public async Task GetRefreshToken_should_get_from_existing_jwt_token() { // given string existingRefreshToken = "a fake GUID"; var expectedToken = new UserRefreshToken() { Email = "test@localhost", CreationDate = DateTime.UtcNow.AddDays(-1), IpAddress = "1.0.0.0", JwtToken = "jwt token", RefreshToken = existingRefreshToken }; _refreshTokenRepository .GetRefreshToken(existingRefreshToken) .Returns(expectedToken); _tokenHandler .ValidateToken(expectedToken.JwtToken, _jwtTokenValidationParameters, out Arg.Any <SecurityToken>()) .Returns(x => { var adminClaim = new Claim(ClaimTypes.Role, AdminRoleDefinition.Name); var claimsList = new List <Claim>() { adminClaim }; var fakeJwtSecurityToken = new JwtSecurityToken(claims: claimsList); x[2] = fakeJwtSecurityToken; // set the out (3rd parameter) of ValidateToken() return(new ClaimsPrincipal()); }); // when var userRefreshToken = await _service.GetExistingRefreshToken(existingRefreshToken); // then userRefreshToken.ShouldNotBeNull(); userRefreshToken.Email.ShouldBe(expectedToken.Email); }