88d02ea35b
Client must now be registered prior to imitating a call to the token endpoint with the password flow. Squashed commits: [fdcef62] Rename authorization endpoint to protected resource endpoint
20 lines
898 B
Gherkin
20 lines
898 B
Gherkin
Feature: Access protected resources using password flow
|
|
Background:
|
|
Given a user with username "kent"
|
|
|
|
Scenario: Invalid credentials to token endpoint
|
|
When I register a new client
|
|
And I send a post request from that client to the token endpoint using invalid credentials
|
|
Then I should receive an "invalid_grant" error
|
|
|
|
Scenario: Invalid bearer tokens sent
|
|
When I register a new client
|
|
And I send a post request from that client to the token endpoint using "kent"'s credentials
|
|
And I use invalid bearer tokens to access user info
|
|
Then I should receive an "invalid_token" error
|
|
|
|
Scenario: Valid password flow
|
|
When I register a new client
|
|
And I send a post request from that client to the token endpoint using "kent"'s credentials
|
|
And I use received valid bearer tokens to access user info
|
|
Then I should receive "kent"'s id, username, and email
|