Further WWW-Authenticate tests

src/test/integration/oauth-test.ts

@@ -169,8 +169,9 @@ describe('oauth/', function () {
     let res = await chai
       .request(server)
       .get(Constants.THINGS_PATH)
-      .set('Accept', 'application/json')
+      .set('Accept', 'application/json');
     expect(res.status).toEqual(401);
+    expect(res.header).toHaveProperty('www-authenticate');
     expect(res.get('WWW-Authenticate')).toEqual('Bearer');
   });
 
@@ -217,6 +218,7 @@ describe('oauth/', function () {
       .set(...headerAuth(jwt));
     expect(err.status).toEqual(403);
     expect(err.header).toHaveProperty('www-authenticate');
+    expect(err.get('www-authenticate')).toEqual(expect.stringContaining('insufficient_scope'));
 
     res = await chai
       .request(server)
@@ -503,6 +505,7 @@ describe('oauth/', function () {
       .set(...headerAuth(jwt));
     expect(err.status).toEqual(403);
     expect(err.header).toHaveProperty('www-authenticate');
+    expect(err.get('www-authenticate')).toEqual(expect.stringContaining('insufficient_scope'));
   });
 
   it('rejects use of authorization code as access token', async () => {
@@ -537,5 +540,6 @@ describe('oauth/', function () {
       .set(...headerAuth(jwt));
     expect(err.status).toEqual(403);
     expect(err.header).toHaveProperty('www-authenticate');
+    expect(err.get('www-authenticate')).toEqual(expect.stringContaining('insufficient_scope'));
   });
 });