public async Task should_get_jwt_token() { // given string currentJwtToken = "jwt token"; var adminClaim = new Claim(ClaimTypes.Role, AdminRoleDefinition.Name); var claimsList = new List <Claim>() { adminClaim }; var fakeJwtSecurityToken = new JwtSecurityToken(claims: claimsList); _tokenHandler .ValidateToken(currentJwtToken, _jwtTokenValidationParameters, out Arg.Any <SecurityToken>()) .Returns(x => { x[2] = fakeJwtSecurityToken; // set the out (3rd parameter) of ValidateToken() return(new ClaimsPrincipal()); }); // when JwtSecurityToken jwtSecurityToken = _service.GetJwtSecurityToken(currentJwtToken); // then jwtSecurityToken.ShouldNotBeNull(); var actualClaim = jwtSecurityToken.Claims.FirstOrDefault(); actualClaim.ShouldNotBeNull(); actualClaim.Type.ShouldBe(adminClaim.Type); actualClaim.Value.ShouldBe(adminClaim.Value); }