//[Fact]
        //public async Task Authenticated_User_Missing_Scopes_Should_Be_Forbidden()
        //{
        //    var principal = Principal.Create("custom",
        //        new Claim("sub", "123"));
        //    var allowedScopes = new[] { "scope1", "scope2" };

        //    var client = CreateClient(principal, allowedScopes);
        //    var response = await client.GetAsync("/");

        //    response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
        //}

        //[Fact]
        //public async Task Authenticated_User_Matching_Scope_Should_Be_Allowed()
        //{
        //    var principal = Principal.Create("custom",
        //        new Claim("sub", "123"),
        //        new Claim("scope", "scope1"));
        //    var allowedScopes = new[] { "scope1", "scope2" };

        //    var client = CreateClient(principal, allowedScopes);
        //    var response = await client.GetAsync("/");

        //    response.StatusCode.Should().Be(HttpStatusCode.OK);
        //}

        private HttpClient CreateClient(ClaimsPrincipal principal1, ClaimsPrincipal principal2, bool automaticAuthenticate, IEnumerable <string> allowedScopes, string scopeAuthenticationScheme)
        {
            var options = new ScopeValidationOptions
            {
                AllowedScopes        = allowedScopes,
                AuthenticationScheme = scopeAuthenticationScheme
            };

            var startup = new MultipleAuthenticationStartup(principal1, principal2, automaticAuthenticate, options);
            var server  = new TestServer(new WebHostBuilder()
                                         .Configure(startup.Configure)
                                         .ConfigureServices(startup.ConfigureServices));

            return(server.CreateClient());
        }
        //[Fact]
        //public async Task Authenticated_User_Missing_Scopes_Should_Be_Forbidden()
        //{
        //    var principal = Principal.Create("custom",
        //        new Claim("sub", "123"));
        //    var allowedScopes = new[] { "scope1", "scope2" };

        //    var client = CreateClient(principal, allowedScopes);
        //    var response = await client.GetAsync("/");

        //    response.StatusCode.Should().Be(HttpStatusCode.Forbidden);
        //}

        //[Fact]
        //public async Task Authenticated_User_Matching_Scope_Should_Be_Allowed()
        //{
        //    var principal = Principal.Create("custom",
        //        new Claim("sub", "123"),
        //        new Claim("scope", "scope1"));
        //    var allowedScopes = new[] { "scope1", "scope2" };

        //    var client = CreateClient(principal, allowedScopes);
        //    var response = await client.GetAsync("/");

        //    response.StatusCode.Should().Be(HttpStatusCode.OK);
        //}

        private HttpClient CreateClient(ClaimsPrincipal principal1, ClaimsPrincipal principal2, bool automaticAuthenticate, IEnumerable<string> allowedScopes, string scopeAuthenticationScheme)
        {
            var options = new ScopeValidationOptions
            {
                AllowedScopes = allowedScopes,
                AuthenticationScheme = scopeAuthenticationScheme
            };

            var startup = new MultipleAuthenticationStartup(principal1, principal2, automaticAuthenticate, options);
            var server = TestServer.Create(null, startup.Configure, startup.ConfigureServices);

            return server.CreateClient();
        }