tests/SIGCM2.Application.Tests/Infrastructure/RefreshTokenGeneratorTests.cs

@@ -0,0 +1,37 @@
+using SIGCM2.Infrastructure.Security;
+
+namespace SIGCM2.Application.Tests.Infrastructure;
+
+public class RefreshTokenGeneratorTests
+{
+    private readonly RefreshTokenGenerator _generator = new();
+
+    [Fact]
+    public void Generate_ProducesBase64UrlString()
+    {
+        var token = _generator.Generate();
+
+        Assert.False(string.IsNullOrWhiteSpace(token));
+        // Must be base64url: no +, /, or =
+        Assert.DoesNotContain('+', token);
+        Assert.DoesNotContain('/', token);
+        Assert.DoesNotContain('=', token);
+    }
+
+    [Fact]
+    public void Generate_IsUnique()
+    {
+        var tokens = Enumerable.Range(0, 50).Select(_ => _generator.Generate()).ToList();
+        var distinct = tokens.Distinct().ToList();
+
+        Assert.Equal(tokens.Count, distinct.Count);
+    }
+
+    [Fact]
+    public void Generate_ProducesExpectedLength()
+    {
+        // 32 bytes base64url without padding = 43 chars
+        var token = _generator.Generate();
+        Assert.Equal(43, token.Length);
+    }
+}