doorkeeper 5.1.0.rc2 → 5.1.0

data/spec/requests/applications/authorized_applications_spec.rb

@@ -1,30 +1,32 @@
-require 'spec_helper'
+# frozen_string_literal: true
 
-feature 'Authorized applications' do
+require "spec_helper"
+
+feature "Authorized applications" do
   background do
-    @user   = User.create!(name: 'Joe', password: 'sekret')
-    @client = client_exists(name: 'Amazing Client App')
+    @user   = User.create!(name: "Joe", password: "sekret")
+    @client = client_exists(name: "Amazing Client App")
     resource_owner_is_authenticated @user
     client_is_authorized @client, @user
   end
 
-  scenario 'display user\'s authorized applications' do
-    visit '/oauth/authorized_applications'
-    i_should_see 'Amazing Client App'
+  scenario "display user's authorized applications" do
+    visit "/oauth/authorized_applications"
+    i_should_see "Amazing Client App"
   end
 
-  scenario 'do not display other user\'s authorized applications' do
-    client = client_exists(name: 'Another Client App')
-    client_is_authorized client, User.create!(name: 'Joe', password: 'sekret')
-    visit '/oauth/authorized_applications'
-    i_should_not_see 'Another Client App'
+  scenario "do not display other user's authorized applications" do
+    client = client_exists(name: "Another Client App")
+    client_is_authorized client, User.create!(name: "Joe", password: "sekret")
+    visit "/oauth/authorized_applications"
+    i_should_not_see "Another Client App"
   end
 
-  scenario 'user revoke access to application' do
-    visit '/oauth/authorized_applications'
-    i_should_see 'Amazing Client App'
-    click_on 'Revoke'
-    i_should_see 'Application revoked'
-    i_should_not_see 'Amazing Client App'
+  scenario "user revoke access to application" do
+    visit "/oauth/authorized_applications"
+    i_should_see "Amazing Client App"
+    click_on "Revoke"
+    i_should_see "Application revoked"
+    i_should_not_see "Amazing Client App"
   end
 end

data/spec/requests/endpoints/authorization_spec.rb

@@ -1,69 +1,71 @@
-require 'spec_helper'
+# frozen_string_literal: true
 
-feature 'Authorization endpoint' do
+require "spec_helper"
+
+feature "Authorization endpoint" do
   background do
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
-    client_exists(name: 'MyApp')
+    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
+    client_exists(name: "MyApp")
   end
 
-  scenario 'requires resource owner to be authenticated' do
+  scenario "requires resource owner to be authenticated" do
     visit authorization_endpoint_url(client: @client)
-    i_should_see 'Sign in'
-    i_should_be_on '/'
+    i_should_see "Sign in"
+    i_should_be_on "/"
   end
 
-  context 'with authenticated resource owner' do
+  context "with authenticated resource owner" do
     background do
       create_resource_owner
       sign_in
     end
 
-    scenario 'displays the authorization form' do
+    scenario "displays the authorization form" do
       visit authorization_endpoint_url(client: @client)
-      i_should_see 'Authorize MyApp to use your account?'
+      i_should_see "Authorize MyApp to use your account?"
     end
 
-    scenario 'displays all requested scopes' do
+    scenario "displays all requested scopes" do
       default_scopes_exist :public
       optional_scopes_exist :write
-      visit authorization_endpoint_url(client: @client, scope: 'public write')
-      i_should_see 'Access your public data'
-      i_should_see 'Update your data'
+      visit authorization_endpoint_url(client: @client, scope: "public write")
+      i_should_see "Access your public data"
+      i_should_see "Update your data"
     end
   end
 
-  context 'with a invalid request' do
+  context "with a invalid request" do
     background do
       create_resource_owner
       sign_in
     end
 
-    scenario 'displays the related error' do
-      visit authorization_endpoint_url(client: @client, response_type: '')
-      i_should_not_see 'Authorize'
+    scenario "displays the related error" do
+      visit authorization_endpoint_url(client: @client, response_type: "")
+      i_should_not_see "Authorize"
       i_should_see_translated_error_message :unsupported_response_type
     end
 
     scenario "displays unsupported_response_type error when using a disabled response type" do
-      config_is_set(:grant_flows, ['implicit'])
-      visit authorization_endpoint_url(client: @client, response_type: 'code')
+      config_is_set(:grant_flows, ["implicit"])
+      visit authorization_endpoint_url(client: @client, response_type: "code")
       i_should_not_see "Authorize"
       i_should_see_translated_error_message :unsupported_response_type
     end
   end
 
-  context 'forgery protection enabled' do
+  context "forgery protection enabled" do
     background do
       create_resource_owner
       sign_in
     end
 
-    scenario 'raises exception on forged requests' do
+    scenario "raises exception on forged requests" do
       allowing_forgery_protection do
         expect do
           page.driver.post authorization_endpoint_url(client_id: @client.uid,
                                                       redirect_uri: @client.redirect_uri,
-                                                      response_type:  'code')
+                                                      response_type: "code")
         end.to raise_error(ActionController::InvalidAuthenticityToken)
       end
     end

data/spec/requests/endpoints/token_spec.rb

@@ -1,73 +1,75 @@
-require 'spec_helper'
+# frozen_string_literal: true
 
-describe 'Token endpoint' do
+require "spec_helper"
+
+describe "Token endpoint" do
   before do
     client_exists
-    authorization_code_exists application: @client, scopes: 'public'
+    authorization_code_exists application: @client, scopes: "public"
   end
 
-  it 'respond with correct headers' do
+  it "respond with correct headers" do
     post token_endpoint_url(code: @authorization.token, client: @client)
-    should_have_header 'Pragma', 'no-cache'
+    should_have_header "Pragma", "no-cache"
 
     # Rails 5.2 changed headers
     if ::Rails::VERSION::MAJOR >= 5 && ::Rails::VERSION::MINOR >= 2 || ::Rails::VERSION::MAJOR >= 6
-      should_have_header 'Cache-Control', 'private, no-store'
+      should_have_header "Cache-Control", "private, no-store"
     else
-      should_have_header 'Cache-Control', 'no-store'
+      should_have_header "Cache-Control", "no-store"
     end
 
-    should_have_header 'Content-Type', 'application/json; charset=utf-8'
+    should_have_header "Content-Type", "application/json; charset=utf-8"
   end
 
-  it 'accepts client credentials with basic auth header' do
+  it "accepts client credentials with basic auth header" do
     post token_endpoint_url,
          params: {
            code: @authorization.token,
-           redirect_uri: @client.redirect_uri
+           redirect_uri: @client.redirect_uri,
          },
-         headers: { 'HTTP_AUTHORIZATION' => basic_auth_header_for_client(@client) }
+         headers: { "HTTP_AUTHORIZATION" => basic_auth_header_for_client(@client) }
 
-    should_have_json 'access_token', Doorkeeper::AccessToken.first.token
+    should_have_json "access_token", Doorkeeper::AccessToken.first.token
   end
 
-  it 'returns null for expires_in when a permanent token is set' do
+  it "returns null for expires_in when a permanent token is set" do
     config_is_set(:access_token_expires_in, nil)
     post token_endpoint_url(code: @authorization.token, client: @client)
-    should_have_json 'access_token', Doorkeeper::AccessToken.first.token
-    should_not_have_json 'expires_in'
+    should_have_json "access_token", Doorkeeper::AccessToken.first.token
+    should_not_have_json "expires_in"
   end
 
-  it 'returns unsupported_grant_type for invalid grant_type param' do
-    post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'nothing')
+  it "returns unsupported_grant_type for invalid grant_type param" do
+    post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "nothing")
 
-    should_not_have_json 'access_token'
-    should_have_json 'error', 'unsupported_grant_type'
-    should_have_json 'error_description', translated_error_message('unsupported_grant_type')
+    should_not_have_json "access_token"
+    should_have_json "error", "unsupported_grant_type"
+    should_have_json "error_description", translated_error_message("unsupported_grant_type")
   end
 
-  it 'returns unsupported_grant_type for disabled grant flows' do
-    config_is_set(:grant_flows, ['implicit'])
-    post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'authorization_code')
+  it "returns unsupported_grant_type for disabled grant flows" do
+    config_is_set(:grant_flows, ["implicit"])
+    post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "authorization_code")
 
-    should_not_have_json 'access_token'
-    should_have_json 'error', 'unsupported_grant_type'
-    should_have_json 'error_description', translated_error_message('unsupported_grant_type')
+    should_not_have_json "access_token"
+    should_have_json "error", "unsupported_grant_type"
+    should_have_json "error_description", translated_error_message("unsupported_grant_type")
   end
 
-  it 'returns unsupported_grant_type when refresh_token is not in use' do
-    post token_endpoint_url(code: @authorization.token, client: @client, grant_type: 'refresh_token')
+  it "returns unsupported_grant_type when refresh_token is not in use" do
+    post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "refresh_token")
 
-    should_not_have_json 'access_token'
-    should_have_json 'error', 'unsupported_grant_type'
-    should_have_json 'error_description', translated_error_message('unsupported_grant_type')
+    should_not_have_json "access_token"
+    should_have_json "error", "unsupported_grant_type"
+    should_have_json "error_description", translated_error_message("unsupported_grant_type")
   end
 
-  it 'returns invalid_request if grant_type is missing' do
-    post token_endpoint_url(code: @authorization.token, client: @client, grant_type: '')
+  it "returns invalid_request if grant_type is missing" do
+    post token_endpoint_url(code: @authorization.token, client: @client, grant_type: "")
 
-    should_not_have_json 'access_token'
-    should_have_json 'error', 'invalid_request'
-    should_have_json 'error_description', translated_error_message('invalid_request')
+    should_not_have_json "access_token"
+    should_have_json "error", "invalid_request"
+    should_have_json "error_description", translated_error_message("invalid_request")
   end
 end

data/spec/requests/flows/authorization_code_errors_spec.rb

@@ -1,9 +1,11 @@
-require 'spec_helper'
+# frozen_string_literal: true
 
-feature 'Authorization Code Flow Errors' do
+require "spec_helper"
+
+feature "Authorization Code Flow Errors" do
   let(:client_params) { {} }
   background do
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
     client_exists client_params
     create_resource_owner
     sign_in
@@ -22,35 +24,35 @@ feature 'Authorization Code Flow Errors' do
     end
   end
 
-  context 'when access was denied' do
-    scenario 'redirects with error' do
+  context "when access was denied" do
+    scenario "redirects with error" do
       visit authorization_endpoint_url(client: @client)
-      click_on 'Deny'
+      click_on "Deny"
 
       i_should_be_on_client_callback @client
-      url_should_not_have_param 'code'
-      url_should_have_param 'error', 'access_denied'
-      url_should_have_param 'error_description', translated_error_message(:access_denied)
+      url_should_not_have_param "code"
+      url_should_have_param "error", "access_denied"
+      url_should_have_param "error_description", translated_error_message(:access_denied)
     end
 
-    scenario 'redirects with state parameter' do
-      visit authorization_endpoint_url(client: @client, state: 'return-this')
-      click_on 'Deny'
+    scenario "redirects with state parameter" do
+      visit authorization_endpoint_url(client: @client, state: "return-this")
+      click_on "Deny"
 
       i_should_be_on_client_callback @client
-      url_should_not_have_param 'code'
-      url_should_have_param 'state', 'return-this'
+      url_should_not_have_param "code"
+      url_should_have_param "state", "return-this"
     end
   end
 end
 
-describe 'Authorization Code Flow Errors', 'after authorization' do
+describe "Authorization Code Flow Errors", "after authorization" do
   before do
     client_exists
     authorization_code_exists application: @client
   end
 
-  it 'returns :invalid_grant error when posting an already revoked grant code' do
+  it "returns :invalid_grant error when posting an already revoked grant code" do
     # First successful request
     post token_endpoint_url(code: @authorization.token, client: @client)
 
@@ -59,18 +61,18 @@ describe 'Authorization Code Flow Errors', 'after authorization' do
       post token_endpoint_url(code: @authorization.token, client: @client)
     end.to_not(change { Doorkeeper::AccessToken.count })
 
-    should_not_have_json 'access_token'
-    should_have_json 'error', 'invalid_grant'
-    should_have_json 'error_description', translated_error_message('invalid_grant')
+    should_not_have_json "access_token"
+    should_have_json "error", "invalid_grant"
+    should_have_json "error_description", translated_error_message("invalid_grant")
   end
 
-  it 'returns :invalid_grant error for invalid grant code' do
-    post token_endpoint_url(code: 'invalid', client: @client)
+  it "returns :invalid_grant error for invalid grant code" do
+    post token_endpoint_url(code: "invalid", client: @client)
 
     access_token_should_not_exist
 
-    should_not_have_json 'access_token'
-    should_have_json 'error', 'invalid_grant'
-    should_have_json 'error_description', translated_error_message('invalid_grant')
+    should_not_have_json "access_token"
+    should_have_json "error", "invalid_grant"
+    should_have_json "error_description", translated_error_message("invalid_grant")
   end
 end

data/spec/requests/flows/authorization_code_spec.rb

@@ -1,40 +1,42 @@
-require 'spec_helper'
+# frozen_string_literal: true
 
-feature 'Authorization Code Flow' do
+require "spec_helper"
+
+feature "Authorization Code Flow" do
   background do
-    config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
+    config_is_set(:authenticate_resource_owner) { User.first || redirect_to("/sign_in") }
     client_exists
     create_resource_owner
     sign_in
   end
 
-  scenario 'resource owner authorizes the client' do
+  scenario "resource owner authorizes the client" do
     visit authorization_endpoint_url(client: @client)
-    click_on 'Authorize'
+    click_on "Authorize"
 
     access_grant_should_exist_for(@client, @resource_owner)
 
     i_should_be_on_client_callback(@client)
 
-    url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
-    url_should_not_have_param('state')
-    url_should_not_have_param('error')
+    url_should_have_param("code", Doorkeeper::AccessGrant.first.token)
+    url_should_not_have_param("state")
+    url_should_not_have_param("error")
   end
 
-  context 'with grant hashing enabled' do
+  context "with grant hashing enabled" do
     background do
       config_is_set(:token_secret_strategy, ::Doorkeeper::SecretStoring::Sha256Hash)
     end
 
-    scenario 'Authorization Code Flow with hashing' do
+    scenario "Authorization Code Flow with hashing" do
       @client.redirect_uri = Doorkeeper.configuration.native_redirect_uri
       @client.save!
       visit authorization_endpoint_url(client: @client)
-      click_on 'Authorize'
+      click_on "Authorize"
 
       access_grant_should_exist_for(@client, @resource_owner)
 
-      code = current_params['code']
+      code = current_params["code"]
       expect(code).not_to be_nil
 
       hashed_code = Doorkeeper::AccessGrant.secret_strategy.transform_secret code
@@ -42,52 +44,52 @@ feature 'Authorization Code Flow' do
 
       expect(code).not_to eq(hashed_code)
 
-      i_should_see 'Authorization code:'
+      i_should_see "Authorization code:"
       i_should_see code
       i_should_not_see hashed_code
     end
   end
 
-  scenario 'resource owner authorizes using test url' do
+  scenario "resource owner authorizes using test url" do
     @client.redirect_uri = Doorkeeper.configuration.native_redirect_uri
     @client.save!
     visit authorization_endpoint_url(client: @client)
-    click_on 'Authorize'
+    click_on "Authorize"
 
     access_grant_should_exist_for(@client, @resource_owner)
 
-    url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
-    i_should_see 'Authorization code:'
+    url_should_have_param("code", Doorkeeper::AccessGrant.first.token)
+    i_should_see "Authorization code:"
     i_should_see Doorkeeper::AccessGrant.first.token
   end
 
-  scenario 'resource owner authorizes the client with state parameter set' do
-    visit authorization_endpoint_url(client: @client, state: 'return-me')
-    click_on 'Authorize'
-    url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
-    url_should_have_param('state', 'return-me')
-    url_should_not_have_param('code_challenge_method')
+  scenario "resource owner authorizes the client with state parameter set" do
+    visit authorization_endpoint_url(client: @client, state: "return-me")
+    click_on "Authorize"
+    url_should_have_param("code", Doorkeeper::AccessGrant.first.token)
+    url_should_have_param("state", "return-me")
+    url_should_not_have_param("code_challenge_method")
   end
 
-  scenario 'resource owner requests an access token with authorization code' do
+  scenario "resource owner requests an access token with authorization code" do
     visit authorization_endpoint_url(client: @client)
-    click_on 'Authorize'
+    click_on "Authorize"
 
     authorization_code = Doorkeeper::AccessGrant.first.token
     create_access_token authorization_code, @client
 
     access_token_should_exist_for(@client, @resource_owner)
 
-    should_not_have_json 'error'
+    should_not_have_json "error"
 
-    should_have_json 'access_token', Doorkeeper::AccessToken.first.token
-    should_have_json 'token_type', 'Bearer'
-    should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1
+    should_have_json "access_token", Doorkeeper::AccessToken.first.token
+    should_have_json "token_type", "Bearer"
+    should_have_json_within "expires_in", Doorkeeper::AccessToken.first.expires_in, 1
   end
 
-  scenario 'resource owner requests an access token with authorization code but without secret' do
+  scenario "resource owner requests an access token with authorization code but without secret" do
     visit authorization_endpoint_url(client: @client)
-    click_on 'Authorize'
+    click_on "Authorize"
 
     authorization_code = Doorkeeper::AccessGrant.first.token
     page.driver.post token_endpoint_url(code: authorization_code, client_id: @client.uid,
@@ -95,12 +97,12 @@ feature 'Authorization Code Flow' do
 
     expect(Doorkeeper::AccessToken.count).to be_zero
 
-    should_have_json 'error', 'invalid_client'
+    should_have_json "error", "invalid_client"
   end
 
-  scenario 'resource owner requests an access token with authorization code but without client id' do
+  scenario "resource owner requests an access token with authorization code but without client id" do
     visit authorization_endpoint_url(client: @client)
-    click_on 'Authorize'
+    click_on "Authorize"
 
     authorization_code = Doorkeeper::AccessGrant.first.token
     page.driver.post token_endpoint_url(code: authorization_code, client_secret: @client.secret,
@@ -108,277 +110,277 @@ feature 'Authorization Code Flow' do
 
     expect(Doorkeeper::AccessToken.count).to be_zero
 
-    should_have_json 'error', 'invalid_client'
+    should_have_json "error", "invalid_client"
   end
 
-  scenario 'silently authorizes if matching token exists' do
+  scenario "silently authorizes if matching token exists" do
     default_scopes_exist :public, :write
 
     access_token_exists application: @client,
                         expires_in: -100, # even expired token
                         resource_owner_id: @resource_owner.id,
-                        scopes: 'public write'
+                        scopes: "public write"
 
-    visit authorization_endpoint_url(client: @client, scope: 'public write')
+    visit authorization_endpoint_url(client: @client, scope: "public write")
 
     response_status_should_be 200
-    i_should_not_see 'Authorize'
+    i_should_not_see "Authorize"
   end
 
-  context 'with PKCE' do
-    context 'plain' do
-      let(:code_challenge) { 'a45a9fea-0676-477e-95b1-a40f72ac3cfb' }
-      let(:code_verifier) { 'a45a9fea-0676-477e-95b1-a40f72ac3cfb' }
+  context "with PKCE" do
+    context "plain" do
+      let(:code_challenge) { "a45a9fea-0676-477e-95b1-a40f72ac3cfb" }
+      let(:code_verifier) { "a45a9fea-0676-477e-95b1-a40f72ac3cfb" }
 
-      scenario 'resource owner authorizes the client with code_challenge parameter set' do
+      scenario "resource owner authorizes the client with code_challenge parameter set" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: 'plain'
+          code_challenge_method: "plain"
         )
-        click_on 'Authorize'
+        click_on "Authorize"
 
-        url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
-        url_should_not_have_param('code_challenge_method')
-        url_should_not_have_param('code_challenge')
+        url_should_have_param("code", Doorkeeper::AccessGrant.first.token)
+        url_should_not_have_param("code_challenge_method")
+        url_should_not_have_param("code_challenge")
       end
 
-      scenario 'mobile app requests an access token with authorization code but not pkce token' do
+      scenario "mobile app requests an access token with authorization code but not pkce token" do
         visit authorization_endpoint_url(client: @client)
-        click_on 'Authorize'
+        click_on "Authorize"
 
-        authorization_code = current_params['code']
+        authorization_code = current_params["code"]
         create_access_token authorization_code, @client, code_verifier
 
-        should_have_json 'error', 'invalid_grant'
+        should_have_json "error", "invalid_grant"
       end
 
-      scenario 'mobile app requests an access token with authorization code and plain code challenge method' do
+      scenario "mobile app requests an access token with authorization code and plain code challenge method" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: 'plain'
+          code_challenge_method: "plain"
         )
-        click_on 'Authorize'
+        click_on "Authorize"
 
-        authorization_code = current_params['code']
+        authorization_code = current_params["code"]
         create_access_token authorization_code, @client, code_verifier
 
         access_token_should_exist_for(@client, @resource_owner)
 
-        should_not_have_json 'error'
+        should_not_have_json "error"
 
-        should_have_json 'access_token', Doorkeeper::AccessToken.first.token
-        should_have_json 'token_type', 'Bearer'
-        should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1
+        should_have_json "access_token", Doorkeeper::AccessToken.first.token
+        should_have_json "token_type", "Bearer"
+        should_have_json_within "expires_in", Doorkeeper::AccessToken.first.expires_in, 1
       end
 
-      scenario 'mobile app requests an access token with authorization code and code_challenge' do
+      scenario "mobile app requests an access token with authorization code and code_challenge" do
         visit authorization_endpoint_url(client: @client,
                                          code_challenge: code_verifier,
-                                         code_challenge_method: 'plain')
-        click_on 'Authorize'
+                                         code_challenge_method: "plain")
+        click_on "Authorize"
 
-        authorization_code = current_params['code']
+        authorization_code = current_params["code"]
         create_access_token authorization_code, @client, code_verifier: nil
 
-        should_not_have_json 'access_token'
-        should_have_json 'error', 'invalid_grant'
+        should_not_have_json "access_token"
+        should_have_json "error", "invalid_grant"
       end
     end
 
-    context 's256' do
-      let(:code_challenge) { 'Oz733NtQ0rJP8b04fgZMJMwprn6Iw8sMCT_9bR1q4tA' }
-      let(:code_verifier) { 'a45a9fea-0676-477e-95b1-a40f72ac3cfb' }
+    context "s256" do
+      let(:code_challenge) { "Oz733NtQ0rJP8b04fgZMJMwprn6Iw8sMCT_9bR1q4tA" }
+      let(:code_verifier) { "a45a9fea-0676-477e-95b1-a40f72ac3cfb" }
 
-      scenario 'resource owner authorizes the client with code_challenge parameter set' do
+      scenario "resource owner authorizes the client with code_challenge parameter set" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: 'S256'
+          code_challenge_method: "S256"
         )
-        click_on 'Authorize'
+        click_on "Authorize"
 
-        url_should_have_param('code', Doorkeeper::AccessGrant.first.token)
-        url_should_not_have_param('code_challenge_method')
-        url_should_not_have_param('code_challenge')
+        url_should_have_param("code", Doorkeeper::AccessGrant.first.token)
+        url_should_not_have_param("code_challenge_method")
+        url_should_not_have_param("code_challenge")
       end
 
-      scenario 'mobile app requests an access token with authorization code and S256 code challenge method' do
+      scenario "mobile app requests an access token with authorization code and S256 code challenge method" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: 'S256'
+          code_challenge_method: "S256"
         )
-        click_on 'Authorize'
+        click_on "Authorize"
 
-        authorization_code = current_params['code']
+        authorization_code = current_params["code"]
         create_access_token authorization_code, @client, code_verifier
 
         access_token_should_exist_for(@client, @resource_owner)
 
-        should_not_have_json 'error'
+        should_not_have_json "error"
 
-        should_have_json 'access_token', Doorkeeper::AccessToken.first.token
-        should_have_json 'token_type', 'Bearer'
-        should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1
+        should_have_json "access_token", Doorkeeper::AccessToken.first.token
+        should_have_json "token_type", "Bearer"
+        should_have_json_within "expires_in", Doorkeeper::AccessToken.first.expires_in, 1
       end
 
-      scenario 'mobile app requests an access token with authorization code and without code_verifier' do
+      scenario "mobile app requests an access token with authorization code and without code_verifier" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: 'S256'
+          code_challenge_method: "S256"
         )
-        click_on 'Authorize'
-        authorization_code = current_params['code']
+        click_on "Authorize"
+        authorization_code = current_params["code"]
         create_access_token authorization_code, @client
-        should_have_json 'error', 'invalid_request'
-        should_not_have_json 'access_token'
+        should_have_json "error", "invalid_request"
+        should_not_have_json "access_token"
       end
 
-      scenario 'mobile app requests an access token with authorization code and without secret' do
+      scenario "mobile app requests an access token with authorization code and without secret" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: 'S256'
+          code_challenge_method: "S256"
         )
-        click_on 'Authorize'
+        click_on "Authorize"
 
-        authorization_code = current_params['code']
+        authorization_code = current_params["code"]
         page.driver.post token_endpoint_url(code: authorization_code, client_id: @client.uid,
                                             redirect_uri: @client.redirect_uri, code_verifier: code_verifier)
-        should_have_json 'error', 'invalid_client'
-        should_not_have_json 'access_token'
+        should_have_json "error", "invalid_client"
+        should_not_have_json "access_token"
       end
 
-      scenario 'mobile app requests an access token with authorization code and without secret but is marked as not confidential' do
+      scenario "mobile app requests an access token with authorization code and without secret but is marked as not confidential" do
         @client.update_attribute :confidential, false
-        visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: 'S256')
-        click_on 'Authorize'
+        visit authorization_endpoint_url(client: @client, code_challenge: code_challenge, code_challenge_method: "S256")
+        click_on "Authorize"
 
-        authorization_code = current_params['code']
+        authorization_code = current_params["code"]
         page.driver.post token_endpoint_url(
           code: authorization_code,
           client_id: @client.uid,
           redirect_uri: @client.redirect_uri,
           code_verifier: code_verifier
         )
-        should_not_have_json 'error'
+        should_not_have_json "error"
 
-        should_have_json 'access_token', Doorkeeper::AccessToken.first.token
-        should_have_json 'token_type', 'Bearer'
-        should_have_json_within 'expires_in', Doorkeeper::AccessToken.first.expires_in, 1
+        should_have_json "access_token", Doorkeeper::AccessToken.first.token
+        should_have_json "token_type", "Bearer"
+        should_have_json_within "expires_in", Doorkeeper::AccessToken.first.expires_in, 1
       end
 
-      scenario 'mobile app requests an access token with authorization code but no code verifier' do
+      scenario "mobile app requests an access token with authorization code but no code verifier" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: 'S256'
+          code_challenge_method: "S256"
         )
-        click_on 'Authorize'
+        click_on "Authorize"
 
-        authorization_code = current_params['code']
+        authorization_code = current_params["code"]
         create_access_token authorization_code, @client
 
-        should_not_have_json 'access_token'
-        should_have_json 'error', 'invalid_request'
+        should_not_have_json "access_token"
+        should_have_json "error", "invalid_request"
       end
 
-      scenario 'mobile app requests an access token with authorization code with wrong verifier' do
+      scenario "mobile app requests an access token with authorization code with wrong verifier" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: 'S256'
+          code_challenge_method: "S256"
         )
-        click_on 'Authorize'
+        click_on "Authorize"
 
-        authorization_code = current_params['code']
-        create_access_token authorization_code, @client, 'incorrect-code-verifier'
+        authorization_code = current_params["code"]
+        create_access_token authorization_code, @client, "incorrect-code-verifier"
 
-        should_not_have_json 'access_token'
-        should_have_json 'error', 'invalid_grant'
+        should_not_have_json "access_token"
+        should_have_json "error", "invalid_grant"
       end
 
-      scenario 'code_challenge_mehthod in token request is totally ignored' do
+      scenario "code_challenge_mehthod in token request is totally ignored" do
         visit authorization_endpoint_url(
           client: @client,
           code_challenge: code_challenge,
-          code_challenge_method: 'S256'
+          code_challenge_method: "S256"
         )
-        click_on 'Authorize'
+        click_on "Authorize"
 
-        authorization_code = current_params['code']
+        authorization_code = current_params["code"]
         page.driver.post token_endpoint_url(
           code: authorization_code,
           client: @client,
           code_verifier: code_challenge,
-          code_challenge_method: 'plain'
+          code_challenge_method: "plain"
         )
 
-        should_not_have_json 'access_token'
-        should_have_json 'error', 'invalid_grant'
+        should_not_have_json "access_token"
+        should_have_json "error", "invalid_grant"
       end
 
-      scenario 'expects to set code_challenge_method explicitely without fallback' do
+      scenario "expects to set code_challenge_method explicitely without fallback" do
         visit authorization_endpoint_url(client: @client, code_challenge: code_challenge)
-        expect(page).to have_content('The code challenge method must be plain or S256.')
+        expect(page).to have_content("The code challenge method must be plain or S256.")
       end
     end
   end
 
-  context 'when application scopes are present and no scope is passed' do
+  context "when application scopes are present and no scope is passed" do
     background do
-      @client.update(scopes: 'public write read')
+      @client.update(scopes: "public write read")
     end
 
-    scenario 'access grant has no scope' do
+    scenario "access grant has no scope" do
       default_scopes_exist :admin
       visit authorization_endpoint_url(client: @client)
-      click_on 'Authorize'
+      click_on "Authorize"
       access_grant_should_exist_for(@client, @resource_owner)
       grant = Doorkeeper::AccessGrant.first
       expect(grant.scopes).to be_empty
     end
 
-    scenario 'access grant have scopes which are common in application scopees and default scopes' do
+    scenario "access grant have scopes which are common in application scopees and default scopes" do
       default_scopes_exist :public, :write
       visit authorization_endpoint_url(client: @client)
-      click_on 'Authorize'
+      click_on "Authorize"
       access_grant_should_exist_for(@client, @resource_owner)
       access_grant_should_have_scopes :public, :write
     end
   end
 
-  context 'with scopes' do
+  context "with scopes" do
     background do
       default_scopes_exist :public
       optional_scopes_exist :write
     end
 
-    scenario 'resource owner authorizes the client with default scopes' do
+    scenario "resource owner authorizes the client with default scopes" do
       visit authorization_endpoint_url(client: @client)
-      click_on 'Authorize'
+      click_on "Authorize"
       access_grant_should_exist_for(@client, @resource_owner)
       access_grant_should_have_scopes :public
     end
 
-    scenario 'resource owner authorizes the client with required scopes' do
-      visit authorization_endpoint_url(client: @client, scope: 'public write')
-      click_on 'Authorize'
+    scenario "resource owner authorizes the client with required scopes" do
+      visit authorization_endpoint_url(client: @client, scope: "public write")
+      click_on "Authorize"
       access_grant_should_have_scopes :public, :write
     end
 
-    scenario 'resource owner authorizes the client with required scopes (without defaults)' do
-      visit authorization_endpoint_url(client: @client, scope: 'write')
-      click_on 'Authorize'
+    scenario "resource owner authorizes the client with required scopes (without defaults)" do
+      visit authorization_endpoint_url(client: @client, scope: "write")
+      click_on "Authorize"
       access_grant_should_have_scopes :write
     end
 
-    scenario 'new access token matches required scopes' do
-      visit authorization_endpoint_url(client: @client, scope: 'public write')
-      click_on 'Authorize'
+    scenario "new access token matches required scopes" do
+      visit authorization_endpoint_url(client: @client, scope: "public write")
+      click_on "Authorize"
 
       authorization_code = Doorkeeper::AccessGrant.first.token
       create_access_token authorization_code, @client
@@ -387,36 +389,36 @@ feature 'Authorization Code Flow' do
       access_token_should_have_scopes :public, :write
     end
 
-    scenario 'returns new token if scopes have changed' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public write')
-      visit authorization_endpoint_url(client: @client, scope: 'public')
-      click_on 'Authorize'
+    scenario "returns new token if scopes have changed" do
+      client_is_authorized(@client, @resource_owner, scopes: "public write")
+      visit authorization_endpoint_url(client: @client, scope: "public")
+      click_on "Authorize"
 
       authorization_code = Doorkeeper::AccessGrant.first.token
       create_access_token authorization_code, @client
 
       expect(Doorkeeper::AccessToken.count).to be(2)
 
-      should_have_json 'access_token', Doorkeeper::AccessToken.last.token
+      should_have_json "access_token", Doorkeeper::AccessToken.last.token
     end
 
-    scenario 'resource owner authorizes the client with extra scopes' do
-      client_is_authorized(@client, @resource_owner, scopes: 'public')
-      visit authorization_endpoint_url(client: @client, scope: 'public write')
-      click_on 'Authorize'
+    scenario "resource owner authorizes the client with extra scopes" do
+      client_is_authorized(@client, @resource_owner, scopes: "public")
+      visit authorization_endpoint_url(client: @client, scope: "public write")
+      click_on "Authorize"
 
       authorization_code = Doorkeeper::AccessGrant.first.token
       create_access_token authorization_code, @client
 
       expect(Doorkeeper::AccessToken.count).to be(2)
 
-      should_have_json 'access_token', Doorkeeper::AccessToken.last.token
+      should_have_json "access_token", Doorkeeper::AccessToken.last.token
       access_token_should_have_scopes :public, :write
     end
   end
 end
 
-describe 'Authorization Code Flow' do
+describe "Authorization Code Flow" do
   before do
     Doorkeeper.configure do
       orm DOORKEEPER_ORM
@@ -426,20 +428,20 @@ describe 'Authorization Code Flow' do
     client_exists
   end
 
-  context 'issuing a refresh token' do
+  context "issuing a refresh token" do
     before do
       authorization_code_exists application: @client
     end
 
-    it 'second of simultaneous client requests get an error for revoked acccess token' do
+    it "second of simultaneous client requests get an error for revoked acccess token" do
       authorization_code = Doorkeeper::AccessGrant.first.token
       allow_any_instance_of(Doorkeeper::AccessGrant)
         .to receive(:revoked?).and_return(false, true)
 
       post token_endpoint_url(code: authorization_code, client: @client)
 
-      should_not_have_json 'access_token'
-      should_have_json 'error', 'invalid_grant'
+      should_not_have_json "access_token"
+      should_have_json "error", "invalid_grant"
     end
   end
 end