POST http://localhost:3333/login [FormParams] email: test_user@debian.org password: supersecretpassword HTTP 200 [Captures] access_token: jsonpath "$.access_token" refresh_token: jsonpath "$.refresh_token" # Check the logged in use can access the protected route GET http://localhost:3333/home Authorization: Bearer {{access_token}} HTTP 200 [Asserts] jsonpath "$.status" == "authenticated" # Log out user to clean table of tokens etc POST http://localhost:3333/logout Content-Type: application/json { "refresh_token": "{{refresh_token}}" } HTTP 200 [Asserts] jsonpath "$.message" == "logout success"