(use-modules (webid-oidc refresh-token)
             (webid-oidc testing)
             (webid-oidc jwk)
             (webid-oidc errors)
             (web uri)
             (srfi srfi-19)
             (web response)
             (ice-9 optargs)
             (ice-9 receive))

(with-test-environment
 "refresh-token-with-wrong-key"
 (lambda ()
   (define first-key (generate-key #:n-size 2048))
   (define second-key (generate-key #:n-size 2048))
   (define sub (string->uri "https://subject"))
   (define aud (string->uri "https://audience"))
   (define refresh-token (issue-refresh-token sub aud (jkt first-key)))
   (with-exception-handler
       (lambda (error)
         (unless ((record-predicate &invalid-key-for-refresh-token) error)
           (exit 1)))
     (lambda ()
       (with-refresh-token refresh-token second-key
                           (lambda (sub aud)
                             (exit 2)))
       (exit 3))
     #:unwind? #t
     #:unwind-for-type &invalid-key-for-refresh-token)))