test(auth): remove redundant skipped /jwks oldKey test

[nshirley]

Because

The it.skip('should include the oldKey if present') test in oauth_api.in.spec.ts needs removed.

History: in Mocha this was a normal running test. It was skipped during the migration. Its first assertion, expect(config.get('oauthServer.openid.oldKey')).toBeTruthy(), fails deterministically whenever config/oldKey.json is absent (config resolves oldKey to null). It was disabled to get the suite green, not because of any flakiness.

Could we just generate oldKey.json? Yes, scripts/oauth_gen_keys.js writes a fake public-only old key for dev/test. However, it short-circuits on keysExist (if key.json already exists it returns before writing oldKey.json), which is exactly why it's "not generated by default." Making the integration test reliable would require guaranteeing oldKey.json exists at server boot for the whole oauth suite adding a global, boot-time, ordering-coupled setup dependency for a single assertion.

Shift-left decision: the behavior this test checked is already covered at the unit layer, with no key files required:

• lib/oauth/keys.spec.ts: the full key-rotation matrix (current-only, current+new, current+new+old) plus public-only shape and distinct kids, via mocked config.
• lib/routes/oauth/jwks.spec.ts: the /jwks route returns PUBLIC_KEYS.
• The sibling non-skipped /jwks integration test already exercises the real HTTP path (status, cache headers, no private component) for the single-key case.

So the integration version adds essentially nothing the unit tests don't, at real setup cost. Deleting it removes a fragile, redundant test rather than propping it up

This pull request

• Removes the skipped should include the oldKey if present test from packages/fxa-auth-server/test/remote/oauth_api.in.spec.ts.

Issue that this pull request solves

Closes: FXA-13262

Checklist

Put an x in the boxes that apply

• My commit is GPG signed.
• If applicable, I have modified or added tests which pass locally.
• I have added necessary documentation (if appropriate).
• I have verified that my changes render correctly in RTL (if appropriate).
• I have manually reviewed all AI generated code.

How to review (Optional)

• Verification: cd packages/fxa-auth-server && node ../../node_modules/jest/bin/jest.js lib/oauth/keys.spec.ts lib/routes/oauth/jwks.spec.ts → 16 tests green, covering the deleted test's behavior.

[Copilot]

Pull request overview

Removes a redundant, permanently skipped /jwks integration test from the auth server remote integration suite, reducing dead/fragile test code after the Mocha→Jest migration.

Changes:

• Deletes the skipped should include the oldKey if present test from the /jwks integration block.
• Removes the associated comment describing the config/oldKey.json dependency.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.