public async Task WhenEncryptionKeyIsNullOrEmpty_DoesNotEncryptHMACSecretInDatabase(string nullOrEmpty) { using (var sut = new MongoDbClientStore( new MongoDatabaseClientProvider(Database), _collectionName, nullOrEmpty, _migrator, _signatureAlgorithmDataRecordConverter)) { var hmac = new HMACSignatureAlgorithm("s3cr3t", HashAlgorithmName.SHA384); var client = new Client( "c1", "app one", hmac, TimeSpan.FromMinutes(1), TimeSpan.FromMinutes(2), RequestTargetEscaping.RFC2396, new Claim("company", "Dalion"), new Claim("scope", "HttpMessageSigning")); await sut.Register(client); var collection = Database.GetCollection <ClientDataRecordV2>(_collectionName); var findResult = await collection.FindAsync <ClientDataRecordV2>(new ExpressionFilterDefinition <ClientDataRecordV2>(r => r.Id == client.Id)); var loaded = await findResult.SingleAsync(); loaded.SignatureAlgorithm.Parameter.Should().NotBeNullOrEmpty(); var unencryptedKey = Encoding.UTF8.GetString(hmac.Key); loaded.SignatureAlgorithm.Parameter.Should().Be(unencryptedKey); loaded.SignatureAlgorithm.IsParameterEncrypted.Should().BeFalse(); } }