diff --git a/authorize_error_test.go b/authorize_error_test.go
index 6e9a043e8..b7052d389 100644
--- a/authorize_error_test.go
+++ b/authorize_error_test.go
@@ -53,7 +53,7 @@ func TestWriteAuthorizeError(t *testing.T) {
 			mock: func() {
 				req.EXPECT().IsRedirectURIValid().Return(false)
 				rw.EXPECT().Header().Return(header)
-				rw.EXPECT().WriteHeader(http.StatusOK)
+				rw.EXPECT().WriteHeader(http.StatusBadRequest)
 				rw.EXPECT().Write(gomock.Any())
 			},
 			checkHeader: func(k int) {
diff --git a/fosite-example/main.go b/fosite-example/main.go
index 302ea7264..4e43423bd 100644
--- a/fosite-example/main.go
+++ b/fosite-example/main.go
@@ -13,7 +13,7 @@ import (
 	"github.com/ory-am/fosite/client"
 	hmac "github.com/ory-am/fosite/enigma/hmac"
 	jwt "github.com/ory-am/fosite/enigma/jwt"
-	"github.com/ory-am/fosite/fosite-example/store"
+	exampleStore "github.com/ory-am/fosite/fosite-example/store"
 	coreclient "github.com/ory-am/fosite/handler/core/client"
 	"github.com/ory-am/fosite/handler/core/explicit"
 	"github.com/ory-am/fosite/handler/core/implicit"
@@ -25,7 +25,7 @@ import (
 	"golang.org/x/oauth2/clientcredentials"
 )
 
-var store = &store.Store{
+var store = &exampleStore.Store{
 	Clients: map[string]client.Client{
 		"my-client": &client.SecureClient{
 			ID:           "my-client",
@@ -33,7 +33,7 @@ var store = &store.Store{
 			RedirectURIs: []string{"http://localhost:3846/callback"},
 		},
 	},
-	Users: map[string]store.UserRelation{
+	Users: map[string]exampleStore.UserRelation{
 		"peter": {
 			Username: "peter",
 			Password: "foobar",
diff --git a/handler/core/strategy/hmacsha.go b/handler/core/strategy/hmacsha.go
index f36aeb4c2..16a19e688 100644
--- a/handler/core/strategy/hmacsha.go
+++ b/handler/core/strategy/hmacsha.go
@@ -13,25 +13,25 @@ type HMACSHAStrategy struct {
 }
 
 func (h HMACSHAStrategy) GenerateAccessToken(_ context.Context, _ *http.Request, requester fosite.Requester) (token string, signature string, err error) {
-	return h.Enigma.Generate(requester.GetClient().GetHashedSecret())
+	return h.Enigma.Generate()
 }
 
 func (h HMACSHAStrategy) ValidateAccessToken(_ context.Context, token string, _ *http.Request, requester fosite.Requester) (signature string, err error) {
-	return h.Enigma.Validate(requester.GetClient().GetHashedSecret(), token)
+	return h.Enigma.Validate(token)
 }
 
 func (h HMACSHAStrategy) GenerateRefreshToken(_ context.Context, _ *http.Request, requester fosite.Requester) (token string, signature string, err error) {
-	return h.Enigma.Generate(requester.GetClient().GetHashedSecret())
+	return h.Enigma.Generate()
 }
 
 func (h HMACSHAStrategy) ValidateRefreshToken(_ context.Context, token string, _ *http.Request, requester fosite.Requester) (signature string, err error) {
-	return h.Enigma.Validate(requester.GetClient().GetHashedSecret(), token)
+	return h.Enigma.Validate(token)
 }
 
 func (h HMACSHAStrategy) GenerateAuthorizeCode(_ context.Context, _ *http.Request, requester fosite.Requester) (token string, signature string, err error) {
-	return h.Enigma.Generate(requester.GetClient().GetHashedSecret())
+	return h.Enigma.Generate()
 }
 
 func (h HMACSHAStrategy) ValidateAuthorizeCode(_ context.Context, token string, _ *http.Request, requester fosite.Requester) (signature string, err error) {
-	return h.Enigma.Validate(requester.GetClient().GetHashedSecret(), token)
+	return h.Enigma.Validate(token)
 }
diff --git a/integration/basic_test.go b/integration/basic_test.go
index 920e9100f..869c903cd 100644
--- a/integration/basic_test.go
+++ b/integration/basic_test.go
@@ -2,20 +2,12 @@ package integration_test
 
 import (
 	"net/http"
-	"os"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-func TestMain(m *testing.M) {
-
-	retCode := m.Run()
-
-	os.Exit(retCode)
-}
-
 func TestBasic(t *testing.T) {
 	f := newFosite()
 	ts := mockServer(t, f, nil)
diff --git a/integration/client_credentials_grant_test.go b/integration/client_credentials_grant_test.go
new file mode 100644
index 000000000..b89d6015d
--- /dev/null
+++ b/integration/client_credentials_grant_test.go
@@ -0,0 +1,83 @@
+package integration_test
+
+import (
+	"testing"
+
+	"github.com/ory-am/fosite/handler/core"
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/oauth2"
+	"github.com/stretchr/testify/require"
+	"github.com/ory-am/fosite/handler/core/owner"
+)
+
+func TestClientCredentialsFlow(t *testing.T) {
+	for _, strategy := range []core.AccessTokenStrategy{
+		hmacStrategy,
+	} {
+		runClientCredentialsFlowTest(t, strategy)
+	}
+}
+
+func runClientCredentialsFlowTest(t *testing.T, strategy core.AccessTokenStrategy) {
+	f := newFosite()
+	ts := mockServer(t, f, nil)
+	defer ts.Close()
+
+	oauthClient := newOAuth2Client(ts)
+	var username string
+	var password string
+	for k, c := range []struct {
+		description string
+		setup       func()
+		err         bool
+	}{
+		{
+			description: "should fail because handler not registered",
+			setup:       func() {},
+			err:         true,
+		},
+		{
+			description: "should fail because unknown client",
+			setup: func() {
+				f.TokenEndpointHandlers.Append(&owner.ResourceOwnerPasswordCredentialsGrantHandler{
+					AccessTokenStrategy: strategy,
+					Store:               fositeStore,
+					AccessTokenLifespan: accessTokenLifespan,
+				})
+			},
+			err:         true,
+		},
+		{
+			description: "should fail because user does not exist",
+			setup: func() {
+				username = "not-existent"
+				password = "wrong"
+			},
+			err:         true,
+		},
+		{
+			description: "should fail because wrong credentials",
+			setup: func() {
+				username = "peter"
+				password = "wrong"
+			},
+			err:         true,
+		},
+		{
+			description: "should pass",
+			setup: func() {
+				username = "peter"
+				password = "foobar"
+			},
+		},
+	} {
+		c.setup()
+
+		token, err := oauthClient.PasswordCredentialsToken(oauth2.NoContext, username, password)
+		require.Equal(t, c.err, err != nil, "(%d) %s\n%s\n%s", k, c.description, c.err, err)
+		if !c.err {
+			assert.NotEmpty(t, token.AccessToken, "(%d) %s\n%s", k, c.description, token)
+		}
+		t.Logf("Passed test case %d", k)
+	}
+}
diff --git a/integration/client_credentials_flow_test.go b/integration/resource_owner_password_credentials_grant_test.go
similarity index 87%
rename from integration/client_credentials_flow_test.go
rename to integration/resource_owner_password_credentials_grant_test.go
index c8ad86ce9..8c9da4766 100644
--- a/integration/client_credentials_flow_test.go
+++ b/integration/resource_owner_password_credentials_grant_test.go
@@ -7,19 +7,19 @@ import (
 	"github.com/ory-am/fosite/handler/core/client"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/oauth2"
-"golang.org/x/oauth2/clientcredentials"
-"github.com/stretchr/testify/require"
+	"golang.org/x/oauth2/clientcredentials"
+	"github.com/stretchr/testify/require"
 )
 
-func TestClientCredentialsFlow(t *testing.T) {
+func TestResourceOwnerPasswordCredentialsGrant(t *testing.T) {
 	for _, strategy := range []core.AccessTokenStrategy{
 		hmacStrategy,
 	} {
-		runClientCredentialsFlowTest(t, strategy)
+		runResourceOwnerPasswordCredentialsGrantTest(t, strategy)
 	}
 }
 
-func runClientCredentialsFlowTest(t *testing.T, strategy core.AccessTokenStrategy) {
+func runResourceOwnerPasswordCredentialsGrantTest(t *testing.T, strategy core.AccessTokenStrategy) {
 	f := newFosite()
 	ts := mockServer(t, f, nil)
 	defer ts.Close()