@optimizely-opal/opal-tool-ocp-sdk 0.0.0-beta.10 → 0.0.0-beta.11

package/src/function/ToolFunction.test.ts

@@ -1,23 +1,21 @@
 import { ToolFunction } from './ToolFunction';
 import { toolsService } from '../service/Service';
-import { Response, getAppContext } from '@zaiusinc/app-sdk';
-import { getTokenVerifier } from '../auth/TokenVerifier';
+import { Response } from '@zaiusinc/app-sdk';
 
-// Mock the dependencies
+// Mock the toolsService
 jest.mock('../service/Service', () => ({
   toolsService: {
     processRequest: jest.fn(),
+    extractBearerToken: jest.fn(),
   },
 }));
 
-jest.mock('../auth/TokenVerifier', () => ({
-  getTokenVerifier: jest.fn(),
-}));
-
+// Mock the Request and Response classes and Function base class
 jest.mock('@zaiusinc/app-sdk', () => ({
   Function: class {
     protected request: any;
     public constructor(_name?: string) {
+      // Mock constructor that accepts optional name parameter
       this.request = {};
     }
   },
@@ -29,34 +27,41 @@ jest.mock('@zaiusinc/app-sdk', () => ({
     bodyAsU8Array: new Uint8Array()
   })),
   amendLogContext: jest.fn(),
-  getAppContext: jest.fn(),
-  logger: {
-    info: jest.fn(),
-    error: jest.fn(),
-    warn: jest.fn(),
-    debug: jest.fn(),
-  },
 }));
 
 // Create a concrete implementation for testing
 class TestToolFunction extends ToolFunction {
+  private mockValidateBearerToken: jest.MockedFunction<(token: string) => boolean>;
   private mockReady: jest.MockedFunction<() => Promise<boolean>>;
 
   public constructor(request?: any) {
-    super(request || {});
+    super(request || {}); // Pass the request parameter properly
+    // Set the request directly without defaulting to empty object
     (this as any).request = request;
+
+    this.mockValidateBearerToken = jest.fn().mockReturnValue(true);
     this.mockReady = jest.fn().mockResolvedValue(true);
   }
 
+  // Override the concrete method with mock implementation for testing
+  protected validateBearerToken(bearerToken: string): boolean {
+    return this.mockValidateBearerToken(bearerToken);
+  }
+
   // Override the ready method with mock implementation for testing
   protected ready(): Promise<boolean> {
     return this.mockReady();
   }
 
+  // Expose request and validation mock for testing
   public getRequest() {
     return (this as any).request;
   }
 
+  public getMockValidateBearerToken() {
+    return this.mockValidateBearerToken;
+  }
+
   public getMockReady() {
     return this.mockReady;
   }
@@ -67,99 +72,35 @@ describe('ToolFunction', () => {
   let mockResponse: Response;
   let toolFunction: TestToolFunction;
   let mockProcessRequest: jest.MockedFunction<typeof toolsService.processRequest>;
-  let mockGetTokenVerifier: jest.MockedFunction<typeof getTokenVerifier>;
-  let mockGetAppContext: jest.MockedFunction<typeof getAppContext>;
-  let mockTokenVerifier: jest.Mocked<{
-    verify: (token: string) => Promise<any>;
-  }>;
+  let mockExtractBearerToken: jest.MockedFunction<typeof toolsService.extractBearerToken>;
 
   beforeEach(() => {
     jest.clearAllMocks();
 
-    // Create mock token verifier
-    mockTokenVerifier = {
-      verify: jest.fn(),
-    };
-
-    // Setup the mocks
-    mockProcessRequest = jest.mocked(toolsService.processRequest);
-    mockGetTokenVerifier = jest.mocked(getTokenVerifier);
-    mockGetAppContext = jest.mocked(getAppContext);
-
-    mockGetTokenVerifier.mockResolvedValue(mockTokenVerifier as any);
-    mockGetAppContext.mockReturnValue({
-      account: {
-        organizationId: 'app-org-123'
-      }
-    } as any);
-
-    // Create mock request with bodyJSON structure
+    // Create mock instances
     mockRequest = {
       headers: new Map(),
       method: 'POST',
-      path: '/test',
-      bodyJSON: {
-        parameters: {
-          task_id: 'task-123',
-          content_id: 'content-456'
-        },
-        auth: {
-          provider: 'OptiID',
-          credentials: {
-            token_type: 'Bearer',
-            access_token: 'valid-access-token',
-            org_sso_id: 'org-sso-123',
-            user_id: 'user-456',
-            instance_id: 'instance-789',
-            customer_id: 'app-org-123',
-            product_sku: 'OPAL'
-          }
-        },
-        environment: {
-          execution_mode: 'headless'
-        }
-      }
+      path: '/test'
     };
-
     mockResponse = {} as Response;
-    toolFunction = new TestToolFunction(mockRequest);
-  });
 
-  // Helper function to create a ready request with valid auth
-  const createReadyRequestWithAuth = () => ({
-    headers: new Map(),
-    method: 'GET',
-    path: '/ready',
-    bodyJSON: {
-      auth: {
-        provider: 'OptiID',
-        credentials: {
-          access_token: 'valid-token',
-          customer_id: 'app-org-123'
-        }
-      }
-    }
-  });
+    // Setup the mocks
+    mockProcessRequest = jest.mocked(toolsService.processRequest);
+    mockExtractBearerToken = jest.mocked(toolsService.extractBearerToken);
 
-  // Helper function to setup authorization mocks to pass
-  const setupAuthMocks = () => {
-    mockTokenVerifier.verify.mockResolvedValue(true);
-    mockGetAppContext.mockReturnValue({
-      account: {
-        organizationId: 'app-org-123'
-      }
-    } as any);
-  };
+    // Create test instance
+    toolFunction = new TestToolFunction(mockRequest);
+  });
 
   describe('/ready endpoint', () => {
-    beforeEach(() => {
-      setupAuthMocks();
-    });
-
     it('should return ready: true when ready method returns true', async () => {
       // Arrange
-      const readyRequest = createReadyRequestWithAuth();
-
+      const readyRequest = {
+        headers: new Map(),
+        method: 'GET',
+        path: '/ready'
+      };
       toolFunction = new TestToolFunction(readyRequest);
       toolFunction.getMockReady().mockResolvedValue(true);
 
@@ -174,8 +115,11 @@ describe('ToolFunction', () => {
 
     it('should return ready: false when ready method returns false', async () => {
       // Arrange
-      const readyRequest = createReadyRequestWithAuth();
-
+      const readyRequest = {
+        headers: new Map(),
+        method: 'GET',
+        path: '/ready'
+      };
       toolFunction = new TestToolFunction(readyRequest);
       toolFunction.getMockReady().mockResolvedValue(false);
 
@@ -190,8 +134,11 @@ describe('ToolFunction', () => {
 
     it('should handle ready method throwing an error', async () => {
       // Arrange
-      const readyRequest = createReadyRequestWithAuth();
-
+      const readyRequest = {
+        headers: new Map(),
+        method: 'GET',
+        path: '/ready'
+      };
       toolFunction = new TestToolFunction(readyRequest);
       toolFunction.getMockReady().mockRejectedValue(new Error('Ready check failed'));
 
@@ -201,6 +148,52 @@ describe('ToolFunction', () => {
       expect(mockProcessRequest).not.toHaveBeenCalled(); // Should not call service
     });
 
+    it('should handle /ready endpoint after bearer token validation passes', async () => {
+      // Arrange
+      const readyRequest = {
+        headers: new Map([['authorization', 'Bearer valid-token']]),
+        method: 'GET',
+        path: '/ready'
+      };
+      toolFunction = new TestToolFunction(readyRequest);
+      toolFunction.getMockReady().mockResolvedValue(true);
+      mockExtractBearerToken.mockReturnValue('valid-token');
+      toolFunction.getMockValidateBearerToken().mockReturnValue(true); // Make sure auth passes so we reach /ready
+
+      // Act
+      const result = await toolFunction.perform();
+
+      // Assert
+      expect(toolFunction.getMockReady()).toHaveBeenCalledTimes(1);
+      expect(result).toEqual(new Response(200, { ready: true }));
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(readyRequest.headers); // Auth is checked first
+      expect(toolFunction.getMockValidateBearerToken()).toHaveBeenCalledWith('valid-token'); // Auth validation happens
+      expect(mockProcessRequest).not.toHaveBeenCalled(); // Should not call service
+    });
+
+    it('should return 403 when bearer token validation fails even for /ready endpoint', async () => {
+      // Arrange
+      const readyRequest = {
+        headers: new Map([['authorization', 'Bearer invalid-token']]),
+        method: 'GET',
+        path: '/ready'
+      };
+      toolFunction = new TestToolFunction(readyRequest);
+      toolFunction.getMockReady().mockResolvedValue(true);
+      mockExtractBearerToken.mockReturnValue('invalid-token');
+      toolFunction.getMockValidateBearerToken().mockReturnValue(false); // Auth fails
+
+      // Act
+      const result = await toolFunction.perform();
+
+      // Assert
+      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(readyRequest.headers);
+      expect(toolFunction.getMockValidateBearerToken()).toHaveBeenCalledWith('invalid-token');
+      expect(toolFunction.getMockReady()).not.toHaveBeenCalled(); // Should not reach ready check
+      expect(mockProcessRequest).not.toHaveBeenCalled(); // Should not call service
+    });
+
     it('should use default ready implementation when not overridden', async () => {
       // Create a class that doesn't override ready method
       class DefaultReadyToolFunction extends ToolFunction {
@@ -215,7 +208,11 @@ describe('ToolFunction', () => {
       }
 
       // Arrange
-      const readyRequest = createReadyRequestWithAuth();
+      const readyRequest = {
+        headers: new Map(),
+        method: 'GET',
+        path: '/ready'
+      };
       const defaultToolFunction = new DefaultReadyToolFunction(readyRequest);
 
       // Act
@@ -227,136 +224,159 @@ describe('ToolFunction', () => {
     });
   });
 
-  describe('perform', () => {
-    it('should execute successfully with valid token and matching organization', async () => {
-      // Setup mock token verifier to return true for valid token
-      mockTokenVerifier.verify.mockResolvedValue(true);
+  describe('bearer token validation', () => {
+    it('should extract bearer token from headers and validate it', async () => {
+      // Arrange
+      const bearerToken = 'valid-token-123';
+      mockExtractBearerToken.mockReturnValue(bearerToken);
+      toolFunction.getMockValidateBearerToken().mockReturnValue(true);
       mockProcessRequest.mockResolvedValue(mockResponse);
 
+      // Act
       const result = await toolFunction.perform();
 
-      expect(result).toBe(mockResponse);
-      expect(mockGetTokenVerifier).toHaveBeenCalled();
-      expect(mockTokenVerifier.verify).toHaveBeenCalledWith('valid-access-token');
-      expect(mockGetAppContext).toHaveBeenCalled();
+      // Assert
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(mockRequest.headers);
+      expect(toolFunction.getMockValidateBearerToken()).toHaveBeenCalledWith(bearerToken);
       expect(mockProcessRequest).toHaveBeenCalledWith(mockRequest, toolFunction);
+      expect(result).toBe(mockResponse);
     });
 
-    it('should return 403 response with invalid token', async () => {
-      // Setup mock token verifier to return false
-      mockTokenVerifier.verify.mockResolvedValue(false);
+    it('should return 403 Forbidden when bearer token validation fails', async () => {
+      // Arrange
+      const bearerToken = 'invalid-token-456';
+      mockExtractBearerToken.mockReturnValue(bearerToken);
+      toolFunction.getMockValidateBearerToken().mockReturnValue(false);
 
+      // Act
       const result = await toolFunction.perform();
 
-      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
-      expect(mockGetTokenVerifier).toHaveBeenCalled();
-      expect(mockTokenVerifier.verify).toHaveBeenCalledWith('valid-access-token');
+      // Assert
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(mockRequest.headers);
+      expect(toolFunction.getMockValidateBearerToken()).toHaveBeenCalledWith(bearerToken);
       expect(mockProcessRequest).not.toHaveBeenCalled();
+      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
     });
 
-    it('should return 403 response when organization ID does not match', async () => {
-      // Update mock request with different customer_id
-      const requestWithDifferentOrgId = {
-        ...mockRequest,
-        bodyJSON: {
-          ...mockRequest.bodyJSON,
-          auth: {
-            ...mockRequest.bodyJSON.auth,
-            credentials: {
-              ...mockRequest.bodyJSON.auth.credentials,
-              customer_id: 'different-org-123'
-            }
-          }
-        }
-      };
+    it('should handle complex bearer token validation scenarios', async () => {
+      // Arrange - simulate a token that should be valid based on some complex logic
+      const complexToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9l' +
+        'IiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';
+      mockExtractBearerToken.mockReturnValue(complexToken);
+      toolFunction.getMockValidateBearerToken().mockReturnValue(true);
+      mockProcessRequest.mockResolvedValue(mockResponse);
 
-      const toolFunctionWithDifferentOrgId = new TestToolFunction(requestWithDifferentOrgId);
+      // Act
+      const result = await toolFunction.perform();
+
+      // Assert
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(mockRequest.headers);
+      expect(toolFunction.getMockValidateBearerToken()).toHaveBeenCalledWith(complexToken);
+      expect(mockProcessRequest).toHaveBeenCalledWith(mockRequest, toolFunction);
+      expect(result).toBe(mockResponse);
+    });
 
-      const result = await toolFunctionWithDifferentOrgId.perform();
+    it('should handle bearer token validation throwing an error', async () => {
+      // Arrange
+      const bearerToken = 'malformed-token';
+      mockExtractBearerToken.mockReturnValue(bearerToken);
+      toolFunction.getMockValidateBearerToken().mockImplementation(() => {
+        throw new Error('Token validation error');
+      });
 
-      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
-      expect(mockGetAppContext).toHaveBeenCalled();
+      // Act & Assert
+      await expect(toolFunction.perform()).rejects.toThrow('Token validation error');
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(mockRequest.headers);
+      expect(toolFunction.getMockValidateBearerToken()).toHaveBeenCalledWith(bearerToken);
       expect(mockProcessRequest).not.toHaveBeenCalled();
     });
 
-    it('should return 403 response when access token is missing', async () => {
-      // Create request without access token
-      const requestWithoutToken = {
-        ...mockRequest,
-        bodyJSON: {
-          ...mockRequest.bodyJSON,
-          auth: {
-            ...mockRequest.bodyJSON.auth,
-            credentials: {
-              ...mockRequest.bodyJSON.auth.credentials,
-              access_token: undefined
-            }
-          }
-        }
-      };
-
-      const toolFunctionWithoutToken = new TestToolFunction(requestWithoutToken);
+    it('should call validateBearerToken only once per request', async () => {
+      // Arrange
+      const bearerToken = 'test-token';
+      mockExtractBearerToken.mockReturnValue(bearerToken);
+      toolFunction.getMockValidateBearerToken().mockReturnValue(true);
+      mockProcessRequest.mockResolvedValue(mockResponse);
 
-      const result = await toolFunctionWithoutToken.perform();
+      // Act
+      await toolFunction.perform();
 
-      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
-      expect(mockGetTokenVerifier).not.toHaveBeenCalled();
-      expect(mockProcessRequest).not.toHaveBeenCalled();
+      // Assert
+      expect(toolFunction.getMockValidateBearerToken()).toHaveBeenCalledTimes(1);
+      expect(toolFunction.getMockValidateBearerToken()).toHaveBeenCalledWith(bearerToken);
     });
 
-    it('should return 403 response when organisation id is missing', async () => {
-      // Create request without customer_id
-      const requestWithoutCustomerId = {
-        ...mockRequest,
-        bodyJSON: {
-          ...mockRequest.bodyJSON,
-          auth: {
-            ...mockRequest.bodyJSON.auth,
-            credentials: {
-              ...mockRequest.bodyJSON.auth.credentials,
-              customer_id: undefined
-            }
-          }
-        }
-      };
-
-      const toolFunctionWithoutCustomerId = new TestToolFunction(requestWithoutCustomerId);
+    it('should extract bearer token only once per request', async () => {
+      // Arrange
+      const bearerToken = 'test-token';
+      mockExtractBearerToken.mockReturnValue(bearerToken);
+      toolFunction.getMockValidateBearerToken().mockReturnValue(true);
+      mockProcessRequest.mockResolvedValue(mockResponse);
 
-      const result = await toolFunctionWithoutCustomerId.perform();
+      // Act
+      await toolFunction.perform();
 
-      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
-      expect(mockGetTokenVerifier).not.toHaveBeenCalled();
-      expect(mockProcessRequest).not.toHaveBeenCalled();
+      // Assert
+      expect(mockExtractBearerToken).toHaveBeenCalledTimes(1);
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(mockRequest.headers);
     });
 
-    it('should return 403 response when auth structure is missing', async () => {
-      // Create request without auth structure
-      const requestWithoutAuth = {
-        ...mockRequest,
-        bodyJSON: {
-          parameters: mockRequest.bodyJSON.parameters,
-          environment: mockRequest.bodyJSON.environment
-        }
-      };
-
-      const toolFunctionWithoutAuth = new TestToolFunction(requestWithoutAuth);
+    it('should skip validation when bearer token is undefined', async () => {
+      // Arrange
+      mockExtractBearerToken.mockReturnValue(undefined);
+      mockProcessRequest.mockResolvedValue(mockResponse);
 
-      const result = await toolFunctionWithoutAuth.perform();
+      // Act
+      const result = await toolFunction.perform();
 
-      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
-      expect(mockGetTokenVerifier).not.toHaveBeenCalled();
-      expect(mockProcessRequest).not.toHaveBeenCalled();
+      // Assert
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(mockRequest.headers);
+      expect(toolFunction.getMockValidateBearerToken()).not.toHaveBeenCalled();
+      expect(mockProcessRequest).toHaveBeenCalledWith(mockRequest, toolFunction);
+      expect(result).toBe(mockResponse);
     });
 
-    it('should return 403 response when token verifier initialization fails', async () => {
-      // Setup mock to fail during token verifier initialization
-      mockGetTokenVerifier.mockRejectedValue(new Error('Failed to initialize token verifier'));
+    it('should skip validation when bearer token is empty string', async () => {
+      // Arrange
+      mockExtractBearerToken.mockReturnValue('');
+      mockProcessRequest.mockResolvedValue(mockResponse);
 
+      // Act
       const result = await toolFunction.perform();
 
-      expect(result).toEqual(new Response(403, { error: 'Forbidden' }));
-      expect(mockGetTokenVerifier).toHaveBeenCalled();
-      expect(mockProcessRequest).not.toHaveBeenCalled();
+      // Assert
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(mockRequest.headers);
+      expect(toolFunction.getMockValidateBearerToken()).not.toHaveBeenCalled();
+      expect(mockProcessRequest).toHaveBeenCalledWith(mockRequest, toolFunction);
+      expect(result).toBe(mockResponse);
+    });
+
+    it('should use default validateBearerToken implementation when not overridden', async () => {
+      // Create a class that doesn't override validateBearerToken
+      class DefaultToolFunction extends ToolFunction {
+        public constructor(request?: any) {
+          super(request || {});
+          (this as any).request = request;
+        }
+
+        public getRequest() {
+          return (this as any).request;
+        }
+      }
+
+      // Arrange
+      const defaultToolFunction = new DefaultToolFunction(mockRequest);
+      const bearerToken = 'any-token';
+      mockExtractBearerToken.mockReturnValue(bearerToken);
+      mockProcessRequest.mockResolvedValue(mockResponse);
+
+      // Act
+      const result = await defaultToolFunction.perform();
+
+      // Assert - Default implementation should return true and allow request to proceed
+      expect(mockExtractBearerToken).toHaveBeenCalledWith(mockRequest.headers);
+      expect(mockProcessRequest).toHaveBeenCalledWith(mockRequest, defaultToolFunction);
+      expect(result).toBe(mockResponse);
     });
   });
 

package/src/function/ToolFunction.ts

@@ -1,7 +1,5 @@
-import { Function, Response, amendLogContext, getAppContext, logger } from '@zaiusinc/app-sdk';
+import { Function, Response, amendLogContext } from '@zaiusinc/app-sdk';
 import { toolsService } from '../service/Service';
-import { getTokenVerifier } from '../auth/TokenVerifier';
-import { OptiIdAuthData } from '../types/Models';
 
 /**
  * Abstract base class for tool-based function execution
@@ -26,7 +24,8 @@ export abstract class ToolFunction extends Function {
    */
   public async perform(): Promise<Response> {
     amendLogContext({ opalThreadId: this.request.headers.get('x-opal-thread-id') || '' });
-    if (!(await this.authorizeRequest())) {
+    const bearerToken = toolsService.extractBearerToken(this.request.headers);
+    if (bearerToken && !this.validateBearerToken(bearerToken)) {
       return new Response(403, { error: 'Forbidden' });
     }
 
@@ -39,48 +38,15 @@ export abstract class ToolFunction extends Function {
   }
 
   /**
-   * Authenticate the incoming request by validating the OptiID token and organization ID
+   * Validates the bearer token for authorization.
    *
-   * @throws true if authentication succeeds
+   * This method provides a default implementation that accepts all tokens.
+   * Subclasses can override this method to implement custom bearer token validation logic.
+   *
+   * @param _bearerToken - The bearer token extracted from the Authorization header
+   * @returns true if the token is valid and the request should proceed, false to return 403 Forbidden
    */
-  private async authorizeRequest(): Promise<boolean> {
-    if (this.request.path === '/discovery' || this.request.path === '/ready') {
-      return true;
-    }
-    logger.debug('Authorizing request:', this.request.bodyJSON);
-    const authData = this.request.bodyJSON?.auth as OptiIdAuthData;
-    const accessToken = authData?.credentials?.access_token;
-    if (!accessToken || authData?.provider?.toLowerCase() !== 'optiid') {
-      logger.error('OptiID token is required but not provided');
-      return false;
-    }
-
-    const customerId = authData.credentials?.customer_id;
-    if (!customerId) {
-      logger.error('Organisation ID is required but not provided');
-      return false;
-    }
-
-    const appOrganisationId = getAppContext().account.organizationId;
-    if (customerId !== appOrganisationId) {
-      logger.error(`Invalid organisation ID: expected ${appOrganisationId}, received ${customerId}`);
-      return false;
-    }
-
-    return await this.validateAccessToken(accessToken);
-  }
-
-  private async validateAccessToken(accessToken: string | undefined): Promise<boolean> {
-    try {
-      if (!accessToken) {
-        return false;
-      }
-      const tokenVerifier = await getTokenVerifier();
-      return await tokenVerifier.verify(accessToken);
-    } catch (error) {
-      logger.error('OptiID token validation failed:', error);
-      return false;
-    }
+  protected validateBearerToken(_bearerToken: string): boolean {
+    return true;
   }
-
 }

package/src/index.ts

@@ -1,5 +1,4 @@
 export * from './function/ToolFunction';
 export * from './types/Models';
 export * from './decorator/Decorator';
-export * from './auth/TokenVerifier';
 export { Tool, Interaction, InteractionResult } from './service/Service';

package/src/service/Service.test.ts

@@ -122,8 +122,7 @@ describe('ToolsService', () => {
           description: mockTool.description,
           parameters: mockTool.parameters.map((p: Parameter) => p.toJSON()),
           endpoint: mockTool.endpoint,
-          http_method: 'POST',
-          auth_requirements: [{ provider: 'OptiID', scope_bundle: 'default', required: true }]
+          http_method: 'POST'
         });
       });
 
@@ -182,8 +181,7 @@ describe('ToolsService', () => {
           description: mockTool.description,
           parameters: mockTool.parameters.map((p: Parameter) => p.toJSON()),
           endpoint: mockTool.endpoint,
-          http_method: 'POST',
-          auth_requirements: [{ provider: 'OptiID', scope_bundle: 'default', required: true }]
+          http_method: 'POST'
         });
 
         expect(secondFunction).toEqual({
@@ -192,10 +190,7 @@ describe('ToolsService', () => {
           parameters: [],
           endpoint: '/second-tool',
           http_method: 'POST',
-          auth_requirements: [
-            { provider: 'oauth2', scope_bundle: 'calendar', required: true },
-            { provider: 'OptiID', scope_bundle: 'default', required: true }
-          ]
+          auth_requirements: authRequirements.map((auth) => auth.toJSON())
         });
       });
     });