james-d-elliott/example.output Secret

## example.output
=== RUN   TestExample
    fosite_test.go:340:
        	Error Trace:	fosite_test.go:340
        	Error:      	Not equal:
        	            	expected: "openid offline_access"
        	            	actual  : "openid offline_access extra"

        	            	Diff:
        	            	--- Expected
        	            	+++ Actual
        	            	@@ -1 +1 @@
        	            	-openid offline_access
        	            	+openid offline_access extra
        	Test:       	TestExample
    fosite_test.go:345:
        	Error Trace:	fosite_test.go:345
        	Error:      	Not equal:
        	            	expected: fosite.Arguments{"openid", "offline_access"}
        	            	actual  : fosite.Arguments{"openid", "offline_access", "extra"}

        	            	Diff:
        	            	--- Expected
        	            	+++ Actual
        	            	@@ -1,4 +1,5 @@
        	            	-(fosite.Arguments) (len=2) {
        	            	+(fosite.Arguments) (len=3) {
        	            	  (string) (len=6) "openid",
        	            	- (string) (len=14) "offline_access"
        	            	+ (string) (len=14) "offline_access",

        	            	+ (string) (len=5) "extra"
        	            	 }
        	Test:       	TestExample
{"access_token":"ory_at_tY4YMKZxrR-efLiqRrObgFJaIKhZ-WGqb4imj88jiys.8WzVH6M2DVp81_F5jrX1ZHCo6NKfRjS-OWkH3qEUdIY","expires_in":1799,"id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdF9oYXNoIjoiMWtXOFpObThtLUJfMlB4OWxVMERjUSIsImF1ZCI6WyJleGFtcGxlIl0sImF1dGhfdGltZSI6MTY2NzM1NzcxMSwiZXhwIjoxNjY3MzYxMzExLCJpYXQiOjE2NjczNTc3MTEsImp0aSI6IjMxYTY3OTQ0LTY2MzItNDA3YS1hMWNhLWNlMzk3OGNjZmM3ZSIsInN1YiI6InRlc3RpbmcifQ.QbNyDOZxeibnZ8yspsrm40e3GKCI_effoftC6NgSXFUqvG619JUI-AcW_kuiTXPLsO-DwmkgoXip_qEXIwOPQza2VTTgROQr5r92DDJkjhyFgVoqV-IL7IktupS6tddui6ExWxjmqTwvEE0gQ_lNvGaJ5rpUKgsXPlIQCrqcwFZ0P01WS4diI6FXisrqpmZGQxj-k_moJgP5VPTaOd7GDBMAj7jQSqCyjjOAEozX-VItbI2RHQ0B_WJQpb0mqGX4X03B_X4zLkpxPUpX4OmColHTIntQ0creP8qSZovdi9rlSH5cmWEYaxZ8DeV2vfJ3rDJNelFFIWFOK0AuVsXmhg","refresh_token":"ory_rt_D2UL2lwjFhumKQE_lmhh1pL7NIyC_s8eJWHbbMhbnV8.7iDatN8viZWb1sf-5GiOxsuaqyV9S53AESi70hPYCcU","scope":"openid offline_access extra","token_type":"bearer"}
{"access_token":"ory_at_ljFrCDqWfjKmZcc8wK5ULdMjhGu7jwrJATbrbXLxnpY.7AuOi2Q7Ypfx4skceHeFYnkORWwMZe9PdZG9ELWQLRA","expires_in":1799,"id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdF9oYXNoIjoidXE3ZHo4U3hHVkxjS01jUFA3LVQyQSIsImF1ZCI6WyJleGFtcGxlIl0sImF1dGhfdGltZSI6MTY2NzM1NzcxMSwiZXhwIjoxNjY3MzYxMzExLCJpYXQiOjE2NjczNTc3MTEsImp0aSI6IjU1N2U2ZDY4LTQxOTEtNGFkOC04ODE2LWNlMjVlZWRlNzYyMyIsInN1YiI6InRlc3RpbmcifQ.xuwACBlwZJuPJy-lHKEUeBJD9UCjY4r-ohM-6Kj6H3901Gko6GuAiU2erOkVNXGWIAvNkPCQBmEluvdQ7j9A3uW3zQzNrilPdhTX80yxt1R_2E6_vLO5tXfuJcty5_o1Ovcvt2_fPr75z3ZEMN7goHeEc5DlE19Rh3mh9F7BrKsud5f20FTZ_BzZtc8EB3BE_5jf5PGCFRlaZS7Nf47sQncIQ1-UCpSKs4oQ_s91Fz3CZxz51jox9RE0ufUEd1MeDP_s4fU_FwdNIdtuSiM9OjhQlUB7cvY7Vt_irwTzcNN5WTHpGfNp3BnA4skYeKk5eE-gZrow2Fu4402AkhixlA","refresh_token":"ory_rt_69xHeDImIulCrq4s5lB__mgN22Nrm0NGLt1uVPBSQpw.6_NNynKKTPEatVaVpfnS9lqPBcijTHTHBzYvdWGIwAk","scope":"openid offline_access extra","token_type":"bearer"}
access_token: id: 7AuOi2Q7Ypfx4skceHeFYnkORWwMZe9PdZG9ELWQLRA: scopes: [openid offline_access extra]
refresh_token: id: 7iDatN8viZWb1sf-5GiOxsuaqyV9S53AESi70hPYCcU: scopes: [openid offline_access extra]
refresh_token: id: 6_NNynKKTPEatVaVpfnS9lqPBcijTHTHBzYvdWGIwAk: scopes: [openid offline_access extra]
id session: id: ory_ac_QKrANXTwHDgLXF9ja3JaiALliolAPtPJ51DQ85iVVWw.GBrzt5lsTBuLYIWgFZc7z7-xEFzAVvSNM7-uxJ0lg3I: scopes: [openid offline_access extra]
--- FAIL: TestExample (0.21s)


Expected :fosite.Arguments{"openid", "offline_access"}
Actual   :fosite.Arguments{"openid", "offline_access", "extra"}
<Click to see difference>


FAIL


Process finished with the exit code 1

## fosite_BR696_test.go
type PTHasher struct{}

func (h *PTHasher) Compare(ctx context.Context, hash []byte, data []byte) error {
	if bytes.Compare(hash, data) == 0 {
		return nil
	}

	return fmt.Errorf("invalid")
}

func (h *PTHasher) Hash(ctx context.Context, data []byte) ([]byte, error) {
	return nil, nil
}

func TestExample(t *testing.T) {
	privateKey, _ := rsa.GenerateKey(rand.Reader, 2048)

	scopesOriginal := []string{"openid", "offline_access", "extra"}
	scopesRefresh := []string{"openid", "offline_access"}

	c := &Config{
		AccessTokenLifespan:        time.Minute * 30,
		GlobalSecret:               []byte("u7b3mmRo65Nm9GuAGX7GRibWdTHHcvrk"),
		ClientSecretsHasher:        &PTHasher{},
		SendDebugMessagesToClients: true,
	}

	store := storage.NewMemoryStore()

	store.Clients["example"] = DefaultOpenIDConnectClient{
		DefaultClient: &DefaultClient{
			ID:           "example",
			Secret:       []byte("example"),
			RedirectURIs: []string{"https://localhost/oidc/callback"},
			Scopes:       []string{"openid", "offline_access", "extra"},
			GrantTypes:   []string{"authorization_code", "refresh_token"},
		},
	}

	fosite := compose.ComposeAllEnabled(c, store, privateKey)

	formAuthorize := url.Values{}

	formAuthorize.Set("client_id", "example")
	formAuthorize.Set("redirect_uri", "https://localhost/oidc/callback")
	formAuthorize.Set("scope", strings.Join(scopesOriginal, " "))
	formAuthorize.Set("response_type", "code")
	formAuthorize.Set("state", "014551f45dea91525e4e873edb041f3ec90f667e")

	urlAuthorize, err := url.ParseRequestURI("https://localhost/oidc/authorize")

	require.NoError(t, err)

	urlAuthorize.RawQuery = formAuthorize.Encode()

	reqHTTPAuthorize, err := http.NewRequest(http.MethodGet, urlAuthorize.String(), nil)

	require.NoError(t, err)

	ctxAuthorize := context.Background()

	reqAuthorize, err := fosite.NewAuthorizeRequest(ctxAuthorize, reqHTTPAuthorize)
	switch e := err.(type) {
	case *RFC6749Error:
		fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField)
	case nil:
		break
	default:
		fmt.Printf("can't determine error: %+v\n", e)
	}
	require.NoError(t, err)

	assert.NotNil(t, reqAuthorize)

	for _, scope := range reqAuthorize.GetRequestedScopes() {
		reqAuthorize.GrantScope(scope)
	}

	for _, audience := range reqAuthorize.GetRequestedAudience() {
		reqAuthorize.GrantAudience(audience)
	}

	session := &openid.DefaultSession{
		Claims: &jwt.IDTokenClaims{
			Subject: "testing",
		},
		Username: "testing",
		Subject:  "testing",
	}

	assert.Equal(t, "testing", session.GetSubject())

	respAuthorize, err := fosite.NewAuthorizeResponse(ctxAuthorize, reqAuthorize, session)
	switch e := err.(type) {
	case *RFC6749Error:
		fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField)
	case nil:
		break
	default:
		fmt.Printf("can't determine error: %+v\n", e)
	}
	require.NoError(t, err)

	assert.NotNil(t, respAuthorize)

	recorderAuthorize := httptest.NewRecorder()

	fosite.WriteAuthorizeResponse(ctxAuthorize, recorderAuthorize, reqAuthorize, respAuthorize)

	headersAuthorize := recorderAuthorize.Header()

	locationAuthorize := headersAuthorize.Get("Location")

	assert.NotEmpty(t, locationAuthorize)

	urlAuthorizeResponse, err := url.ParseRequestURI(locationAuthorize)
	require.NoError(t, err)

	qryAuthoizeResponse := urlAuthorizeResponse.Query()

	code := qryAuthoizeResponse.Get("code")

	assert.NotEmpty(t, code)

	formToken := &url.Values{}

	formToken.Set("grant_type", "authorization_code")
	formToken.Set("client_id", "example")
	formToken.Set("client_secret", "example")
	formToken.Set("redirect_uri", "https://localhost/oidc/callback")
	formToken.Set("code", code)

	reqHTTPToken, err := http.NewRequest(http.MethodPost, "https://localhost/oidc/token", strings.NewReader(formToken.Encode()))
	require.NoError(t, err)

	reqHTTPToken.Header.Set("Content-Type", "application/x-www-form-urlencoded")

	assert.NotNil(t, reqHTTPToken)

	ctxToken := context.Background()

	sessionToken := openid.NewDefaultSession()

	reqToken, err := fosite.NewAccessRequest(ctxToken, reqHTTPToken, sessionToken)
	switch e := err.(type) {
	case *RFC6749Error:
		fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField)
	case nil:
		break
	default:
		fmt.Printf("can't determine error: %+v\n", e)
	}
	require.NoError(t, err)

	assert.NotNil(t, reqToken)

	respToken, err := fosite.NewAccessResponse(ctxToken, reqToken)
	require.NoError(t, err)

	assert.NotNil(t, respToken)

	recorderToken := httptest.NewRecorder()

	fosite.WriteAccessResponse(ctxToken, recorderToken, reqToken, respToken)

	parsedTokenResponse := &TokenResponse{}

	err = json.Unmarshal(recorderToken.Body.Bytes(), parsedTokenResponse)

	require.NoError(t, err)

	assert.NotEmpty(t, parsedTokenResponse.RefreshToken)

	assert.Equal(t, strings.Join(scopesOriginal, " "), parsedTokenResponse.Scope)

	accessToken, ok := store.AccessTokens[strings.SplitN(parsedTokenResponse.AccessToken, ".", 2)[1]]
	require.True(t, ok)

	assert.Equal(t, Arguments(scopesOriginal), accessToken.GetGrantedScopes())

	formRefreshToken := &url.Values{}

	formRefreshToken.Set("grant_type", "refresh_token")
	formRefreshToken.Set("client_id", "example")
	formRefreshToken.Set("client_secret", "example")
	formRefreshToken.Set("refresh_token", parsedTokenResponse.RefreshToken)
	formRefreshToken.Set("scope", strings.Join(scopesRefresh, " "))
	formRefreshToken.Set("redirect_uri", "https://localhost/oidc/callback")
	formRefreshToken.Set("code", code)

	reqHTTPRefreshToken, err := http.NewRequest(http.MethodPost, "https://localhost/oidc/token", strings.NewReader(formRefreshToken.Encode()))
	require.NoError(t, err)

	reqHTTPRefreshToken.Header.Set("Content-Type", "application/x-www-form-urlencoded")

	assert.NotNil(t, reqHTTPRefreshToken)

	ctxRefreshToken := context.Background()

	sessionRefreshToken := openid.NewDefaultSession()

	reqRefreshToken, err := fosite.NewAccessRequest(ctxRefreshToken, reqHTTPRefreshToken, sessionRefreshToken)
	switch e := err.(type) {
	case *RFC6749Error:
		fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField)
	case nil:
		break
	default:
		fmt.Printf("can't determine error: %+v\n", e)
	}
	require.NoError(t, err)

	assert.NotNil(t, reqRefreshToken)

	respRefreshToken, err := fosite.NewAccessResponse(ctxRefreshToken, reqRefreshToken)
	require.NoError(t, err)

	assert.NotNil(t, respRefreshToken)

	recorderRefreshToken := httptest.NewRecorder()

	fosite.WriteAccessResponse(ctxRefreshToken, recorderRefreshToken, reqRefreshToken, respRefreshToken)

	parsedRefreshTokenResponse := &TokenResponse{}

	err = json.Unmarshal(recorderRefreshToken.Body.Bytes(), parsedRefreshTokenResponse)

	require.NoError(t, err)

	assert.NotEmpty(t, parsedRefreshTokenResponse.RefreshToken)

	assert.Equal(t, strings.Join(scopesRefresh, " "), parsedRefreshTokenResponse.Scope)

	accessTokenRefresh, ok := store.AccessTokens[strings.SplitN(parsedRefreshTokenResponse.AccessToken, ".", 2)[1]]
	require.True(t, ok)

	assert.Equal(t, Arguments(scopesRefresh), accessTokenRefresh.GetGrantedScopes())

	fmt.Println(recorderToken.Body)
	fmt.Println(recorderRefreshToken.Body)
}
	=== RUN TestExample
	fosite_test.go:340:
	Error Trace: fosite_test.go:340
	Error: Not equal:
	expected: "openid offline_access"
	actual : "openid offline_access extra"

	Diff:
	--- Expected
	+++ Actual
	@@ -1 +1 @@
	-openid offline_access
	+openid offline_access extra
	Test: TestExample
	fosite_test.go:345:
	Error Trace: fosite_test.go:345
	Error: Not equal:
	expected: fosite.Arguments{"openid", "offline_access"}
	actual : fosite.Arguments{"openid", "offline_access", "extra"}

	Diff:
	--- Expected
	+++ Actual
	@@ -1,4 +1,5 @@
	-(fosite.Arguments) (len=2) {
	+(fosite.Arguments) (len=3) {
	(string) (len=6) "openid",
	- (string) (len=14) "offline_access"
	+ (string) (len=14) "offline_access",

	+ (string) (len=5) "extra"
	}
	Test: TestExample
	{"access_token":"ory_at_tY4YMKZxrR-efLiqRrObgFJaIKhZ-WGqb4imj88jiys.8WzVH6M2DVp81_F5jrX1ZHCo6NKfRjS-OWkH3qEUdIY","expires_in":1799,"id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdF9oYXNoIjoiMWtXOFpObThtLUJfMlB4OWxVMERjUSIsImF1ZCI6WyJleGFtcGxlIl0sImF1dGhfdGltZSI6MTY2NzM1NzcxMSwiZXhwIjoxNjY3MzYxMzExLCJpYXQiOjE2NjczNTc3MTEsImp0aSI6IjMxYTY3OTQ0LTY2MzItNDA3YS1hMWNhLWNlMzk3OGNjZmM3ZSIsInN1YiI6InRlc3RpbmcifQ.QbNyDOZxeibnZ8yspsrm40e3GKCI_effoftC6NgSXFUqvG619JUI-AcW_kuiTXPLsO-DwmkgoXip_qEXIwOPQza2VTTgROQr5r92DDJkjhyFgVoqV-IL7IktupS6tddui6ExWxjmqTwvEE0gQ_lNvGaJ5rpUKgsXPlIQCrqcwFZ0P01WS4diI6FXisrqpmZGQxj-k_moJgP5VPTaOd7GDBMAj7jQSqCyjjOAEozX-VItbI2RHQ0B_WJQpb0mqGX4X03B_X4zLkpxPUpX4OmColHTIntQ0creP8qSZovdi9rlSH5cmWEYaxZ8DeV2vfJ3rDJNelFFIWFOK0AuVsXmhg","refresh_token":"ory_rt_D2UL2lwjFhumKQE_lmhh1pL7NIyC_s8eJWHbbMhbnV8.7iDatN8viZWb1sf-5GiOxsuaqyV9S53AESi70hPYCcU","scope":"openid offline_access extra","token_type":"bearer"}
	{"access_token":"ory_at_ljFrCDqWfjKmZcc8wK5ULdMjhGu7jwrJATbrbXLxnpY.7AuOi2Q7Ypfx4skceHeFYnkORWwMZe9PdZG9ELWQLRA","expires_in":1799,"id_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdF9oYXNoIjoidXE3ZHo4U3hHVkxjS01jUFA3LVQyQSIsImF1ZCI6WyJleGFtcGxlIl0sImF1dGhfdGltZSI6MTY2NzM1NzcxMSwiZXhwIjoxNjY3MzYxMzExLCJpYXQiOjE2NjczNTc3MTEsImp0aSI6IjU1N2U2ZDY4LTQxOTEtNGFkOC04ODE2LWNlMjVlZWRlNzYyMyIsInN1YiI6InRlc3RpbmcifQ.xuwACBlwZJuPJy-lHKEUeBJD9UCjY4r-ohM-6Kj6H3901Gko6GuAiU2erOkVNXGWIAvNkPCQBmEluvdQ7j9A3uW3zQzNrilPdhTX80yxt1R_2E6_vLO5tXfuJcty5_o1Ovcvt2_fPr75z3ZEMN7goHeEc5DlE19Rh3mh9F7BrKsud5f20FTZ_BzZtc8EB3BE_5jf5PGCFRlaZS7Nf47sQncIQ1-UCpSKs4oQ_s91Fz3CZxz51jox9RE0ufUEd1MeDP_s4fU_FwdNIdtuSiM9OjhQlUB7cvY7Vt_irwTzcNN5WTHpGfNp3BnA4skYeKk5eE-gZrow2Fu4402AkhixlA","refresh_token":"ory_rt_69xHeDImIulCrq4s5lB__mgN22Nrm0NGLt1uVPBSQpw.6_NNynKKTPEatVaVpfnS9lqPBcijTHTHBzYvdWGIwAk","scope":"openid offline_access extra","token_type":"bearer"}
	access_token: id: 7AuOi2Q7Ypfx4skceHeFYnkORWwMZe9PdZG9ELWQLRA: scopes: [openid offline_access extra]
	refresh_token: id: 7iDatN8viZWb1sf-5GiOxsuaqyV9S53AESi70hPYCcU: scopes: [openid offline_access extra]
	refresh_token: id: 6_NNynKKTPEatVaVpfnS9lqPBcijTHTHBzYvdWGIwAk: scopes: [openid offline_access extra]
	id session: id: ory_ac_QKrANXTwHDgLXF9ja3JaiALliolAPtPJ51DQ85iVVWw.GBrzt5lsTBuLYIWgFZc7z7-xEFzAVvSNM7-uxJ0lg3I: scopes: [openid offline_access extra]
	--- FAIL: TestExample (0.21s)


	Expected :fosite.Arguments{"openid", "offline_access"}
	Actual :fosite.Arguments{"openid", "offline_access", "extra"}
	<Click to see difference>


	FAIL


	Process finished with the exit code 1
	type PTHasher struct{}

	func (h *PTHasher) Compare(ctx context.Context, hash []byte, data []byte) error {
	if bytes.Compare(hash, data) == 0 {
	return nil
	}

	return fmt.Errorf("invalid")
	}

	func (h *PTHasher) Hash(ctx context.Context, data []byte) ([]byte, error) {
	return nil, nil
	}

	func TestExample(t *testing.T) {
	privateKey, _ := rsa.GenerateKey(rand.Reader, 2048)

	scopesOriginal := []string{"openid", "offline_access", "extra"}
	scopesRefresh := []string{"openid", "offline_access"}

	c := &Config{
	AccessTokenLifespan: time.Minute * 30,
	GlobalSecret: []byte("u7b3mmRo65Nm9GuAGX7GRibWdTHHcvrk"),
	ClientSecretsHasher: &PTHasher{},
	SendDebugMessagesToClients: true,
	}

	store := storage.NewMemoryStore()

	store.Clients["example"] = DefaultOpenIDConnectClient{
	DefaultClient: &DefaultClient{
	ID: "example",
	Secret: []byte("example"),
	RedirectURIs: []string{"https://localhost/oidc/callback"},
	Scopes: []string{"openid", "offline_access", "extra"},
	GrantTypes: []string{"authorization_code", "refresh_token"},
	},
	}

	fosite := compose.ComposeAllEnabled(c, store, privateKey)

	formAuthorize := url.Values{}

	formAuthorize.Set("client_id", "example")
	formAuthorize.Set("redirect_uri", "https://localhost/oidc/callback")
	formAuthorize.Set("scope", strings.Join(scopesOriginal, " "))
	formAuthorize.Set("response_type", "code")
	formAuthorize.Set("state", "014551f45dea91525e4e873edb041f3ec90f667e")

	urlAuthorize, err := url.ParseRequestURI("https://localhost/oidc/authorize")

	require.NoError(t, err)

	urlAuthorize.RawQuery = formAuthorize.Encode()

	reqHTTPAuthorize, err := http.NewRequest(http.MethodGet, urlAuthorize.String(), nil)

	require.NoError(t, err)

	ctxAuthorize := context.Background()

	reqAuthorize, err := fosite.NewAuthorizeRequest(ctxAuthorize, reqHTTPAuthorize)
	switch e := err.(type) {
	case *RFC6749Error:
	fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField)
	case nil:
	break
	default:
	fmt.Printf("can't determine error: %+v\n", e)
	}
	require.NoError(t, err)

	assert.NotNil(t, reqAuthorize)

	for _, scope := range reqAuthorize.GetRequestedScopes() {
	reqAuthorize.GrantScope(scope)
	}

	for _, audience := range reqAuthorize.GetRequestedAudience() {
	reqAuthorize.GrantAudience(audience)
	}

	session := &openid.DefaultSession{
	Claims: &jwt.IDTokenClaims{
	Subject: "testing",
	},
	Username: "testing",
	Subject: "testing",
	}

	assert.Equal(t, "testing", session.GetSubject())

	respAuthorize, err := fosite.NewAuthorizeResponse(ctxAuthorize, reqAuthorize, session)
	switch e := err.(type) {
	case *RFC6749Error:
	fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField)
	case nil:
	break
	default:
	fmt.Printf("can't determine error: %+v\n", e)
	}
	require.NoError(t, err)

	assert.NotNil(t, respAuthorize)

	recorderAuthorize := httptest.NewRecorder()

	fosite.WriteAuthorizeResponse(ctxAuthorize, recorderAuthorize, reqAuthorize, respAuthorize)

	headersAuthorize := recorderAuthorize.Header()

	locationAuthorize := headersAuthorize.Get("Location")

	assert.NotEmpty(t, locationAuthorize)

	urlAuthorizeResponse, err := url.ParseRequestURI(locationAuthorize)
	require.NoError(t, err)

	qryAuthoizeResponse := urlAuthorizeResponse.Query()

	code := qryAuthoizeResponse.Get("code")

	assert.NotEmpty(t, code)

	formToken := &url.Values{}

	formToken.Set("grant_type", "authorization_code")
	formToken.Set("client_id", "example")
	formToken.Set("client_secret", "example")
	formToken.Set("redirect_uri", "https://localhost/oidc/callback")
	formToken.Set("code", code)

	reqHTTPToken, err := http.NewRequest(http.MethodPost, "https://localhost/oidc/token", strings.NewReader(formToken.Encode()))
	require.NoError(t, err)

	reqHTTPToken.Header.Set("Content-Type", "application/x-www-form-urlencoded")

	assert.NotNil(t, reqHTTPToken)

	ctxToken := context.Background()

	sessionToken := openid.NewDefaultSession()

	reqToken, err := fosite.NewAccessRequest(ctxToken, reqHTTPToken, sessionToken)
	switch e := err.(type) {
	case *RFC6749Error:
	fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField)
	case nil:
	break
	default:
	fmt.Printf("can't determine error: %+v\n", e)
	}
	require.NoError(t, err)

	assert.NotNil(t, reqToken)

	respToken, err := fosite.NewAccessResponse(ctxToken, reqToken)
	require.NoError(t, err)

	assert.NotNil(t, respToken)

	recorderToken := httptest.NewRecorder()

	fosite.WriteAccessResponse(ctxToken, recorderToken, reqToken, respToken)

	parsedTokenResponse := &TokenResponse{}

	err = json.Unmarshal(recorderToken.Body.Bytes(), parsedTokenResponse)

	require.NoError(t, err)

	assert.NotEmpty(t, parsedTokenResponse.RefreshToken)

	assert.Equal(t, strings.Join(scopesOriginal, " "), parsedTokenResponse.Scope)

	accessToken, ok := store.AccessTokens[strings.SplitN(parsedTokenResponse.AccessToken, ".", 2)[1]]
	require.True(t, ok)

	assert.Equal(t, Arguments(scopesOriginal), accessToken.GetGrantedScopes())

	formRefreshToken := &url.Values{}

	formRefreshToken.Set("grant_type", "refresh_token")
	formRefreshToken.Set("client_id", "example")
	formRefreshToken.Set("client_secret", "example")
	formRefreshToken.Set("refresh_token", parsedTokenResponse.RefreshToken)
	formRefreshToken.Set("scope", strings.Join(scopesRefresh, " "))
	formRefreshToken.Set("redirect_uri", "https://localhost/oidc/callback")
	formRefreshToken.Set("code", code)

	reqHTTPRefreshToken, err := http.NewRequest(http.MethodPost, "https://localhost/oidc/token", strings.NewReader(formRefreshToken.Encode()))
	require.NoError(t, err)

	reqHTTPRefreshToken.Header.Set("Content-Type", "application/x-www-form-urlencoded")

	assert.NotNil(t, reqHTTPRefreshToken)

	ctxRefreshToken := context.Background()

	sessionRefreshToken := openid.NewDefaultSession()

	reqRefreshToken, err := fosite.NewAccessRequest(ctxRefreshToken, reqHTTPRefreshToken, sessionRefreshToken)
	switch e := err.(type) {
	case *RFC6749Error:
	fmt.Printf("code: %d, description: %s, debug: %s, hint: %s\n", e.CodeField, e.DescriptionField, e.DebugField, e.HintField)
	case nil:
	break
	default:
	fmt.Printf("can't determine error: %+v\n", e)
	}
	require.NoError(t, err)

	assert.NotNil(t, reqRefreshToken)

	respRefreshToken, err := fosite.NewAccessResponse(ctxRefreshToken, reqRefreshToken)
	require.NoError(t, err)

	assert.NotNil(t, respRefreshToken)

	recorderRefreshToken := httptest.NewRecorder()

	fosite.WriteAccessResponse(ctxRefreshToken, recorderRefreshToken, reqRefreshToken, respRefreshToken)

	parsedRefreshTokenResponse := &TokenResponse{}

	err = json.Unmarshal(recorderRefreshToken.Body.Bytes(), parsedRefreshTokenResponse)

	require.NoError(t, err)

	assert.NotEmpty(t, parsedRefreshTokenResponse.RefreshToken)

	assert.Equal(t, strings.Join(scopesRefresh, " "), parsedRefreshTokenResponse.Scope)

	accessTokenRefresh, ok := store.AccessTokens[strings.SplitN(parsedRefreshTokenResponse.AccessToken, ".", 2)[1]]
	require.True(t, ok)

	assert.Equal(t, Arguments(scopesRefresh), accessTokenRefresh.GetGrantedScopes())

	fmt.Println(recorderToken.Body)
	fmt.Println(recorderRefreshToken.Body)
	}