ResourceIDs:          []string{"none"},
				Authorities:          []string{"scim.read", "scim.write"},
				AuthorizedGrantTypes: []string{"client_credentials"},
				AccessTokenValidity:  5000 * time.Second,
			}
			clientSecret = "client-secret"

			err := service.Create(client, clientSecret, token)
			Expect(err).NotTo(HaveOccurred())
		})

		It("retrieves a token for the client given a valid secret", func() {
			clientToken, err := service.GetToken(client.ID, clientSecret)
			Expect(err).NotTo(HaveOccurred())

			tokensService := warrant.NewTokensService(config)
			decodedToken, err := tokensService.Decode(clientToken)
			Expect(err).NotTo(HaveOccurred())
			Expect(decodedToken.ClientID).To(Equal(client.ID))
		})

		Context("failure cases", func() {
			It("returns an error if the json response is malformed", func() {
				malformedJSONServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
					w.Write([]byte("this is not JSON"))
				}))
				service = warrant.NewClientsService(warrant.Config{
					Host:          malformedJSONServer.URL,
					SkipVerifySSL: true,
					TraceWriter:   TraceWriter,
				})
	"net/http"
	"net/http/httptest"

	"github.com/pivotal-cf-experimental/warrant"

	. "github.com/onsi/ginkgo"
	. "github.com/onsi/gomega"
)

var _ = Describe("TokensService", func() {
	var service warrant.TokensService

	BeforeEach(func() {
		service = warrant.NewTokensService(warrant.Config{
			Host:          fakeUAAServer.URL(),
			SkipVerifySSL: true,
			TraceWriter:   TraceWriter,
		})
	})

	Describe("Decode", func() {
		It("returns a decoded token given an encoded token string", func() {
			encodedToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoidXNlci1pZCIsInNjb3BlIjpbInNjaW0ucmVhZCIsImNsb3VkX2NvbnRyb2xsZXIuYWRtaW4iLCJwYXNzd29yZC53cml0ZSJdfQ.QWNTRFahfCn7qSWxEHTCn6QeZMJxNMq9a_TP8aANc4k"
			token, err := service.Decode(encodedToken)
			Expect(err).NotTo(HaveOccurred())
			Expect(token).To(Equal(warrant.Token{
				UserID: "user-id",
				Scopes: []string{
					"scim.read",
					"cloud_controller.admin",
					"password.write",