public async Task CanModifyUser()
        {
            // arrange
            var httpClient   = new UsersHttpClient(this.Authority, this.Handler);
            var originalUser = new User
            {
                Username    = Guid.NewGuid().ToString("N", CultureInfo.InvariantCulture),
                Password    = "******",
                Email       = "*****@*****.**",
                PhoneNumber = "123456789",
                Roles       = { "admin" },
            };

            var expectedUser = new User
            {
                Username    = Guid.NewGuid().ToString("N", CultureInfo.InvariantCulture),
                Password    = "******",
                Email       = "*****@*****.**",
                PhoneNumber = "987654321",
                Roles       = { "auth_admin", "user_admin" },
            };

            var initialUser = await httpClient.AddUserAsync(originalUser).ConfigureAwait(false);

            // act
            var actualUser = await httpClient.ModifyUserAsync(expectedUser, originalUser.Username).ConfigureAwait(false);

            // assert
            actualUser.Should().NotBeNull();
            actualUser.Should().BeEquivalentTo(expectedUser, options => options.Excluding(user => user.Id).Excluding(user => user.Password));
            actualUser.Id.Should().Be(initialUser.Id);
        }
        public void CannotRemoveAdminRoleFromDefaultAdminUser()
        {
            // arrange
            var httpClient = new UsersHttpClient(this.Authority, this.Handler);
            var user       = new User
            {
                Username = "******",
                Roles    = { },
            };

            // act
            Func <Task> func = async() => await httpClient.ModifyUserAsync(user).ConfigureAwait(false);

            // assert
            func.Should().Throw <HttpException>().And.StatusCode.Should().Be(HttpStatusCode.BadRequest);
        }