doorkeeper 5.1.0.rc2 → 5.1.0

data/spec/controllers/protected_resources_controller_spec.rb

@@ -1,12 +1,14 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 module ControllerActions
   def index
-    render plain: 'index'
+    render plain: "index"
   end
 
   def show
-    render plain: 'show'
+    render plain: "show"
   end
 
   def doorkeeper_unauthorized_render_options(*); end
@@ -14,98 +16,98 @@ module ControllerActions
   def doorkeeper_forbidden_render_options(*); end
 end
 
-describe 'doorkeeper authorize filter' do
-  context 'accepts token code specified as' do
+describe "doorkeeper authorize filter" do
+  context "accepts token code specified as" do
     controller do
       before_action :doorkeeper_authorize!
 
       def index
-        render plain: 'index'
+        render plain: "index"
       end
     end
 
-    let(:token_string) { '1A2BC3' }
+    let(:token_string) { "1A2BC3" }
     let(:token) do
       double(Doorkeeper::AccessToken,
              acceptable?: true, previous_refresh_token: "",
              revoke_previous_refresh_token!: true)
     end
 
-    it 'access_token param' do
+    it "access_token param" do
       expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
       get :index, params: { access_token: token_string }
     end
 
-    it 'bearer_token param' do
+    it "bearer_token param" do
       expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
       get :index, params: { bearer_token: token_string }
     end
 
-    it 'Authorization header' do
+    it "Authorization header" do
       expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
-      request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
+      request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
       get :index
     end
 
-    it 'different kind of Authorization header' do
+    it "different kind of Authorization header" do
       expect(Doorkeeper::AccessToken).not_to receive(:by_token)
-      request.env['HTTP_AUTHORIZATION'] = "MAC #{token_string}"
+      request.env["HTTP_AUTHORIZATION"] = "MAC #{token_string}"
       get :index
     end
 
-    it 'does not change Authorization header value' do
+    it "does not change Authorization header value" do
       expect(Doorkeeper::AccessToken).to receive(:by_token).exactly(2).times.and_return(token)
-      request.env['HTTP_AUTHORIZATION'] = "Bearer #{token_string}"
+      request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
       get :index
       controller.send(:remove_instance_variable, :@doorkeeper_token)
       get :index
     end
   end
 
-  context 'defined for all actions' do
+  context "defined for all actions" do
     controller do
       before_action :doorkeeper_authorize!
 
       include ControllerActions
     end
 
-    context 'with valid token', token: :valid do
-      it 'allows into index action' do
+    context "with valid token", token: :valid do
+      it "allows into index action" do
         get :index, params: { access_token: token_string }
         expect(response).to be_successful
       end
 
-      it 'allows into show action' do
-        get :show, params: { id: '4', access_token: token_string }
+      it "allows into show action" do
+        get :show, params: { id: "4", access_token: token_string }
         expect(response).to be_successful
       end
     end
 
-    context 'with invalid token', token: :invalid do
-      it 'does not allow into index action' do
+    context "with invalid token", token: :invalid do
+      it "does not allow into index action" do
         get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
-        expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
+        expect(response.header["WWW-Authenticate"]).to match(/^Bearer/)
       end
 
-      it 'does not allow into show action' do
-        get :show, params: { id: '4', access_token: token_string }
+      it "does not allow into show action" do
+        get :show, params: { id: "4", access_token: token_string }
         expect(response.status).to eq 401
-        expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
+        expect(response.header["WWW-Authenticate"]).to match(/^Bearer/)
       end
     end
   end
 
-  context 'defined with scopes' do
+  context "defined with scopes" do
     controller do
       before_action -> { doorkeeper_authorize! :write }
 
       include ControllerActions
     end
 
-    let(:token_string) { '1A2DUWE' }
+    let(:token_string) { "1A2DUWE" }
 
-    it 'allows if the token has particular scopes' do
+    it "allows if the token has particular scopes" do
       token = double(Doorkeeper::AccessToken,
                      accessible?: true, scopes: %w[write public],
                      previous_refresh_token: "",
@@ -119,9 +121,9 @@ describe 'doorkeeper authorize filter' do
       expect(response).to be_successful
     end
 
-    it 'does not allow if the token does not include given scope' do
+    it "does not allow if the token does not include given scope" do
       token = double(Doorkeeper::AccessToken,
-                     accessible?: true, scopes: ['public'], revoked?: false,
+                     accessible?: true, scopes: ["public"], revoked?: false,
                      expired?: false, previous_refresh_token: "",
                      revoke_previous_refresh_token!: true)
       expect(
@@ -131,18 +133,18 @@ describe 'doorkeeper authorize filter' do
 
       get :index, params: { access_token: token_string }
       expect(response.status).to eq 403
-      expect(response.header).to_not include('WWW-Authenticate')
+      expect(response.header).to_not include("WWW-Authenticate")
     end
   end
 
-  context 'when custom unauthorized render options are configured' do
+  context "when custom unauthorized render options are configured" do
     controller do
       before_action :doorkeeper_authorize!
 
       include ControllerActions
     end
 
-    context 'with a JSON custom render', token: :invalid do
+    context "with a JSON custom render", token: :invalid do
       before do
         module ControllerActions
           remove_method :doorkeeper_unauthorized_render_options
@@ -161,24 +163,24 @@ describe 'doorkeeper authorize filter' do
         end
       end
 
-      it 'it renders a custom JSON response', token: :invalid do
+      it "it renders a custom JSON response", token: :invalid do
         get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
-        expect(response.content_type).to eq('application/json')
-        expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
+        expect(response.content_type).to eq("application/json")
+        expect(response.header["WWW-Authenticate"]).to match(/^Bearer/)
 
         expect(json_response).not_to be_nil
-        expect(json_response['error_message']).to match('token is invalid')
+        expect(json_response["error_message"]).to match("token is invalid")
       end
     end
 
-    context 'with a text custom render', token: :invalid do
+    context "with a text custom render", token: :invalid do
       before do
         module ControllerActions
           remove_method :doorkeeper_unauthorized_render_options
 
           def doorkeeper_unauthorized_render_options(**)
-            { plain: 'Unauthorized' }
+            { plain: "Unauthorized" }
           end
         end
       end
@@ -191,17 +193,17 @@ describe 'doorkeeper authorize filter' do
         end
       end
 
-      it 'it renders a custom text response', token: :invalid do
+      it "it renders a custom text response", token: :invalid do
         get :index, params: { access_token: token_string }
         expect(response.status).to eq 401
-        expect(response.content_type).to eq('text/plain')
-        expect(response.header['WWW-Authenticate']).to match(/^Bearer/)
-        expect(response.body).to eq('Unauthorized')
+        expect(response.content_type).to eq("text/plain")
+        expect(response.header["WWW-Authenticate"]).to match(/^Bearer/)
+        expect(response.body).to eq("Unauthorized")
       end
     end
   end
 
-  context 'when custom forbidden render options are configured' do
+  context "when custom forbidden render options are configured" do
     before do
       expect(Doorkeeper::AccessToken).to receive(:by_token).with(token_string).and_return(token)
       expect(token).to receive(:acceptable?).with([:write]).and_return(false)
@@ -223,90 +225,90 @@ describe 'doorkeeper authorize filter' do
 
     let(:token) do
       double(Doorkeeper::AccessToken,
-             accessible?: true, scopes: ['public'], revoked?: false,
+             accessible?: true, scopes: ["public"], revoked?: false,
              expired?: false, previous_refresh_token: "",
              revoke_previous_refresh_token!: true)
     end
 
-    let(:token_string) { '1A2DUWE' }
+    let(:token_string) { "1A2DUWE" }
 
-    context 'with a JSON custom render' do
+    context "with a JSON custom render" do
       before do
         module ControllerActions
           remove_method :doorkeeper_forbidden_render_options
 
           def doorkeeper_forbidden_render_options(*)
-            { json: { error_message: 'Forbidden' } }
+            { json: { error_message: "Forbidden" } }
           end
         end
       end
 
-      it 'renders a custom JSON response' do
+      it "renders a custom JSON response" do
         get :index, params: { access_token: token_string }
-        expect(response.header).to_not include('WWW-Authenticate')
-        expect(response.content_type).to eq('application/json')
+        expect(response.header).to_not include("WWW-Authenticate")
+        expect(response.content_type).to eq("application/json")
         expect(response.status).to eq 403
 
         expect(json_response).not_to be_nil
-        expect(json_response['error_message']).to match('Forbidden')
+        expect(json_response["error_message"]).to match("Forbidden")
       end
     end
 
-    context 'with a status and JSON custom render' do
+    context "with a status and JSON custom render" do
       before do
         module ControllerActions
           remove_method :doorkeeper_forbidden_render_options
           def doorkeeper_forbidden_render_options(*)
-            { json: { error_message: 'Not Found' },
-              respond_not_found_when_forbidden: true }
+            { json: { error_message: "Not Found" },
+              respond_not_found_when_forbidden: true, }
           end
         end
       end
 
-      it 'overrides the default status code' do
+      it "overrides the default status code" do
         get :index, params: { access_token: token_string }
         expect(response.status).to eq 404
       end
     end
 
-    context 'with a text custom render' do
+    context "with a text custom render" do
       before do
         module ControllerActions
           remove_method :doorkeeper_forbidden_render_options
 
           def doorkeeper_forbidden_render_options(*)
-            { plain: 'Forbidden' }
+            { plain: "Forbidden" }
           end
         end
       end
 
-      it 'renders a custom status code and text response' do
+      it "renders a custom status code and text response" do
         get :index, params: { access_token: token_string }
-        expect(response.header).to_not include('WWW-Authenticate')
+        expect(response.header).to_not include("WWW-Authenticate")
         expect(response.status).to eq 403
-        expect(response.body).to eq('Forbidden')
+        expect(response.body).to eq("Forbidden")
       end
     end
 
-    context 'with a status and text custom render' do
+    context "with a status and text custom render" do
       before do
         module ControllerActions
           remove_method :doorkeeper_forbidden_render_options
 
           def doorkeeper_forbidden_render_options(*)
-            { respond_not_found_when_forbidden: true, plain: 'Not Found' }
+            { respond_not_found_when_forbidden: true, plain: "Not Found" }
           end
         end
       end
 
-      it 'overrides the default status code' do
+      it "overrides the default status code" do
         get :index, params: { access_token: token_string }
         expect(response.status).to eq 404
       end
     end
   end
 
-  context 'when handle_auth_errors option is set to :raise' do
+  context "when handle_auth_errors option is set to :raise" do
     subject { get :index, params: { access_token: token_string } }
 
     before do
@@ -318,32 +320,32 @@ describe 'doorkeeper authorize filter' do
       include ControllerActions
     end
 
-    context 'when token is unknown' do
-      it 'raises Doorkeeper::Errors::TokenUnknown exception', token: :invalid do
+    context "when token is unknown" do
+      it "raises Doorkeeper::Errors::TokenUnknown exception", token: :invalid do
         expect { subject }.to raise_error(Doorkeeper::Errors::TokenUnknown)
       end
     end
 
-    context 'when token is expired' do
-      it 'raises Doorkeeper::Errors::TokenExpired exception', token: :expired do
+    context "when token is expired" do
+      it "raises Doorkeeper::Errors::TokenExpired exception", token: :expired do
         expect { subject }.to raise_error(Doorkeeper::Errors::TokenExpired)
       end
     end
 
-    context 'when token is revoked' do
-      it 'raises Doorkeeper::Errors::TokenRevoked exception', token: :revoked do
+    context "when token is revoked" do
+      it "raises Doorkeeper::Errors::TokenRevoked exception", token: :revoked do
         expect { subject }.to raise_error(Doorkeeper::Errors::TokenRevoked)
       end
     end
 
-    context 'when token is forbidden' do
-      it 'raises Doorkeeper::Errors::TokenForbidden exception', token: :forbidden do
+    context "when token is forbidden" do
+      it "raises Doorkeeper::Errors::TokenForbidden exception", token: :forbidden do
         expect { subject }.to raise_error(Doorkeeper::Errors::TokenForbidden)
       end
     end
 
-    context 'when token is valid' do
-      it 'allows into index action', token: :valid do
+    context "when token is valid" do
+      it "allows into index action", token: :valid do
         expect(response).to be_successful
       end
     end

data/spec/controllers/token_info_controller_spec.rb

@@ -1,42 +1,44 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 describe Doorkeeper::TokenInfoController do
-  describe 'when requesting token info with valid token' do
+  describe "when requesting token info with valid token" do
     let(:doorkeeper_token) { FactoryBot.create(:access_token) }
 
-    describe 'successful request' do
-      it 'responds with token info' do
+    describe "successful request" do
+      it "responds with token info" do
         get :show, params: { access_token: doorkeeper_token.token }
 
         expect(response.body).to eq(doorkeeper_token.to_json)
       end
 
-      it 'responds with a 200 status' do
+      it "responds with a 200 status" do
         get :show, params: { access_token: doorkeeper_token.token }
 
         expect(response.status).to eq 200
       end
     end
 
-    describe 'invalid token response' do
-      it 'responds with 401 when doorkeeper_token is not valid' do
+    describe "invalid token response" do
+      it "responds with 401 when doorkeeper_token is not valid" do
         get :show
 
         expect(response.status).to eq 401
-        expect(response.headers['WWW-Authenticate']).to match(/^Bearer/)
+        expect(response.headers["WWW-Authenticate"]).to match(/^Bearer/)
       end
 
-      it 'responds with 401 when doorkeeper_token is invalid, expired or revoked' do
+      it "responds with 401 when doorkeeper_token is invalid, expired or revoked" do
         allow(controller).to receive(:doorkeeper_token).and_return(doorkeeper_token)
         allow(doorkeeper_token).to receive(:accessible?).and_return(false)
 
         get :show
 
         expect(response.status).to eq 401
-        expect(response.headers['WWW-Authenticate']).to match(/^Bearer/)
+        expect(response.headers["WWW-Authenticate"]).to match(/^Bearer/)
       end
 
-      it 'responds body message for error' do
+      it "responds body message for error" do
         get :show
 
         expect(response.body).to eq(

data/spec/controllers/tokens_controller_spec.rb

@@ -1,11 +1,13 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 describe Doorkeeper::TokensController do
-  describe 'when authorization has succeeded' do
+  describe "when authorization has succeeded" do
     let(:token) { double(:token, authorize: true) }
 
-    it 'returns the authorization' do
-      skip 'verify need of these specs'
+    it "returns the authorization" do
+      skip "verify need of these specs"
 
       expect(token).to receive(:authorization)
 
@@ -13,28 +15,28 @@ describe Doorkeeper::TokensController do
     end
   end
 
-  describe 'when authorization has failed' do
-    it 'returns the error response' do
+  describe "when authorization has failed" do
+    it "returns the error response" do
       token = double(:token, authorize: false)
       allow(controller).to receive(:token) { token }
 
       post :create
 
       expect(response.status).to eq 400
-      expect(response.headers['WWW-Authenticate']).to match(/Bearer/)
+      expect(response.headers["WWW-Authenticate"]).to match(/Bearer/)
     end
   end
 
-  describe 'when there is a failure due to a custom error' do
-    it 'returns the error response with a custom message' do
+  describe "when there is a failure due to a custom error" do
+    it "returns the error response with a custom message" do
       # I18n looks for `doorkeeper.errors.messages.custom_message` in locale files
-      custom_message = 'my_message'
+      custom_message = "my_message"
       allow(I18n).to receive(:translate)
         .with(
           custom_message,
           hash_including(scope: %i[doorkeeper errors messages])
         )
-        .and_return('Authorization custom message')
+        .and_return("Authorization custom message")
 
       doorkeeper_error = Doorkeeper::Errors::DoorkeeperError.new(custom_message)
 
@@ -46,37 +48,37 @@ describe Doorkeeper::TokensController do
       post :create
 
       expected_response_body = {
-        "error"             => custom_message,
-        "error_description" => "Authorization custom message"
+        "error" => custom_message,
+        "error_description" => "Authorization custom message",
       }
       expect(response.status).to eq 400
-      expect(response.headers['WWW-Authenticate']).to match(/Bearer/)
+      expect(response.headers["WWW-Authenticate"]).to match(/Bearer/)
       expect(JSON.parse(response.body)).to eq expected_response_body
     end
   end
 
   # http://tools.ietf.org/html/rfc7009#section-2.2
-  describe 'revoking tokens' do
+  describe "revoking tokens" do
     let(:client) { FactoryBot.create(:application) }
     let(:access_token) { FactoryBot.create(:access_token, application: client) }
 
-    context 'when associated app is public' do
+    context "when associated app is public" do
       let(:client) { FactoryBot.create(:application, confidential: false) }
 
-      it 'returns 200' do
+      it "returns 200" do
         post :revoke, params: { token: access_token.token }
 
         expect(response.status).to eq 200
       end
 
-      it 'revokes the access token' do
+      it "revokes the access token" do
         post :revoke, params: { token: access_token.token }
 
         expect(access_token.reload).to have_attributes(revoked?: true)
       end
     end
 
-    context 'when associated app is confidential' do
+    context "when associated app is confidential" do
       let(:client) { FactoryBot.create(:application, confidential: true) }
       let(:oauth_client) { Doorkeeper::OAuth::Client.new(client) }
 
@@ -84,29 +86,29 @@ describe Doorkeeper::TokensController do
         allow_any_instance_of(Doorkeeper::Server).to receive(:client) { oauth_client }
       end
 
-      it 'returns 200' do
+      it "returns 200" do
         post :revoke, params: { token: access_token.token }
 
         expect(response.status).to eq 200
       end
 
-      it 'revokes the access token' do
+      it "revokes the access token" do
         post :revoke, params: { token: access_token.token }
 
         expect(access_token.reload).to have_attributes(revoked?: true)
       end
 
-      context 'when authorization fails' do
+      context "when authorization fails" do
         let(:some_other_client) { FactoryBot.create(:application, confidential: true) }
         let(:oauth_client) { Doorkeeper::OAuth::Client.new(some_other_client) }
 
-        it 'returns 200' do
+        it "returns 200" do
           post :revoke, params: { token: access_token.token }
 
           expect(response.status).to eq 200
         end
 
-        it 'does not revoke the access token' do
+        it "does not revoke the access token" do
           post :revoke, params: { token: access_token.token }
 
           expect(access_token.reload).to have_attributes(revoked?: false)
@@ -115,7 +117,7 @@ describe Doorkeeper::TokensController do
     end
   end
 
-  describe 'authorize response memoization' do
+  describe "authorize response memoization" do
     it "memoizes the result of the authorization" do
       strategy = double(:strategy, authorize: true)
       expect(strategy).to receive(:authorize).once
@@ -129,186 +131,199 @@ describe Doorkeeper::TokensController do
     end
   end
 
-  describe 'when requested token introspection' do
+  describe "when requested token introspection" do
     let(:client) { FactoryBot.create(:application) }
     let(:access_token) { FactoryBot.create(:access_token, application: client) }
     let(:token_for_introspection) { FactoryBot.create(:access_token, application: client) }
 
-    context 'authorized using valid Bearer token' do
-      it 'responds with full token introspection' do
-        request.headers['Authorization'] = "Bearer #{access_token.token}"
+    context "authorized using valid Bearer token" do
+      it "responds with full token introspection" do
+        request.headers["Authorization"] = "Bearer #{access_token.token}"
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json 'active', true
-        expect(json_response).to include('client_id', 'token_type', 'exp', 'iat')
+        should_have_json "active", true
+        expect(json_response).to include("client_id", "token_type", "exp", "iat")
       end
     end
 
-    context 'authorized using valid Client Authentication' do
-      it 'responds with full token introspection' do
-        request.headers['Authorization'] = basic_auth_header_for_client(client)
+    context "authorized using valid Client Authentication" do
+      it "responds with full token introspection" do
+        request.headers["Authorization"] = basic_auth_header_for_client(client)
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json 'active', true
-        expect(json_response).to include('client_id', 'token_type', 'exp', 'iat')
-        should_have_json 'client_id', client.uid
+        should_have_json "active", true
+        expect(json_response).to include("client_id", "token_type", "exp", "iat")
+        should_have_json "client_id", client.uid
       end
     end
 
-    context 'using custom introspection response' do
+    context "using custom introspection response" do
       before do
         Doorkeeper.configure do
           orm DOORKEEPER_ORM
           custom_introspection_response do |_token, _context|
             {
-              sub: 'Z5O3upPC88QrAjx00dis',
-              aud: 'https://protected.example.net/resource'
+              sub: "Z5O3upPC88QrAjx00dis",
+              aud: "https://protected.example.net/resource",
             }
           end
         end
       end
 
-      it 'responds with full token introspection' do
-        request.headers['Authorization'] = "Bearer #{access_token.token}"
+      it "responds with full token introspection" do
+        request.headers["Authorization"] = "Bearer #{access_token.token}"
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        expect(json_response).to include('client_id', 'token_type', 'exp', 'iat', 'sub', 'aud')
-        should_have_json 'sub', 'Z5O3upPC88QrAjx00dis'
-        should_have_json 'aud', 'https://protected.example.net/resource'
+        expect(json_response).to include("client_id", "token_type", "exp", "iat", "sub", "aud")
+        should_have_json "sub", "Z5O3upPC88QrAjx00dis"
+        should_have_json "aud", "https://protected.example.net/resource"
       end
     end
 
-    context 'public access token' do
+    context "public access token" do
       let(:token_for_introspection) { FactoryBot.create(:access_token, application: nil) }
 
-      it 'responds with full token introspection' do
-        request.headers['Authorization'] = basic_auth_header_for_client(client)
+      it "responds with full token introspection" do
+        request.headers["Authorization"] = basic_auth_header_for_client(client)
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json 'active', true
-        expect(json_response).to include('client_id', 'token_type', 'exp', 'iat')
-        should_have_json 'client_id', nil
+        should_have_json "active", true
+        expect(json_response).to include("client_id", "token_type", "exp", "iat")
+        should_have_json "client_id", nil
       end
     end
 
-    context 'token was issued to a different client than is making this request' do
+    context "token was issued to a different client than is making this request" do
       let(:different_client) { FactoryBot.create(:application) }
 
-      it 'responds with only active state' do
-        request.headers['Authorization'] = basic_auth_header_for_client(different_client)
+      it "responds with only active state" do
+        request.headers["Authorization"] = basic_auth_header_for_client(different_client)
 
         post :introspect, params: { token: token_for_introspection.token }
 
         expect(response).to be_successful
 
-        should_have_json 'active', false
-        expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
+        should_have_json "active", false
+        expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
       end
     end
 
-    context 'authorized using invalid Bearer token' do
-      let(:token_for_introspection) do
+    context "authorized using invalid Bearer token" do
+      let(:access_token) do
         FactoryBot.create(:access_token, application: client, revoked_at: 1.day.ago)
       end
 
-      it 'responds with invalid token error' do
-        request.headers['Authorization'] = "Bearer #{token_for_introspection.token}"
+      it "responds with invalid token error" do
+        request.headers["Authorization"] = "Bearer #{access_token.token}"
 
-        post :introspect, params: { token: access_token.token }
+        post :introspect, params: { token: token_for_introspection.token }
 
         response_status_should_be 401
 
-        should_not_have_json 'active'
-        should_have_json 'error', 'invalid_token'
+        should_not_have_json "active"
+        should_have_json "error", "invalid_token"
       end
     end
 
-    context 'authorized using the Bearer token that need to be introspected' do
-      it 'responds with invalid token error' do
-        request.headers['Authorization'] = "Bearer #{access_token.token}"
+    context "authorized using the Bearer token that need to be introspected" do
+      it "responds with invalid token error" do
+        request.headers["Authorization"] = "Bearer #{access_token.token}"
 
         post :introspect, params: { token: access_token.token }
 
         response_status_should_be 401
 
-        should_not_have_json 'active'
-        should_have_json 'error', 'invalid_token'
+        should_not_have_json "active"
+        should_have_json "error", "invalid_token"
       end
     end
 
-    context 'using invalid credentials to authorize' do
-      let(:client) { double(uid: '123123', secret: '666999') }
+    context "using invalid credentials to authorize" do
+      let(:client) { double(uid: "123123", secret: "666999") }
       let(:access_token) { FactoryBot.create(:access_token) }
 
-      it 'responds with invalid_client error' do
-        request.headers['Authorization'] = basic_auth_header_for_client(client)
+      it "responds with invalid_client error" do
+        request.headers["Authorization"] = basic_auth_header_for_client(client)
 
         post :introspect, params: { token: access_token.token }
 
         expect(response).not_to be_successful
         response_status_should_be 401
 
-        should_not_have_json 'active'
-        should_have_json 'error', 'invalid_client'
+        should_not_have_json "active"
+        should_have_json "error", "invalid_client"
       end
     end
 
-    context 'using wrong token value' do
-      it 'responds with only active state' do
-        request.headers['Authorization'] = basic_auth_header_for_client(client)
+    context "using wrong token value" do
+      context "authorized using client credentials" do
+        it "responds with only active state" do
+          request.headers["Authorization"] = basic_auth_header_for_client(client)
+
+          post :introspect, params: { token: SecureRandom.hex(16) }
 
-        post :introspect, params: { token: SecureRandom.hex(16) }
+          should_have_json "active", false
+          expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
+        end
+      end
+
+      context "authorized using valid Bearer token" do
+        it "responds with only active state" do
+          request.headers["Authorization"] = "Bearer #{access_token.token}"
 
-        should_have_json 'active', false
-        expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
+          post :introspect, params: { token: SecureRandom.hex(16) }
+
+          should_have_json "active", false
+          expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
+        end
       end
     end
 
-    context 'when requested access token expired' do
+    context "when requested access token expired" do
       let(:token_for_introspection) do
         FactoryBot.create(:access_token, application: client, created_at: 1.year.ago)
       end
 
-      it 'responds with only active state' do
-        request.headers['Authorization'] = basic_auth_header_for_client(client)
+      it "responds with only active state" do
+        request.headers["Authorization"] = basic_auth_header_for_client(client)
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json 'active', false
-        expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
+        should_have_json "active", false
+        expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
       end
     end
 
-    context 'when requested Access Token revoked' do
+    context "when requested Access Token revoked" do
       let(:token_for_introspection) do
         FactoryBot.create(:access_token, application: client, revoked_at: 1.year.ago)
       end
 
-      it 'responds with only active state' do
-        request.headers['Authorization'] = basic_auth_header_for_client(client)
+      it "responds with only active state" do
+        request.headers["Authorization"] = basic_auth_header_for_client(client)
 
         post :introspect, params: { token: token_for_introspection.token }
 
-        should_have_json 'active', false
-        expect(json_response).not_to include('client_id', 'token_type', 'exp', 'iat')
+        should_have_json "active", false
+        expect(json_response).not_to include("client_id", "token_type", "exp", "iat")
       end
     end
 
-    context 'unauthorized (no bearer token or client credentials)' do
+    context "unauthorized (no bearer token or client credentials)" do
       let(:token_for_introspection) { FactoryBot.create(:access_token) }
 
-      it 'responds with invalid_request error' do
+      it "responds with invalid_request error" do
         post :introspect, params: { token: token_for_introspection.token }
 
         expect(response).not_to be_successful
         response_status_should_be 400
 
-        should_not_have_json 'active'
-        should_have_json 'error', 'invalid_request'
+        should_not_have_json "active"
+        should_have_json "error", "invalid_request"
       end
     end
   end