ClientResponse clientResponse = webResource
.header("Authorization", authorizationBearer(ACCESS_TOKEN))
.put(ClientResponse.class, c);
assertThat("Server should not accept a client with scopes that are not a subset of the resourceServers scope",
clientResponse.getStatus(), equalTo(400));
final ValidationErrorResponse validationErrorResponse = clientResponse.getEntity(ValidationErrorResponse.class);
assertThat(validationErrorResponse.getViolations().size(), equalTo(1));
assertThat(validationErrorResponse.getViolations().get(0), containsString("Client should only contain scopes that its resource server defines"));
}