public async Task Create_Returns400IfCredentialsAreMalformed() { // Arrange var request = new TokenRequest { Credentials = "THIS IS NOT HOW THEY SHOULD BE DONE" }; // Act var response = await _controller.CreateTokenAsync(request) as BadRequestObjectResult; // Assert response.StatusCode.Should().Be(StatusCodes.Status400BadRequest); response.Value.Should().Be("Invalid credentials"); }