Feature: Access control
    In order to control we gets access to what and where,
    as a customer, I want to assign users roles and give
    them access to specific sites

    Scenario: Got some roles
        Given the associate has some roles assigned to them
        When they sign in
        Then the roles should be on the access token

    Scenario: No access to site
        Given the associate does not have access to the site
        When they try to sign in
        Then they are informed that the can't sign in
        # todo: figure out if the service tells us that
        And the reason why

    Scenario: Forbidden for any reason 
        Given the associate does not have access for some reason
        When they try to sign in
        Then they are informed that the can't sign in