1 files changed, 162 insertions, 0 deletions

diff --git a/yarns/400-manage.yarn b/yarns/400-manage.yarn
new file mode 100644
index 0000000..6d60909
--- /dev/null
+++ b/yarns/400-manage.yarn
@@ -0,0 +1,162 @@
+Manage clients, users, applications via API
+=============================================================================
+
+    SCENARIO manage clients, users, applications
+    GIVEN an RSA key pair for token signing
+    AND a Qvisqve configuration for "https://qvisqve.example.com"
+    AND Qvisqve configuration has a token lifetime of 3600
+    AND a running Qvisqve instance
+    AND an access token for admin with scopes
+    ... uapi_clients_post
+    ... uapi_clients_get
+    ... uapi_clients_id_get
+    ... uapi_clients_id_put
+    ... uapi_clients_id_secret_put
+    ... uapi_clients_id_delete
+    ... uapi_users_post
+    ... uapi_users_get
+    ... uapi_users_id_get
+    ... uapi_users_id_put
+    ... uapi_users_id_secret_put
+    ... uapi_users_id_delete
+    ... uapi_applications_post
+    ... uapi_applications_get
+    ... uapi_applications_id_get
+    ... uapi_applications_id_put
+    ... uapi_applications_id_delete
+
+First, manage clients.
+    
+    WHEN client requests GET /clients using token
+    THEN HTTP status code is 200 OK
+    AND Content-Type is application/json
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+    WHEN client requests POST /clients with token and body
+    ... {
+    ...     "id": "james"
+    ... }
+    THEN HTTP status code is 201 Created
+    AND Location is https://qvisqve.example.com/clients/james
+
+    WHEN client requests PUT /clients/james/secret with token and body
+    ... { "secret": "hunter2" }
+    THEN HTTP status code is 200 OK
+
+    WHEN client requests GET /clients using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": ["james"]
+    ... }
+
+    WHEN client requests GET /clients/james using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "id": "james"
+    ... }
+
+    WHEN client requests DELETE /clients/james with token
+    THEN HTTP status code is 200 OK
+    WHEN client requests GET /clients/james using token
+    THEN HTTP status code is 404 Not Found
+    WHEN client requests GET /clients using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+Then, manage users.
+
+    WHEN client requests GET /users using token
+    THEN HTTP status code is 200 OK
+    AND Content-Type is application/json
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+    WHEN client requests POST /users with token and body
+    ... {
+    ...     "id": "sherlock"
+    ... }
+    THEN HTTP status code is 201 Created
+    AND Location is https://qvisqve.example.com/users/sherlock
+
+    WHEN client requests PUT /users/sherlock/secret with token and body
+    ... { "secret": "hunter2" }
+    THEN HTTP status code is 200 OK
+
+    WHEN client requests GET /users using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": ["sherlock"]
+    ... }
+
+    WHEN client requests GET /users/sherlock using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "id": "sherlock"
+    ... }
+
+    WHEN client requests DELETE /users/sherlock with token
+    THEN HTTP status code is 200 OK
+    WHEN client requests GET /users/sherlock using token
+    THEN HTTP status code is 404 Not Found
+    WHEN client requests GET /users using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+Then, manage applications.
+
+    WHEN client requests GET /applications using token
+    THEN HTTP status code is 200 OK
+    AND Content-Type is application/json
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }
+
+    WHEN client requests POST /applications with token and body
+    ... {
+    ...     "id": "MI6",
+    ...     "callbacks": ["https://mi6.example.com/callback"]
+    ... }
+    THEN HTTP status code is 201 Created
+    AND Location is https://qvisqve.example.com/applications/MI6
+
+    WHEN client requests GET /applications using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": ["MI6"]
+    ... }
+
+    WHEN client requests GET /applications/MI6 using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "id": "MI6",
+    ...     "callbacks": ["https://mi6.example.com/callback"]
+    ... }
+
+    WHEN client requests DELETE /applications/MI6 with token
+    THEN HTTP status code is 200 OK
+    WHEN client requests GET /applications/MI6 using token
+    THEN HTTP status code is 404 Not Found
+    WHEN client requests GET /applications using token
+    THEN HTTP status code is 200 OK
+    AND JSON body matches
+    ... {
+    ...     "resources": []
+    ... }