From 248f5974048695b8c210e136ec3e07c32b94d7b9 Mon Sep 17 00:00:00 2001
From: Roeland Lutters <Roeland.lutters@telenet.be>
Date: Wed, 22 Mar 2023 06:41:35 +0100
Subject: [PATCH] Remove deprecated AddJwtAuthorization extensions (#438)

Co-authored-by: Roeland Lutters <Roeland.Lutters@codit.eu>
---
 .../Extensions/FilterCollectionExtensions.cs  |  97 -----
 .../JwtTokenAuthorizationFilterTests.cs       | 360 ------------------
 .../FilterCollectionExtensionsTests.cs        | 111 ------
 3 files changed, 568 deletions(-)
 delete mode 100644 src/Arcus.WebApi.Security/Authorization/Extensions/FilterCollectionExtensions.cs
 delete mode 100644 src/Arcus.WebApi.Tests.Unit/Security/Authorization/FilterCollectionExtensionsTests.cs

diff --git a/src/Arcus.WebApi.Security/Authorization/Extensions/FilterCollectionExtensions.cs b/src/Arcus.WebApi.Security/Authorization/Extensions/FilterCollectionExtensions.cs
deleted file mode 100644
index 24aa45d9..00000000
--- a/src/Arcus.WebApi.Security/Authorization/Extensions/FilterCollectionExtensions.cs
+++ /dev/null
@@ -1,97 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using Arcus.WebApi.Security.Authorization;
-using GuardNet;
-using Microsoft.Extensions.DependencyInjection;
-
-// ReSharper disable once CheckNamespace
-namespace Microsoft.AspNetCore.Mvc.Filters
-{
-    /// <summary>
-    /// Extensions on the <see cref="FilterCollection"/> related to authorization.
-    /// </summary>
-    public static partial class FilterCollectionExtensions
-    {
-        /// <summary>
-        /// Adds JWT token authorization to the MVC <see cref="FilterCollection"/>.
-        /// </summary>
-        /// <param name="filters">All filters that are being applied to the request pipeline</param>
-        /// <exception cref="ArgumentNullException">Thrown when the <paramref name="filters"/> is <c>null</c>.</exception>
-        [Obsolete("Use the " + nameof(MvcOptionsExtensions.AddJwtTokenAuthorizationFilter) + " instead via the services.AddControllers(options => options." + nameof(MvcOptionsExtensions.AddJwtTokenAuthorizationFilter) + "())")]
-        public static FilterCollection AddJwtTokenAuthorization(this FilterCollection filters)
-        {
-            Guard.NotNull(filters, nameof(filters), "Requires a filter collection to add the JWT token authorization filter");
-
-            return filters.AddJwtTokenAuthorization(configureOptions: null);
-        }
-
-        /// <summary>
-        /// Adds JWT token authorization to the MVC <see cref="FilterCollection"/>.
-        /// </summary>
-        /// <param name="filters">All filters that are being applied to the request pipeline</param>
-        /// <param name="configureOptions">Configuration options for using JWT token authorization</param>
-        /// <exception cref="ArgumentNullException">Thrown when the <paramref name="filters"/> is <c>null</c>.</exception>
-        [Obsolete("Use the " + nameof(MvcOptionsExtensions.AddJwtTokenAuthorizationFilter) + " instead via the services.AddControllers(options => options." + nameof(MvcOptionsExtensions.AddJwtTokenAuthorizationFilter) + "(...))")]
-        public static FilterCollection AddJwtTokenAuthorization(
-            this FilterCollection filters, 
-            Action<JwtTokenAuthorizationOptions> configureOptions)
-        {
-            Guard.NotNull(filters, nameof(filters), "Requires a filter collection to add the JWT token authorization filter");
-
-            var options = new JwtTokenAuthorizationOptions();
-            configureOptions?.Invoke(options);
-            filters.Add(new JwtTokenAuthorizationFilter(options));
-
-            return filters;
-        }
-        /// <summary>
-        /// Adds JWT token authorization
-        /// </summary>
-        /// <param name="filters">All filters that are being applied to the request pipeline</param>
-        /// <param name="claimCheck">Custom claims key-value pair to validate against</param>
-        /// <exception cref="ArgumentNullException">Thrown when the <paramref name="claimCheck"/> is <c>null</c>.</exception>
-        /// <exception cref="ArgumentException">Thrown when the <paramref name="claimCheck"/> doesn't have any entries or one of the entries has blank key/value inputs.</exception>
-        [Obsolete("Use the " + nameof(MvcOptionsExtensions.AddJwtTokenAuthorizationFilter) + " instead via the services.AddControllers(options => options." + nameof(MvcOptionsExtensions.AddJwtTokenAuthorizationFilter) + "(...))")]
-        public static FilterCollection AddJwtTokenAuthorization(
-            this FilterCollection filters,
-            IDictionary<string, string> claimCheck)
-        {
-            Guard.NotNull(filters, nameof(filters), "Requires a filter collection to add the JWT token authorization filter");
-            Guard.NotNull(claimCheck, nameof(claimCheck), "Requires a set of claim checks to verify the claims request JWT");
-            Guard.NotAny(claimCheck, nameof(claimCheck), "Requires at least one entry in the set of claim checks to verify the claims in the request JWT");
-            Guard.For<ArgumentException>(() => claimCheck.Any(item => String.IsNullOrWhiteSpace(item.Key) || String.IsNullOrWhiteSpace(item.Value)), 
-                "Requires all entries in the set of claim checks to be non-blank to correctly verify the claims in the request JWT");
-
-            AddJwtTokenAuthorization(filters, configureOptions: null, claimCheck: claimCheck);
-
-            return filters;
-        }
-
-        /// <summary>
-        /// Adds JWT token authorization
-        /// </summary>
-        /// <param name="filters">All filters that are being applied to the request pipeline</param>
-        /// <param name="configureOptions">Configuration options for using JWT token authorization</param>
-        /// <param name="claimCheck">Custom claims key-value pair to validate against</param>
-        /// <exception cref="ArgumentNullException">Thrown when the <paramref name="claimCheck"/> is <c>null</c>.</exception>
-        /// <exception cref="ArgumentException">Thrown when the <paramref name="claimCheck"/> doesn't have any entries or one of the entries has blank key/value inputs.</exception>
-        [Obsolete("Use the " + nameof(MvcOptionsExtensions.AddJwtTokenAuthorizationFilter) + " instead via the services.AddControllers(options => options." + nameof(MvcOptionsExtensions.AddJwtTokenAuthorizationFilter) + "(...))")]
-        public static FilterCollection AddJwtTokenAuthorization(
-            this FilterCollection filters,
-            Action<JwtTokenAuthorizationOptions> configureOptions, IDictionary<string, string> claimCheck)
-        {
-            Guard.NotNull(filters, nameof(filters), "Requires a filter collection to add the JWT token authorization filter");
-            Guard.NotNull(claimCheck, nameof(claimCheck), "Requires a set of claim checks to verify the claims request JWT");
-            Guard.NotAny(claimCheck, nameof(claimCheck), "Requires at least one entry in the set of claim checks to verify the claims in the request JWT");
-            Guard.For<ArgumentException>(() => claimCheck.Any(item => String.IsNullOrWhiteSpace(item.Key) || String.IsNullOrWhiteSpace(item.Value)), 
-                "Requires all entries in the set of claim checks to be non-blank to correctly verify the claims in the request JWT");
-
-            var options = new JwtTokenAuthorizationOptions(claimCheck);
-            configureOptions?.Invoke(options);
-            filters.Add(new JwtTokenAuthorizationFilter(options));
-
-            return filters;
-        }
-    }
-}
\ No newline at end of file
diff --git a/src/Arcus.WebApi.Tests.Integration/Security/Authorization/JwtTokenAuthorizationFilterTests.cs b/src/Arcus.WebApi.Tests.Integration/Security/Authorization/JwtTokenAuthorizationFilterTests.cs
index 687e9262..61e87dc5 100644
--- a/src/Arcus.WebApi.Tests.Integration/Security/Authorization/JwtTokenAuthorizationFilterTests.cs
+++ b/src/Arcus.WebApi.Tests.Integration/Security/Authorization/JwtTokenAuthorizationFilterTests.cs
@@ -43,41 +43,6 @@ public JwtTokenAuthorizationFilterTests(ITestOutputHelper outputWriter)
             _logger = new XunitTestLogger(outputWriter);
         }
 
-        [Fact]
-        public async Task GetHealthWithCorrectBearerToken_WithAzureManagedIdentityAuthorizationOnFilters_ReturnsOk()
-        {
-            // Arrange
-            string issuer = _bogusGenerator.Internet.Url();
-            string authority = _bogusGenerator.Internet.Url();
-            string privateKey = GenerateRandomPrivateKey();
-
-            await using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_logger))
-            {
-                var options = new TestApiServerOptions()
-                    .ConfigureServices(services =>
-                    {
-                        TokenValidationParameters tokenValidationParameters = testOpenIdServer.GenerateTokenValidationParametersWithValidAudience(issuer, authority, privateKey);
-                        var reader = new JwtTokenReader(tokenValidationParameters, testOpenIdServer.OpenIdAddressConfiguration);
-                        services.AddMvc(opt => opt.Filters.AddJwtTokenAuthorization(jwt => jwt.JwtTokenReader = reader));
-                    });
-                
-                await using (var testApiServer = await TestApiServer.StartNewAsync(options, _logger))
-                {
-                    string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, daysValid: 7);
-                    var request = HttpRequestBuilder
-                        .Get(HealthController.GetRoute)
-                        .WithHeader(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);
-
-                    // Act
-                    using (HttpResponseMessage response = await testApiServer.SendAsync(request))
-                    {
-                        // Assert
-                        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-                    }
-                }
-            }
-        }
-
         [Fact]
         public async Task GetHealthWithCorrectBearerToken_WithAzureManagedIdentityAuthorization_ReturnsOk()
         {
@@ -113,32 +78,6 @@ public async Task GetHealthWithCorrectBearerToken_WithAzureManagedIdentityAuthor
             }
         }
 
-        [Fact]
-        public async Task GetHealthWithCorrectBearerToken_WithNullReaderAzureManagedIdentityAuthorizationOnFilters_ReturnsOk()
-        {
-            // Arrange
-            var options = new TestApiServerOptions()
-                .ConfigureServices(services =>
-                {
-                    services.AddMvc(opt =>
-                    {
-                        opt.Filters.AddJwtTokenAuthorization(jwt => jwt.AddJwtTokenReader(serviceProvider => null));
-                    });
-                });
-
-            await using (var server = await TestApiServer.StartNewAsync(options, _logger))
-            {
-                var request = HttpRequestBuilder.Get(HealthController.GetRoute);
-                
-                // Act
-                using (HttpResponseMessage response = await server.SendAsync(request))
-                {
-                    // Assert
-                    Assert.Equal(HttpStatusCode.InternalServerError, response.StatusCode);
-                }
-            }
-        }
-
         [Fact]
         public async Task GetHealthWithCorrectBearerToken_WithNullReaderAzureManagedIdentityAuthorization_ReturnsOk()
         {
@@ -165,44 +104,6 @@ public async Task GetHealthWithCorrectBearerToken_WithNullReaderAzureManagedIden
             }
         }
 
-        [Fact]
-        public async Task GetHealthWithCorrectBearerToken_WithLazyAzureManagedIdentityAuthorizationOnFilters_ReturnsOk()
-        {
-            // Arrange
-            string issuer = _bogusGenerator.Internet.Url();
-            string authority = _bogusGenerator.Internet.Url();
-            string privateKey = GenerateRandomPrivateKey();
-
-            await using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_logger))
-            {
-                TokenValidationParameters validationParameters = testOpenIdServer.GenerateTokenValidationParametersWithValidAudience(issuer, authority, privateKey);
-                var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration);
-                var options = new TestApiServerOptions()
-                    .ConfigureServices(services =>
-                    {
-                        services.AddMvc(opt =>
-                        {
-                            opt.Filters.AddJwtTokenAuthorization(jwt => jwt.AddJwtTokenReader(serviceProvider => reader));
-                        });
-                    });
-                
-                await using (var testApiServer = await TestApiServer.StartNewAsync(options, _logger))
-                {
-                    string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, daysValid: 7);
-                    var request = HttpRequestBuilder
-                        .Get(HealthController.GetRoute)
-                        .WithHeader(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);
-
-                    // Act
-                    using (HttpResponseMessage response = await testApiServer.SendAsync(request))
-                    {
-                        // Assert
-                        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-                    }
-                }
-            }
-        }
-
         [Fact]
         public async Task GetHealthWithCorrectBearerToken_WithLazyAzureManagedIdentityAuthorization_ReturnsOk()
         {
@@ -241,35 +142,6 @@ public async Task GetHealthWithCorrectBearerToken_WithLazyAzureManagedIdentityAu
             }
         }
 
-        [Fact]
-        public async Task GetHealthWithCorrectBearerToken_WithInjectedAzureManagedIdentityAuthorizationOnFilters_ReturnsOk()
-        {
-            // Arrange
-            var options = new TestApiServerOptions()
-                .ConfigureServices(services =>
-                {
-                    services.AddMvc(opt =>
-                    {
-                        opt.Filters.AddJwtTokenAuthorization(jwt => jwt.AddJwtTokenReader<IgnoredJwtTokenReader>());
-                    });
-                });
-            
-            await using (var server = await TestApiServer.StartNewAsync(options, _logger))
-            {
-                var accessToken = $"Bearer {_bogusGenerator.Random.AlphaNumeric(10)}.{_bogusGenerator.Random.AlphaNumeric(50)}.{_bogusGenerator.Random.AlphaNumeric(40)}";
-                var request = HttpRequestBuilder
-                    .Get(HealthController.GetRoute)
-                    .WithHeader(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);
-
-                // Act
-                using (HttpResponseMessage response = await server.SendAsync(request))
-                {
-                    // Assert
-                    Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-                }
-            }
-        }
-
         [Fact]
         public async Task GetHealthWithCorrectBearerToken_WithInjectedAzureManagedIdentityAuthorization_ReturnsOk()
         {
@@ -299,45 +171,6 @@ public async Task GetHealthWithCorrectBearerToken_WithInjectedAzureManagedIdenti
             }
         }
 
-        [Fact]
-        public async Task GetHealthWithIncorrectBearerToken_WithAzureManagedIdentityAuthorizationOnFilters_ReturnsUnauthorized()
-        {
-            // Arrange
-            string issuer = _bogusGenerator.Internet.Url();
-            string authority = _bogusGenerator.Internet.Url();
-            string privateKey = GenerateRandomPrivateKey();
-
-            await using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_logger))
-            {
-                TokenValidationParameters validationParameters = testOpenIdServer.GenerateTokenValidationParametersWithValidAudience(issuer, authority, privateKey);
-                var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration);
-
-                var options = new TestApiServerOptions()
-                    .ConfigureServices(services =>
-                    {
-                        services.AddMvc(opt =>
-                        {
-                            opt.Filters.AddJwtTokenAuthorization(jwt => jwt.JwtTokenReader = reader);
-                        });
-                    });
-
-                await using (var testApiServer = await TestApiServer.StartNewAsync(options, _logger))
-                {
-                    var accessToken = $"Bearer {_bogusGenerator.Random.AlphaNumeric(10)}.{_bogusGenerator.Random.AlphaNumeric(50)}.{_bogusGenerator.Random.AlphaNumeric(40)}";
-                    var request = HttpRequestBuilder
-                        .Get(HealthController.GetRoute)
-                        .WithHeader(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);
-
-                    // Act
-                    using (HttpResponseMessage response = await testApiServer.SendAsync(request))
-                    {
-                        // Assert
-                        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
-                    }
-                }
-            }
-        }
-
         [Fact]
         public async Task GetHealthWithIncorrectBearerToken_WithAzureManagedIdentityAuthorization_ReturnsUnauthorized()
         {
@@ -377,29 +210,6 @@ public async Task GetHealthWithIncorrectBearerToken_WithAzureManagedIdentityAuth
             }
         }
 
-        [Fact]
-        public async Task GetHealthWithIncorrectBase64BearerToken_WithAzureManagedIdentityAuthorizationOnFilters_ReturnsUnauthorized()
-        {
-            // Arrange
-            var options = new TestApiServerOptions()
-                .ConfigureServices(services => services.AddMvc(opt => opt.Filters.AddJwtTokenAuthorization()));
-            
-            await using (var server = await TestApiServer.StartNewAsync(options, _logger))
-            {
-                string accessToken = $"Bearer {_bogusGenerator.Random.AlphaNumeric(10)}.{_bogusGenerator.Random.AlphaNumeric(50)}";
-                var request = HttpRequestBuilder
-                    .Get(HealthController.GetRoute)
-                    .WithHeader(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);
-
-                // Act
-                using (HttpResponseMessage response = await server.SendAsync(request))
-                {
-                    // Assert
-                    Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
-                }
-            }
-        }
-
         [Fact]
         public async Task GetHealthWithIncorrectBase64BearerToken_WithAzureManagedIdentityAuthorization_ReturnsUnauthorized()
         {
@@ -423,48 +233,6 @@ public async Task GetHealthWithIncorrectBase64BearerToken_WithAzureManagedIdenti
             }
         }
 
-        [Fact]
-        public async Task GetHealthWithCorrectBearerToken_WithIncorrectAzureManagedIdentityAuthorizationOnFilters_ReturnsUnauthorized()
-        {
-            // Arrange
-            string issuer = _bogusGenerator.Internet.Url();
-            string authority = _bogusGenerator.Internet.Url();
-            string privateKey = GenerateRandomPrivateKey();
-
-            await using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_logger))
-            {
-                var validationParameters = new TokenValidationParameters
-                {
-                    ValidateAudience = false,
-                    ValidateIssuer = false,
-                    ValidateIssuerSigningKey = true,
-                    ValidateLifetime = true
-                };
-
-                var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration);
-                var options = new TestApiServerOptions()
-                    .ConfigureServices(services =>
-                    {
-                        services.AddMvc(opt => opt.Filters.AddJwtTokenAuthorization(jwt => jwt.JwtTokenReader = reader));
-                    });
-
-                await using (var testApiServer = await TestApiServer.StartNewAsync(options, _logger))
-                {
-                    string accessToken = testOpenIdServer.RequestSecretToken(issuer, authority, privateKey, daysValid: 7);
-                    var request = HttpRequestBuilder
-                        .Get(HealthController.GetRoute)
-                        .WithHeader(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);
-
-                    // Act
-                    using (HttpResponseMessage response = await testApiServer.SendAsync(request))
-                    {
-                        // Assert
-                        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
-                    }
-                }
-            }
-        }
-
         [Fact]
         public async Task GetHealthWithCorrectBearerToken_WithIncorrectAzureManagedIdentityAuthorization_ReturnsUnauthorized()
         {
@@ -507,44 +275,6 @@ public async Task GetHealthWithCorrectBearerToken_WithIncorrectAzureManagedIdent
             }
         }
 
-        [Fact]
-        public async Task GetHealthWithoutBearerToken_WithIncorrectAzureManagedIdentityAuthorizationOnFilters_ReturnsUnauthorized()
-        {
-            // Arrange
-            await using (var testOpenIdServer = await TestOpenIdServer.StartNewAsync(_logger))
-            {
-                var validationParameters = new TokenValidationParameters
-                {
-                    ValidateAudience = false,
-                    ValidateIssuer = false,
-                    ValidateIssuerSigningKey = true,
-                    ValidateLifetime = true
-                };
-                var reader = new JwtTokenReader(validationParameters, testOpenIdServer.OpenIdAddressConfiguration);
-
-                var options = new TestApiServerOptions()
-                    .ConfigureServices(services =>
-                    {
-                        services.AddMvc(opt =>
-                        {
-                            opt.Filters.AddJwtTokenAuthorization(jwt => jwt.JwtTokenReader = reader);
-                        });
-                    });
-
-                await using (var testApiServer = await TestApiServer.StartNewAsync(options, _logger))
-                {
-                    var request = HttpRequestBuilder.Get(HealthController.GetRoute);
-
-                    // Act
-                    using (HttpResponseMessage response = await testApiServer.SendAsync(request))
-                    {
-                        // Assert
-                        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
-                    }
-                }
-            }
-        }
-
         [Fact]
         public async Task GetHealthWithoutBearerToken_WithIncorrectAzureManagedIdentityAuthorization_ReturnsUnauthorized()
         {
@@ -583,29 +313,6 @@ public async Task GetHealthWithoutBearerToken_WithIncorrectAzureManagedIdentityA
             }
         }
 
-        [Theory]
-        [InlineData(BypassOnMethodController.JwtRoute)]
-        [InlineData(BypassJwtTokenAuthorizationController.BypassOverAuthorizationRoute)]
-        [InlineData(BypassOnMethodController.AllowAnonymousRoute)]
-        public async Task JwtAuthorizedRoute_WithBypassAttributeOnFilters_SkipsAuthorization(string route)
-        {
-            // Arrange
-            var options = new TestApiServerOptions()
-                .ConfigureServices(services => services.AddMvc(opt => opt.Filters.AddJwtTokenAuthorization()));
-
-            await using (var server = await TestApiServer.StartNewAsync(options, _logger))
-            {
-                var request = HttpRequestBuilder.Get(route);
-
-                // Act
-                using (HttpResponseMessage response = await server.SendAsync(request))
-                {
-                    // Assert
-                    Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-                }
-            }
-        }
-
         [Theory]
         [InlineData(BypassOnMethodController.JwtRoute)]
         [InlineData(BypassJwtTokenAuthorizationController.BypassOverAuthorizationRoute)]
@@ -628,37 +335,6 @@ public async Task JwtAuthorizedRoute_WithBypassAttribute_SkipsAuthorization(stri
                 }
             }
         }
-        
-        [Fact]
-        public async Task JwtAuthorizedRoute_DoesntEmitSecurityEventsByDefaultOnFilters_RunsAuthorization()
-        {
-            // Arrange
-            var spySink = new InMemorySink();
-            var options = new TestApiServerOptions()
-                .ConfigureServices(services => services.AddMvc(opt => opt.Filters.AddJwtTokenAuthorization()))
-                .ConfigureHost(host => host.UseSerilog((context, config) => config.WriteTo.Sink(spySink)));
-            
-            await using (var server = await TestApiServer.StartNewAsync(options, _logger))
-            {
-                string accessToken = $"Bearer {_bogusGenerator.Random.AlphaNumeric(10)}.{_bogusGenerator.Random.AlphaNumeric(50)}";
-                var request = HttpRequestBuilder
-                    .Get(HealthController.GetRoute)
-                    .WithHeader(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);
-
-                // Act
-                using (HttpResponseMessage response = await server.SendAsync(request))
-                {
-                    // Assert
-                    Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
-                    IEnumerable<LogEvent> logEvents = spySink.DequeueLogEvents();
-                    Assert.DoesNotContain(logEvents, logEvent =>
-                    {
-                        string message = logEvent.RenderMessage();
-                        return message.Contains("EventType") && message.Contains("Security");
-                    });
-                }
-            }
-        }
 
         [Fact]
         public async Task JwtAuthorizedRoute_DoesntEmitSecurityEventsByDefault_RunsAuthorization()
@@ -690,42 +366,6 @@ public async Task JwtAuthorizedRoute_DoesntEmitSecurityEventsByDefault_RunsAutho
                 }
             }
         }
-        
-        [Theory]
-        [InlineData(false)]
-        [InlineData(true)]
-        public async Task JwtAuthorizedRoute_EmitSecurityEventsWhenRequestedOnFilters_RunsAuthorization(bool emitSecurityEvents)
-        {
-            // Arrange
-            var spySink = new InMemorySink();
-            var options = new TestApiServerOptions()
-                .ConfigureServices(services =>
-                {
-                    services.AddMvc(opt => opt.Filters.AddJwtTokenAuthorization(jwt => jwt.EmitSecurityEvents = emitSecurityEvents));
-                })
-                .ConfigureHost(host => host.UseSerilog((context, config) => config.WriteTo.Sink(spySink)));
-            
-            await using (var server = await TestApiServer.StartNewAsync(options, _logger))
-            {
-                string accessToken = $"Bearer {_bogusGenerator.Random.AlphaNumeric(10)}.{_bogusGenerator.Random.AlphaNumeric(50)}";
-                var request = HttpRequestBuilder
-                    .Get(HealthController.GetRoute)
-                    .WithHeader(JwtTokenAuthorizationOptions.DefaultHeaderName, accessToken);
-
-                // Act
-                using (HttpResponseMessage response = await server.SendAsync(request))
-                {
-                    // Assert
-                    Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
-                    IEnumerable<LogEvent> logEvents = spySink.DequeueLogEvents();
-                    Assert.True(emitSecurityEvents == logEvents.Any(logEvent =>
-                    {
-                        string message = logEvent.RenderMessage();
-                        return message.Contains("EventType") && message.Contains("Security");
-                    }));
-                }
-            }
-        }
 
         [Theory]
         [InlineData(false)]
diff --git a/src/Arcus.WebApi.Tests.Unit/Security/Authorization/FilterCollectionExtensionsTests.cs b/src/Arcus.WebApi.Tests.Unit/Security/Authorization/FilterCollectionExtensionsTests.cs
deleted file mode 100644
index 44a1bc73..00000000
--- a/src/Arcus.WebApi.Tests.Unit/Security/Authorization/FilterCollectionExtensionsTests.cs
+++ /dev/null
@@ -1,111 +0,0 @@
-using System;
-using System.Collections.Generic;
-using Microsoft.AspNetCore.Mvc.Filters;
-using Xunit;
-
-// Ignore obsolete warnings.
-#pragma warning disable CS0618
-
-namespace Arcus.WebApi.Tests.Unit.Security.Authorization
-{
-    public class FilterCollectionExtensionsTests
-    {
-        [Fact]
-        public void AddJwtTokenAuthorization_WithOptionsWithoutClaimCheck_Fails()
-        {
-            // Arrange
-            var filters = new FilterCollection();
-
-            // Act / Assert
-            Assert.ThrowsAny<ArgumentException>(
-                () => filters.AddJwtTokenAuthorization(claimCheck: null, configureOptions: options => { }));
-        }
-
-        [Fact]
-        public void AddJwtTokenAuthorization_WithOptionsWithEmptyClaimCheck_Fails()
-        {
-            // Arrange
-            var filters = new FilterCollection();
-            var claimCheck = new Dictionary<string, string>();
-
-            // Act / Assert
-            Assert.ThrowsAny<ArgumentException>(
-                () => filters.AddJwtTokenAuthorization(claimCheck: claimCheck, configureOptions: options => { }));
-        }
-
-        [Theory]
-        [ClassData(typeof(Blanks))]
-        public void AddJwtTokenAuthorization_WithOptionsWithBlankKeyInClaimCheck_Fails(string key)
-        {
-            // Arrange
-            var filters = new FilterCollection();
-            var claimCheck = new Dictionary<string, string> { [key ?? ""] = "some value" };
-
-            // Act / Assert
-            Assert.ThrowsAny<ArgumentException>(
-                () => filters.AddJwtTokenAuthorization(claimCheck: claimCheck, configureOptions: options => { }));
-        }
-
-        [Theory]
-        [ClassData(typeof(Blanks))]
-        public void AddJwtTokenAuthorization_WithOptionsWithBlankValueInClaimCheck_Fails(string value)
-        {
-            // Arrange
-            var filters = new FilterCollection();
-            var claimCheck = new Dictionary<string, string> { ["some key"] = value };
-
-            // Act / Assert
-            Assert.ThrowsAny<ArgumentException>(
-                () => filters.AddJwtTokenAuthorization(claimCheck: claimCheck, configureOptions: options => { }));
-        }
-
-        [Fact]
-        public void AddJwtTokenAuthorization_WithoutClaimCheck_Fails()
-        {
-            // Arrange
-            var filters = new FilterCollection();
-
-            // Act / Assert
-            Assert.ThrowsAny<ArgumentException>(
-                () => filters.AddJwtTokenAuthorization(claimCheck: null));
-        }
-
-        [Fact]
-        public void AddJwtTokenAuthorization_WithEmptyClaimCheck_Fails()
-        {
-            // Arrange
-            var filters = new FilterCollection();
-            var claimCheck = new Dictionary<string, string>();
-
-            // Act / Assert
-            Assert.ThrowsAny<ArgumentException>(
-                () => filters.AddJwtTokenAuthorization(claimCheck));
-        }
-
-        [Theory]
-        [ClassData(typeof(Blanks))]
-        public void AddJwtTokenAuthorization_WithBlankKeyInClaimCheck_Fails(string key)
-        {
-            // Arrange
-            var filters = new FilterCollection();
-            var claimCheck = new Dictionary<string, string> { [key ?? ""] = "some value" };
-
-            // Act / Assert
-            Assert.ThrowsAny<ArgumentException>(
-                () => filters.AddJwtTokenAuthorization(claimCheck));
-        }
-
-        [Theory]
-        [ClassData(typeof(Blanks))]
-        public void AddJwtTokenAuthorization_WithBlankValueInClaimCheck_Fails(string value)
-        {
-            // Arrange
-            var filters = new FilterCollection();
-            var claimCheck = new Dictionary<string, string> { ["some key"] = value };
-
-            // Act / Assert
-            Assert.ThrowsAny<ArgumentException>(
-                () => filters.AddJwtTokenAuthorization(claimCheck));
-        }
-    }
-}