223,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Complete password recovery link exchange"
       },
-      bodyValidator: authPasswordRecoveryCompleteCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authPasswordRecoveryCompleteCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          200: authPasswordRecoveryCompleteCommand.operation.responseValidator
+          200: authPasswordRecoveryCompleteCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -244,10 +244,10 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Set a new password for authenticated recovery session"
       },
-      bodyValidator: authPasswordResetCommand.operation.bodyValidator,
-      responseValidators: withStandardErrorResponses(
+      body: authPasswordResetCommand.operation.body,
+      responses: withStandardErrorResponses(
         {
-          200: authPasswordResetCommand.operation.responseValidator
+          200: authPasswordResetCommand.operation.response
         },
         { includeValidation400: true }
       ),
@@ -265,8 +265,8 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Log out and clear session cookies"
       },
-      responseValidators: withStandardErrorResponses({
-        200: authLogoutCommand.operation.responseValidator
+      responses: withStandardErrorResponses({
+        200: authLogoutCommand.operation.response
       }),
       handler: handler("logout")
     },
@@ -278,9 +278,9 @@ function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
         tags: ["auth"],
         summary: "Get current session status and CSRF token"
       },
-      responseValidators: withStandardErrorResponses({
-        200: authSessionReadCommand.operation.responseValidator,
-        503: authSessionReadCommand.operation.unavailableResponseValidator
+      responses: withStandardErrorResponses({
+        200: authSessionReadCommand.operation.response,
+        503: authSessionReadCommand.operation.unavailableResponse
       }),
       handler: handler("session")
     }

package/src/server/services/AuthWebService.js

@@ -1,11 +1,14 @@
 import { AUTH_ACTION_IDS } from "../constants/authActionIds.js";
 
 class AuthWebService {
-  constructor({ authService } = {}) {
-    if (!authService) {
-      throw new Error("authService is required.");
+  constructor({ authService, getAuthService, devAuthBootstrapEnabled } = {}) {
+    if (!authService && typeof getAuthService !== "function") {
+      throw new Error("authService or getAuthService is required.");
     }
-    this.authService = authService;
+    this.authService = authService || null;
+    this.getAuthService = typeof getAuthService === "function" ? getAuthService : null;
+    this.devAuthBootstrapEnabled =
+      typeof devAuthBootstrapEnabled === "boolean" ? devAuthBootstrapEnabled : null;
   }
 
   static get actionIds() {
@@ -68,9 +71,28 @@ class AuthWebService {
     });
   }
 
+  resolveAuthService() {
+    if (this.authService) {
+      return this.authService;
+    }
+    if (typeof this.getAuthService !== "function") {
+      throw new Error("authService is required.");
+    }
+
+    this.authService = this.getAuthService();
+    if (!this.authService) {
+      throw new Error("authService is required.");
+    }
+    return this.authService;
+  }
+
   isDevLoginAsAvailable() {
-    return typeof this.authService?.isDevAuthBootstrapEnabled === "function"
-      ? this.authService.isDevAuthBootstrapEnabled()
+    if (this.devAuthBootstrapEnabled != null) {
+      return this.devAuthBootstrapEnabled === true;
+    }
+    const authService = this.resolveAuthService();
+    return typeof authService?.isDevAuthBootstrapEnabled === "function"
+      ? authService.isDevAuthBootstrapEnabled()
       : false;
   }
 
@@ -109,20 +131,21 @@ class AuthWebService {
 
   writeSessionCookies(reply, session) {
     if (session && reply) {
-      this.authService.writeSessionCookies(reply, session);
+      this.resolveAuthService().writeSessionCookies(reply, session);
     }
   }
 
   clearSessionCookies(reply) {
     if (reply) {
-      this.authService.clearSessionCookies(reply);
+      this.resolveAuthService().clearSessionCookies(reply);
     }
   }
 
   getOAuthProviderCatalogPayload() {
+    const authService = this.resolveAuthService();
     const catalog =
-      typeof this.authService.getOAuthProviderCatalog === "function"
-        ? this.authService.getOAuthProviderCatalog()
+      typeof authService.getOAuthProviderCatalog === "function"
+        ? authService.getOAuthProviderCatalog()
         : null;
     const providers = Array.isArray(catalog?.providers)
       ? catalog.providers

package/test/clientSurface.test.js

@@ -37,15 +37,15 @@ test("auth-web exports runtime signout helpers directly", () => {
   assert.equal(typeof fromRuntimePerformSignOutRequest, "function");
 });
 
-test("auth-web removes legacy client wrapper modules", () => {
-  const legacyFiles = [
+test("auth-web removes copied client wrapper modules", () => {
+  const removedFiles = [
     "../src/client/composables/authHttpClient.js",
     "../src/client/composables/authGuardRuntime.js",
     "../src/client/composables/useSignOut.js",
     "../src/client/api/AuthHttpClient.js"
   ];
 
-  for (const relativePath of legacyFiles) {
+  for (const relativePath of removedFiles) {
     const absolutePath = fileURLToPath(new URL(relativePath, import.meta.url));
     assert.equal(existsSync(absolutePath), false, `${relativePath} must not exist.`);
   }

package/test/index.test.js

@@ -10,12 +10,12 @@ import { authLoginPasswordCommand } from "@jskit-ai/auth-core/shared/commands/au
 test("auth fastify adapter exports controller/routes backed by shared command validators", () => {
   assert.equal(typeof AuthController, "function");
   assert.equal(typeof buildRoutes, "function");
-  assert.ok(authLoginPasswordCommand.operation.bodyValidator.schema);
+  assert.ok(authLoginPasswordCommand.operation.body.schema);
 });
 
-test("auth-web no longer contains legacy server/schema directory", () => {
+test("auth-web does not contain src/server/schema", () => {
   const testFilePath = fileURLToPath(import.meta.url);
   const packageRoot = path.resolve(path.dirname(testFilePath), "..");
-  const legacySchemaDir = path.join(packageRoot, "src", "server", "schema");
-  assert.equal(existsSync(legacySchemaDir), false, "src/server/schema must not exist.");
+  const serverSchemaDirPath = path.join(packageRoot, "src", "server", "schema");
+  assert.equal(existsSync(serverSchemaDirPath), false, "src/server/schema must not exist.");
 });

package/test/provider.test.js

@@ -56,7 +56,7 @@ function createAuthRuntimeStub(initialState = {}) {
   };
 }
 
-function createAppDouble({ authGuardRuntime } = {}) {
+function createAppDouble({ authGuardRuntime, bootstrapRuntime = null } = {}) {
   const singletons = new Map();
   const singletonInstances = new Map();
   const provided = [];
@@ -88,6 +88,9 @@ function createAppDouble({ authGuardRuntime } = {}) {
       if (token === "runtime.auth-guard.client") {
         return true;
       }
+      if (token === "runtime.web-bootstrap.client") {
+        return Boolean(bootstrapRuntime);
+      }
       return singletons.has(token) || singletonInstances.has(token);
     },
     make(token) {
@@ -124,6 +127,9 @@ function createAppDouble({ authGuardRuntime } = {}) {
       if (token === "runtime.auth-guard.client") {
         return authGuardRuntime;
       }
+      if (token === "runtime.web-bootstrap.client") {
+        return bootstrapRuntime;
+      }
       if (singletonInstances.has(token)) {
         return singletonInstances.get(token);
       }
@@ -163,3 +169,30 @@ test("auth web client boot binds explicit Pinia store state and raw runtime inje
   const providedByKey = new Map(app.provided.map((entry) => [entry.key, entry.value]));
   assert.equal(providedByKey.get(AUTH_GUARD_RUNTIME_INJECTION_KEY), authGuardRuntime);
 });
+
+test("auth web client boot refreshes shared bootstrap runtime on auth changes", async () => {
+  const authGuardRuntime = createAuthRuntimeStub({
+    authenticated: false,
+    username: ""
+  });
+  const refreshCalls = [];
+  const app = createAppDouble({
+    authGuardRuntime,
+    bootstrapRuntime: {
+      async refresh(reason) {
+        refreshCalls.push(String(reason || ""));
+        return null;
+      }
+    }
+  });
+
+  await bootAuthClientProvider(app);
+  assert.deepEqual(refreshCalls, []);
+
+  authGuardRuntime.push({
+    authenticated: true,
+    username: "ada"
+  });
+
+  assert.deepEqual(refreshCalls, ["auth.state"]);
+});

package/test/providerRuntime.test.js

@@ -123,15 +123,12 @@ test("auth route provider registers routes and executes login/logout handlers",
   assert.equal(events.some((entry) => entry.type === "clearSession"), true);
 });
 
-test("auth route provider registers dev login route only when auth service enables it", async () => {
+test("auth route provider registers dev login route only when dev auth bypass is enabled in env", async () => {
   const fastify = createFastifyStub();
   const app = createApplication();
   const httpRuntime = createHttpRuntime({ app, fastify });
 
   const authService = {
-    isDevAuthBootstrapEnabled() {
-      return true;
-    },
     writeSessionCookies() {},
     clearSessionCookies() {},
     getOAuthProviderCatalog() {
@@ -139,6 +136,10 @@ test("auth route provider registers dev login route only when auth service enabl
     }
   };
 
+  app.instance("jskit.env", {
+    NODE_ENV: "development",
+    AUTH_DEV_BYPASS_ENABLED: "true"
+  });
   app.instance("authService", authService);
   app.instance("actionExecutor", {
     async execute({ actionId }) {
@@ -169,3 +170,51 @@ test("auth route provider registers dev login route only when auth service enabl
   assert.equal(devLoginReply.payload.userId, "7");
   assert.equal(devLoginReply.payload.username, "Dev Ada");
 });
+
+test("auth route provider does not resolve authService during boot", async () => {
+  const fastify = createFastifyStub();
+  const app = createApplication();
+  const httpRuntime = createHttpRuntime({ app, fastify });
+  let authServiceResolutions = 0;
+
+  app.singleton("authService", () => {
+    authServiceResolutions += 1;
+    return {
+      writeSessionCookies() {},
+      clearSessionCookies() {},
+      getOAuthProviderCatalog() {
+        return { providers: [], defaultProvider: "" };
+      }
+    };
+  });
+
+  app.instance("actionExecutor", {
+    async execute({ actionId }) {
+      if (actionId === "auth.login.password") {
+        return {
+          session: { access_token: "a", refresh_token: "r" },
+          profile: { displayName: "Ada" }
+        };
+      }
+      return {};
+    }
+  });
+
+  class MockAuthProvider {
+    static id = "auth.provider";
+  }
+
+  await app.start({ providers: [MockAuthProvider, AuthWebServiceProvider, AuthRouteServiceProvider] });
+  assert.equal(authServiceResolutions, 0);
+
+  const registration = httpRuntime.registerRoutes();
+  assert.equal(registration.routeCount > 0, true);
+  assert.equal(authServiceResolutions, 0);
+
+  const loginRoute = fastify.routes.find((route) => route.method === "POST" && route.url === "/api/login");
+  assert.ok(loginRoute);
+  const loginReply = createReplyStub();
+  await loginRoute.handler({ body: { email: "ada@example.com", password: "pass" } }, loginReply);
+  assert.equal(loginReply.statusCode, 200);
+  assert.equal(authServiceResolutions, 1);
+});