Test for error code 400.

RFC 6749 section
5.2 (https://www.rfc-editor.org/rfc/rfc6749.html#section-5.2) states
that the response code for `invalid_grant` should be 400, not
401. Update the test, therefore, to check for the correct status code.

1 files changed, 6 insertions, 6 deletions

diff --git a/tests/test_gn_auth_auth_flow.py b/tests/test_gn_auth_auth_flow.py
index 98d792a..c031584 100644
--- a/tests/test_gn_auth_auth_flow.py
+++ b/tests/test_gn_auth_auth_flow.py
@@ -86,7 +86,7 @@ class TestTokenGrant:
 class TestTokenGrantRejection:
     """Password grant with bad credentials must return 401."""
 
-    def test_wrong_password_returns_401(
+    def test_wrong_password_returns_400(
             self, gn_auth_url, http, oauth2_credentials):
         email, _password, client_id, client_secret = oauth2_credentials
         resp = http.post(
@@ -101,11 +101,11 @@ class TestTokenGrantRejection:
             },
             timeout=30,
         )
-        assert resp.status_code == 401, (
-            f"Expected 401 for wrong password, got {resp.status_code}: {resp.text}"
+        assert resp.status_code == 400, (
+            f"Expected 400 for wrong password, got {resp.status_code}: {resp.text}"
         )
 
-    def test_unknown_email_returns_401(
+    def test_unknown_email_returns_400(
             self, gn_auth_url, http, oauth2_credentials):
         _email, password, client_id, client_secret = oauth2_credentials
         resp = http.post(
@@ -120,8 +120,8 @@ class TestTokenGrantRejection:
             },
             timeout=30,
         )
-        assert resp.status_code == 401, (
-            f"Expected 401 for unknown email, got {resp.status_code}: {resp.text}"
+        assert resp.status_code == 400, (
+            f"Expected 400 for unknown email, got {resp.status_code}: {resp.text}"
         )