public async Task CanRemoveExternalLogin() { // Arrange var principals = new List <ClaimsPrincipal>(); void ConfigureTestServices(IServiceCollection services) => services .SetupTestThirdPartyLogin() .SetupGetUserClaimsPrincipal(user => principals.Add(user), IdentityConstants.ApplicationScheme); var server = ServerFactory .WithWebHostBuilder(whb => whb.ConfigureTestServices(ConfigureTestServices)); var client = server.CreateClient(); var guid = Guid.NewGuid(); var userName = $"{guid}"; var email = $"{guid}@example.com"; // Act var index = await UserStories.RegisterNewUserAsync(client, email, "!TestPassword1"); var linkLogin = await UserStories.LinkExternalLoginAsync(index, email); await UserStories.RemoveExternalLoginAsync(linkLogin, email); // RefreshSignIn generates a new security stamp claim AssertClaimsNotEqual(principals[0], principals[1], "AspNet.Identity.SecurityStamp"); }