Unit test for failed password grant

lemonldap-ng-portal/t/32-OIDC-Password-Grant.t

@@ -70,7 +70,29 @@ my $res;
 # Resource Owner Password Credentials Grant
 # Access Token Request
 # https://tools.ietf.org/html/rfc6749#section-4.3
+
+# Wrong password should fail
 my $query = buildForm( {
+        client_id     => 'rpid',
+        client_secret => 'rpsecret',
+        grant_type    => 'password',
+        username      => 'french',
+        password      => 'invalid',
+        scope         => 'profile email',
+    }
+);
+
+## Wrong password should fail
+$res = $op->_post(
+    "/oauth2/token",
+    IO::String->new($query),
+    accept => 'application/json',
+    length => length($query),
+);
+
+expectReject( $res, 400, "invalid_grant" );
+
+$query = buildForm( {
         client_id     => 'rpid',
         client_secret => 'rpsecret',
         grant_type    => 'password',
@@ -92,6 +114,7 @@ my $payload = expectJSON($res);
 my $access_token = $payload->{access_token};
 ok( $access_token, "Access Token found" );
 count(1);
+
 my $token_res_scope = $payload->{scope};
 ok( $token_res_scope, "Scope found in token response" );
 is( $payload->{id_token}, undef, "No ID token in original request" );