Testing applications that require authorization presents a unique set of challenges, especially when it comes to simulating different user permissions. Using an actual authorization server and manually creating test users with specific roles and claims can quickly become cumbersome when trying to cover a wide range of permission combinations. Another option is to use libraries like fake-authentication-jwtbearer, but these libraries have a significant drawback. They replace the actual authorization logic, so we are not testing what will actually be used on production. ... Read More