authCode, _ := shelpers.RequestScopes(userSessionCookie, config) Expect(authCode).ToNot(BeNil(), `Failed to request and authorize scopes.`) accessToken := shelpers.GetAccessToken(authCode, config) Expect(accessToken).ToNot(BeNil(), `Failed to obtain an access token.`) // use the access token to perform an operation on the user's behalf canManage, httpCode := shelpers.QueryServiceInstancePermissionEndpoint(apiEndpoint, accessToken, serviceInstanceGuid) Expect(httpCode).To(Equal(`200`), `The provided access token was not valid.`) Expect(canManage).To(Equal(`true`)) }) }) Context("When a service broker is deleted", func() { It("can no longer perform an operation on a user's behalf using sso", func() { broker.Create() broker.Delete() // perform the OAuth lifecycle to obtain an access token userSessionCookie := shelpers.AuthenticateUser(config.AuthorizationEndpoint, context.RegularUserContext().Username, context.RegularUserContext().Password) _, httpCode := shelpers.RequestScopes(userSessionCookie, config) // there should not be a client in uaa anymore, so the request for scopes should return an unauthorized Expect(httpCode).To(Equal(`401`)) }) }) })