public async Task Token_Can_Be_Invalidated_After_Creation() { //Arrange var email = CreateEmail(); var userDto = ObjectCreateHelper.MakeSimpleApiUserDto(email, true); var createdUserId = await HttpApi.CreateOdataUserAsync(userDto, OrganizationRole.User); var loginDto = ObjectCreateHelper.MakeSimpleLoginDto(email, _defaultPassword); var token = await HttpApi.GetTokenAsync(loginDto); using (var requestResponse = await HttpApi.GetWithTokenAsync(TestEnvironment.CreateUrl("api/ItSystem/"), token.Token)) { Assert.NotNull(requestResponse); Assert.Equal(HttpStatusCode.OK, requestResponse.StatusCode); }; //Act await DisableApiAccessForUserAsync(userDto, createdUserId); //Assert using (var requestResponse = await HttpApi.GetWithTokenAsync(TestEnvironment.CreateUrl("api/ItSystem/"), token.Token)) { Assert.NotNull(requestResponse); Assert.Equal(HttpStatusCode.Forbidden, requestResponse.StatusCode); }; await HttpApi.DeleteUserAsync(createdUserId); }