From 8f1e9036a3ba63f55ec79dd4705b89f774defcaa Mon Sep 17 00:00:00 2001
From: mike cirioli <mikecirioli@gmail.com>
Date: Wed, 4 Sep 2024 09:42:32 -0400
Subject: [PATCH] make the test more deterministic

---
 src/test/java/org/jenkinsci/plugins/oic/PluginTest.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java b/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
index 62379377..9e23c6cb 100644
--- a/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
+++ b/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
@@ -982,6 +982,10 @@ public void testAccessUsingJenkinsApiTokens() throws Exception {
         mockAuthorizationRedirectsToFinishLogin();
         configureWellKnown(null, null, "authorization_code");
         jenkins.setSecurityRealm(new TestRealm(wireMockRule, null, EMAIL_FIELD, GROUPS_FIELD, AUTO_CONFIG_FIELD));
+        // explicitly ensure allowTokenAccessWithoutOicSession is disabled
+        TestRealm testRealm = (TestRealm) jenkins.getSecurityRealm();
+        testRealm.setAllowTokenAccessWithoutOicSession(true);
+
         // login and assert normal auth is working
         mockTokenReturnsIdTokenWithGroup(PluginTest::withoutRefreshToken);
         mockUserInfoWithTestGroups();
@@ -1012,8 +1016,7 @@ public void testAccessUsingJenkinsApiTokens() throws Exception {
         MatcherAssert.assertThat("response should have been 401\n" + rsp.body(), rsp.statusCode(), is(401));
 
         // enable "traditional api token access"
-        TestRealm tr = (TestRealm) jenkins.getSecurityRealm();
-        tr.setTraditionalApiTokenAccessEnabled(true);
+        testRealm.setAllowTokenAccessWithoutOicSession(true);
 
         // verify that jenkins api token is now working again
         rsp = getPageWithGet(TEST_USER_USERNAME, token, "/whoAmI/api/xml");