TenantAtlas/tests/Feature/Auth/EntraCallbackRateLimiterTest.php

<?php

declare(strict_types=1);

it('rate limits the Entra callback route', function () {
    $ip = '192.0.2.1';

    $lastResponse = null;

    for ($i = 0; $i < 21; $i++) {
        $lastResponse = $this
            ->withServerVariables(['REMOTE_ADDR' => $ip])
            ->get(route('auth.entra.callback'));
    }

    expect($lastResponse)->not->toBeNull();
    $lastResponse->assertTooManyRequests();
});