Resource Owner Password Credentials flow for Doorkeeper (draft)

password_spec.rb

# coding: utf-8

# ========================================
# Resource Owner Password Credentials flow
# ========================================
#
# In this flow, a token is requested in exchange for the resource owner
# credentials (username and password):
#
# http://tools.ietf.org/html/draft-ietf-oauth-v2-25#page-9
# http://tools.ietf.org/html/draft-ietf-oauth-v2-25#page-34
#
# For instance, using the oauth2 ruby gem, we would request it like this:
#
#   client = OAuth2::Client.new('the_client_id', 'the_client_secret',
#                               :site => "http://example.com")
#   access_token = client.password.get_token('user@example.com', 'sekret')
#
# That will make a POST request to the OAuth providers "/oauth/token" endpoint,
# with the params:
#
#   "grant_type"    => "password"
#   "username"      => "user@example.com"
#   "password"      => "sekret"
#   "client_id"     => "the_client_id"
#   "client_secret" => "the_client_secret"
#
# The Rails app will need to implement user authentication based on username and
# password, and Doorkeeper will have to be configured to use this authentication
# to get the resource owner from the credentials

require 'spec_helper_integration'

feature 'Resource Owner Password Credentials Flow' do
  background do
    client_exists
    create_resource_owner
  end

  context 'with valid user credentials' do
    scenario "should issue new token" do
      pending
    end

    scenario "should issue token if already exists" do
      pending
    end
  end

  context "with invalid user credentials" do
    scenario "should not issue new token" do
      pending
    end
  end
end