oauth2-server/tests/fuzz/grant-password.yml

url: 'http://localhost:8000/other_grants.php/access_token'
request:
    method: POST
    body:
        -
            key: client_id
            value: testclient
            missing:
                response.statusCode: 400
                headers.content-type: "application/json"
                body.error: invalid_request
                body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_id\" parameter."
            invalid:
                response.statusCode: 401
                headers.content-type: "application/json"
                body.error: invalid_client
                body.message: "Client authentication failed."
        -
            key: client_secret
            value: secret
            missing:
                response.statusCode: 400
                headers.content-type: "application/json"
                body.error: invalid_request
                body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_secret\" parameter."
            invalid:
                response.statusCode: 401
                headers.content-type: "application/json"
                body.error: invalid_client
                body.message: "Client authentication failed."
        -
            key: username
            value: alexbilbie
            missing:
                response.statusCode: 400
                headers.content-type: "application/json"
                body.error: invalid_request
                body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"username\" parameter."
            invalid:
                response.statusCode: 401
                headers.content-type: "application/json"
                body.error: invalid_credentials
                body.message: "The user credentials were incorrect."
        -
            key: password
            value: whisky
            missing:
                response.statusCode: 400
                headers.content-type: "application/json"
                body.error: invalid_request
                body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"password\" parameter."
            invalid:
                response.statusCode: 401
                headers.content-type: "application/json"
                body.error: invalid_credentials
                body.message: "The user credentials were incorrect."
        -
            key: grant_type
            value: password
            missing:
                response.statusCode: 400
                headers.content-type: "application/json"
                body.error: invalid_request
                body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter."
            invalid:
                response.statusCode: 400
                headers.content-type: "application/json"
                body.error: unsupported_grant_type
                #body.message: "The authorization grant type XXX is not supported by the authorization server."
response:
    statusCode: 200
    headers:
        -
            key: Content-type
            value: application/json
    body:
        -
            key: expires_in
            valueType: integer
        -
            key: access_token
            valueRegex: /([a-zA-Z0-9]*)/
        -
            key: refresh_token
            valueRegex: /([a-zA-Z0-9]*)/
        -
            key: token_type
            value: Bearer
Added more fizzfuzz tests 2014-08-04 19:48:55 +05:30			`url: 'http://localhost:8000/other_grants.php/access_token'`
			`request:`
			`method: POST`
			`body:`
			`-`
			`key: client_id`
			`value: testclient`
			`missing:`
			`response.statusCode: 400`
			`headers.content-type: "application/json"`
			`body.error: invalid_request`
			`body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_id\" parameter."`
			`invalid:`
			`response.statusCode: 401`
			`headers.content-type: "application/json"`
			`body.error: invalid_client`
			`body.message: "Client authentication failed."`
			`-`
			`key: client_secret`
			`value: secret`
			`missing:`
			`response.statusCode: 400`
			`headers.content-type: "application/json"`
			`body.error: invalid_request`
			`body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"client_secret\" parameter."`
			`invalid:`
			`response.statusCode: 401`
			`headers.content-type: "application/json"`
			`body.error: invalid_client`
			`body.message: "Client authentication failed."`
			`-`
			`key: username`
Fixed grant password fuzz test 2014-08-04 19:57:08 +05:30			`value: alexbilbie`
Added more fizzfuzz tests 2014-08-04 19:48:55 +05:30			`missing:`
			`response.statusCode: 400`
			`headers.content-type: "application/json"`
			`body.error: invalid_request`
			`body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"username\" parameter."`
			`invalid:`
			`response.statusCode: 401`
			`headers.content-type: "application/json"`
Fixed grant password fuzz test 2014-08-04 19:57:08 +05:30			`body.error: invalid_credentials`
			`body.message: "The user credentials were incorrect."`
Added more fizzfuzz tests 2014-08-04 19:48:55 +05:30			`-`
			`key: password`
			`value: whisky`
			`missing:`
			`response.statusCode: 400`
			`headers.content-type: "application/json"`
			`body.error: invalid_request`
			`body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"password\" parameter."`
			`invalid:`
			`response.statusCode: 401`
			`headers.content-type: "application/json"`
Fixed grant password fuzz test 2014-08-04 19:57:08 +05:30			`body.error: invalid_credentials`
			`body.message: "The user credentials were incorrect."`
Added more fizzfuzz tests 2014-08-04 19:48:55 +05:30			`-`
			`key: grant_type`
			`value: password`
			`missing:`
			`response.statusCode: 400`
			`headers.content-type: "application/json"`
			`body.error: invalid_request`
			`body.message: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"grant_type\" parameter."`
			`invalid:`
			`response.statusCode: 400`
			`headers.content-type: "application/json"`
			`body.error: unsupported_grant_type`
			`#body.message: "The authorization grant type XXX is not supported by the authorization server."`
			`response:`
			`statusCode: 200`
			`headers:`
			`-`
			`key: Content-type`
			`value: application/json`
			`body:`
			`-`
			`key: expires_in`
			`valueType: integer`
			`-`
			`key: access_token`
			`valueRegex: /([a-zA-Z0-9]*)/`
Updated examples 2014-08-04 23:24:01 +05:30			`-`
			`key: refresh_token`
			`valueRegex: /([a-zA-Z0-9]*)/`
Added more fizzfuzz tests 2014-08-04 19:48:55 +05:30			`-`
			`key: token_type`
CS fixes 2014-11-08 23:56:12 +05:30			`value: Bearer`