@Test public void useAuthorizationCodeWithInalidScopesTest() throws InterruptedException, JSONException { String currentUrl = OauthAuthorizationPageHelper.loginAndAuthorize( this.getWebBaseUrl(), this.getClient1ClientId(), this.getClient1RedirectUri(), ScopePathType.ORCID_WORKS_CREATE.value(), null, this.getUser1UserName(), this.getUser1Password(), true, webDriver); Matcher matcher = AUTHORIZATION_CODE_PATTERN.matcher(currentUrl); assertTrue(matcher.find()); String authorizationCode = matcher.group(1); assertFalse(PojoUtil.isEmpty(authorizationCode)); ClientResponse tokenResponse = getClientResponse( this.getClient1ClientId(), this.getClient1ClientSecret(), ScopePathType.ORCID_WORKS_UPDATE.getContent(), this.getClient1RedirectUri(), authorizationCode); assertEquals(401, tokenResponse.getStatus()); OrcidMessage result = tokenResponse.getEntity(OrcidMessage.class); assertNotNull(result); assertNotNull(result.getErrorDesc()); assertEquals( "OAuth2 problem : Invalid scopes: /orcid-works/update available scopes for this code are: [/orcid-works/create]", result.getErrorDesc().getContent()); }