From 7ed57b0e1c3df478c600db88dbb28ea47eae55c2 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Tue, 3 Dec 2024 14:29:45 +0100
Subject: [PATCH] fix: check that session token can already be used to avoid
 permission denied

---
 internal/integration/client.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/internal/integration/client.go b/internal/integration/client.go
index 60eb205303..2874f5d46c 100644
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/brianvoe/gofakeit/v6"
 	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/logging"
 	"google.golang.org/grpc"
@@ -634,6 +635,19 @@ func (i *Instance) CreateVerifiedWebAuthNSessionWithLifetime(t *testing.T, ctx c
 		},
 	})
 	require.NoError(t, err)
+
+	retryDuration, tick := WaitForAndTickWithMaxDuration(ctx, time.Minute)
+	require.EventuallyWithT(t,
+		func(tt *assert.CollectT) {
+			resp, err := i.Client.SessionV2.GetSession(ctx, &session.GetSessionRequest{
+				SessionId:    createResp.GetSessionId(),
+				SessionToken: gu.Ptr(updateResp.GetSessionToken()),
+			})
+			assert.NoError(tt, err)
+			assert.Equal(tt, createResp.GetSessionId(), resp.GetSession().GetId())
+		}, retryDuration, tick, "awaiting successful usage of token failed",
+	)
+
 	return createResp.GetSessionId(), updateResp.GetSessionToken(),
 		createResp.GetDetails().GetChangeDate().AsTime(), updateResp.GetDetails().GetChangeDate().AsTime()
 }