authCode, _ := shelpers.RequestScopes(userSessionCookie, config)
Expect(authCode).ToNot(BeNil(), `Failed to request and authorize scopes.`)
accessToken := shelpers.GetAccessToken(authCode, config)
Expect(accessToken).ToNot(BeNil(), `Failed to obtain an access token.`)
// use the access token to perform an operation on the user's behalf
canManage, httpCode := shelpers.QueryServiceInstancePermissionEndpoint(apiEndpoint, accessToken, serviceInstanceGuid)
Expect(httpCode).To(Equal(`200`), `The provided access token was not valid.`)
Expect(canManage).To(Equal(`true`))
})
})
Context("When a service broker is deleted", func() {
It("can no longer perform an operation on a user's behalf using sso", func() {
broker.Create()
broker.Delete()
// perform the OAuth lifecycle to obtain an access token
userSessionCookie := shelpers.AuthenticateUser(config.AuthorizationEndpoint, context.RegularUserContext().Username, context.RegularUserContext().Password)
_, httpCode := shelpers.RequestScopes(userSessionCookie, config)
// there should not be a client in uaa anymore, so the request for scopes should return an unauthorized
Expect(httpCode).To(Equal(`401`))
})
})
})
