diff options
Diffstat (limited to 'yarns/300-end-user-auth.yarn')
-rw-r--r-- | yarns/300-end-user-auth.yarn | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/yarns/300-end-user-auth.yarn b/yarns/300-end-user-auth.yarn index e69ccad..da79b03 100644 --- a/yarns/300-end-user-auth.yarn +++ b/yarns/300-end-user-auth.yarn @@ -181,4 +181,11 @@ this. Needs research and thinking. AND access token has a scope field set to read AND access token has a sub field set to tomjon +The authorization code can't be re-used. + + WHEN facade requests POST /token, with + ... form values grant_type=authorization_code and code=${CODE} + ... using Basic Auth with username facade, password happydays + THEN HTTP status code is 400 Bad request + FINALLY Qvisqve is stopped |