Is it possible to replace an existing scheme?

[srollinet]

Hi!

In my application, I have multiple authentication schemes, and the endpoints require specific schemes using the Authorize attribute [Authorize(AuthenticationSchemes = "Bearer")]

So in my integration tests, I don't need to add a new fake scheme, but to replace an existing one.

If I call AddFakeJwtBearer using the "Bearer" scheme I get an exception because it is already registered.

I found a way to replace the "Bearer" handler. It works, but it feels quite hacky :)

    private static void AddFakeJwtBearer(IServiceCollection services)
    {
        // Unfortunately, we can't replace the handler directly. It throws an exception because the Bearer scheme is already registered
        // So we first add a new scheme, then replace the handler of the "Bearer" scheme with the fake one
        
        const string fakeBearerScheme = "_FakeBearer";
        services.AddAuthentication().AddFakeJwtBearer(fakeBearerScheme, _ => { });
        services.PostConfigure<AuthenticationOptions>(options =>
        {
            var fakeAuthType = options.SchemeMap[fakeBearerScheme].HandlerType;
            options.SchemeMap["Bearer"].HandlerType = fakeAuthType;
        });
    }

Do you know if there is a better way to do it?

[DOMZE]

AuthenticationSchemes need to be unique. Is there a reason why you're also adding another authentication scheme named "Bearer" authentication scheme along with the FakeBearer one when testing?

If you want to use "Bearer" as the scheme name but want to use this library, use the overloads available to you when using the AddFakeJwtBearer extension method

[srollinet]

The real "Bearer" auth scheme is added from the configuration

In my program class, I setup the auth using the method without any parameter

builder.Services.AddAuthentication("Bearer")
    .AddJwtBearer();

And the configuration is read from the appsettings.json file

  "Authentication": {
    "Schemes": {
      "Bearer": {
        "Authority": "xxxxx",
        "ValidAudiences": ["xxxxx"]
      }
    }

Usually, in the integration tests, I can override the settings on the IWebHostBuilder example:

builder.UseSetting("NotificationApi:BaseUrl", WireMockServer.Url);

But unfortunately, as the authentication config is an object I haven't found a way to override it or to unset it.

So the only working alternative I found is to add the fake scheme with a temporary name and then use it to get the FakeJwtBearerHandler (which is internal) and use it to override the HandlerType of the Bearer scheme