1 files changed, 21 insertions, 0 deletions

diff --git a/test/e2e_test.go b/test/e2e_test.go
index 7fd59e4a..c88f5fc6 100644
--- a/test/e2e_test.go
+++ b/test/e2e_test.go
@@ -95,6 +95,20 @@ func TestAuthx(t *testing.T) {
 				assert.NotNil(t, organizations)
 			})
 
+			t.Run("GET http://api.example.com:8080/groups.json", func(t *testing.T) {
+				response := x.Must(http.Get("http://api.example.com:8080/groups.json"))
+				assert.Equal(t, http.StatusForbidden, response.StatusCode)
+			})
+
+			t.Run("GET http://api.example.com:8080/groups.json with Authorization", func(t *testing.T) {
+				request := x.Must(http.NewRequestWithContext(t.Context(), "GET", "http://api.example.com:8080/groups.json", nil))
+				request.Header.Add("Authorization", "Bearer "+item.AccessToken)
+				response := x.Must(client.Do(request))
+				require.Equal(t, http.StatusOK, response.StatusCode)
+				groups := x.Must(serde.FromJSON[[]map[string]string](response.Body))
+				assert.NotNil(t, groups)
+			})
+
 			t.Run("GET http://api.example.com:8080/projects.json", func(t *testing.T) {
 				response := x.Must(http.Get("http://api.example.com:8080/projects.json"))
 				assert.Equal(t, http.StatusForbidden, response.StatusCode)
@@ -242,6 +256,13 @@ func TestAuthx(t *testing.T) {
 			assert.Equal(t, "Bearer", credentials.TokenType)
 			assert.NotEmpty(t, credentials.RefreshToken)
 
+			t.Run("cannot re-use the same authorization grant", func(t *testing.T) {
+				newCredentials, err := conf.Exchange(ctx, code)
+
+				assert.Error(t, err)
+				assert.Empty(t, newCredentials)
+			})
+
 			t.Run("token is usable against REST API", func(t *testing.T) {
 				client := conf.Client(ctx, credentials)
 				response := x.Must(client.Get("http://api.example.com:8080/projects.json"))