I have an ASP.NET Web API project using .NET 6. This project uses openiddict 4 to validate client's bearer tokens using introspection. I also have an event handler that will call another endpoint on the identity server to get extra claims that are needed for the authorization policies.
The current integration tests work only if [Authorize] attributes are commented on the controller methods.
I know that if I would have had the identity provider in the same project I could have made in a fixture some calls to login to actually login the http client used for the test. But in this scenario I'm not sure how to approach the problem.
Obviously I would like the tests to not make actual calls to the identity server but have a method to authenticate and authorize the user to also make sure that the authorization does it's job
How would one go about creating integration test for this scenario?
