public void Recovery_withSecondaryAgent() { var alias = Alias(); var member = tokenClient.CreateMemberBlocking(alias); var memberId = member.MemberId(); var primaryAgentId = member.GetDefaultAgentBlocking(); var secondaryAgent = tokenClient.CreateMemberBlocking(Alias()); var unusedSecondaryAgent = tokenClient.CreateMemberBlocking(Alias()); member.AddRecoveryRuleBlocking(new RecoveryRule { PrimaryAgent = primaryAgentId, SecondaryAgents = { secondaryAgent.MemberId(), unusedSecondaryAgent.MemberId() } }); var cryptoEngine = new TokenCryptoEngine(memberId, new InMemoryKeyStore()); var key = cryptoEngine.GenerateKey(Privileged); var verificationId = tokenClient.BeginRecoveryBlocking(alias); var authorization = new Authorization { MemberId = memberId, MemberKey = key, PrevHash = member.GetLastHashBlocking() }; var signature = secondaryAgent.AuthorizeRecoveryBlocking(authorization); var op1 = tokenClient.GetRecoveryAuthorizationBlocking(verificationId, "code", key); var op2 = new MemberRecoveryOperation { Authorization = authorization, AgentSignature = signature }; var recovered = tokenClient.CompleteRecoveryBlocking( memberId, new[] { op1, op2 }, key, cryptoEngine); Assert.Equal(member.MemberId(), recovered.MemberId()); Assert.Equal(3, recovered.GetKeysBlocking().Count); Assert.Empty(recovered.GetAliasesBlocking()); Assert.False(tokenClient.AliasExistsBlocking(alias)); recovered.VerifyAliasBlocking(verificationId, "code"); Assert.True(tokenClient.AliasExistsBlocking(alias)); CollectionAssert.Equivalent(new[] { alias.ToNormalized() }, recovered.GetAliasesBlocking()); }