diff --git a/DigitalData.Auth.Tests/Client/AuthClientTests.cs b/DigitalData.Auth.Tests/Client/AuthClientTests.cs
index f1cdb85..10a0e29 100644
--- a/DigitalData.Auth.Tests/Client/AuthClientTests.cs
+++ b/DigitalData.Auth.Tests/Client/AuthClientTests.cs
@@ -8,6 +8,7 @@ using DigitalData.Core.Security.RSAKey;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Options;
 
 namespace DigitalData.Auth.Tests.Client;
 
@@ -19,7 +20,9 @@ public class AuthClientTests
 
     private Func<Action<ClientParams>, ServiceProvider> Build;
 
-    private WebApplication? _app = null;
+    private WebApplication? _app;
+
+    private int _port;
 
     private readonly Queue<IAsyncDisposable> _disposableAsync = new();
 
@@ -35,16 +38,46 @@ public class AuthClientTests
         }
     }
 
-    private readonly IEnumerable<RSATokenDescriptor> _tokenDescriptors =
-    [
-        new()
+    private static IEnumerable<RSATokenDescriptor> CreatetokenDescriptors()
+    {
+        return [
+            new()
+            {
+                Issuer = "Foo",
+                Audience = "Bar",
+                Lifetime = new TimeSpan(1, 0, 0),
+                Content = Instance.RSAFactory.CreatePrivateKeyPem()
+            }
+        ];
+    }
+
+    private WebApplication CreateWebApplication(int port)
+    {
+        // Create builder and add SignalR service
+        var builder = WebApplication.CreateBuilder();
+        builder.Services.AddSignalR();
+        builder.Services.AddCryptoFactory(new CryptoFactoryParams()
         {
-            Issuer = "Foo",
-            Audience = "Bar",
-            Lifetime = new TimeSpan(1, 0, 0),
-            Content = Instance.RSAFactory.CreatePrivateKeyPem()
-        }
-    ];
+            PemDirectory = "/",
+            Decryptors = [new RSADecryptor()],
+            TokenDescriptors = CreatetokenDescriptors()
+        });
+        builder.Services.AddMemoryCache();
+
+        // Listen AvailablePort and map hub
+        var app = builder.Build();
+        var url = $"http://localhost:{port}";
+        var hubRoute = "/auth-hub";
+        _hubUrl = url + hubRoute;
+        app.Urls.Add(url);
+        app.MapHub<AuthHub>(hubRoute);
+        app.Start();
+        _disposableAsync.Enqueue(app);
+        return app;
+    }
+
+    private static CryptoFactoryParams GetCryptoFactoryParamsOf(WebApplication application) => application
+        .Services.GetRequiredService<IOptions<CryptoFactoryParams>>().Value;
 
     [SetUp]
     public void Setup()
@@ -61,27 +94,8 @@ public class AuthClientTests
         };
 
         // Create and run test server
-        // Create builder and add SignalR service
-        var builder = WebApplication.CreateBuilder();
-        builder.Services.AddSignalR();
-        builder.Services.AddCryptoFactory(new CryptoFactoryParams()
-        {
-            PemDirectory = "/",
-            Decryptors = [new RSADecryptor()],
-            TokenDescriptors = _tokenDescriptors
-        });
-        builder.Services.AddMemoryCache();
-
-        // Listen AvailablePort and map hub
-        var _app = builder.Build();
-        var url = $"http://localhost:{AvailablePort}";
-        var hubRoute = "/auth-hub";
-        _hubUrl = url + hubRoute;
-        _app.Urls.Add(url);
-        _app.MapHub<AuthHub>(hubRoute);
-        _app.Start();
-
-        _disposableAsync.Enqueue(_app);
+        _port = AvailablePort;
+        _app = CreateWebApplication(_port);
     }
 
     [TearDown]
@@ -169,8 +183,10 @@ public class AuthClientTests
             opt.OnMessageReceived += (client, issuer, audience, key, logger) => publicKey = key;
         });
         var client = provider.GetRequiredService<IAuthClient>();
-        await client.StartAsync();        
-        var expectedPublicKey = _tokenDescriptors.Get("Foo", "Bar").PublicKey.Content;
+        await client.StartAsync();
+
+        
+        var expectedPublicKey = GetCryptoFactoryParamsOf(_app).TokenDescriptors.Get("Foo", "Bar").PublicKey.Content;
 
         // Act
         await client.GetPublicKeyAsync("Foo", "Bar");
@@ -200,7 +216,7 @@ public class AuthClientTests
         await client.StartAsync();
         
         // Act
-        var expectedPublicKey = _tokenDescriptors.Get("Foo", "Bar").PublicKey;
+        var expectedPublicKey = GetCryptoFactoryParamsOf(_app).TokenDescriptors.Get("Foo", "Bar").PublicKey;
 
         // wait for network
         await Task.Delay(2000);
@@ -208,4 +224,38 @@ public class AuthClientTests
         // Assert
         Assert.That(publicKey.Content, Is.EqualTo(expectedPublicKey.Content));
     }
+
+    [Test]
+    public async Task Reconnected_ShouldUpdateAllPublicKey()
+    {
+        // Arrange
+        var publicKey = new AsymmetricPublicKey() { Issuer = "Foo", Audience = "Bar" };
+        var provider = Build(opt =>
+        {
+            opt.Url = _hubUrl;
+            opt.PublicKeys.Add(publicKey);
+            opt.RetryDelay = new TimeSpan(0, 0, 1);
+        });
+        var client = provider.GetRequiredService<IAuthClient>();
+        await client.StartAsync();
+
+        // Act
+        CancellationToken cancellationToken = default;
+        await _app.StopAsync(cancellationToken);
+        _app = null;
+
+        var newApp = CreateWebApplication(_port);
+
+        var expectedPublicKey = GetCryptoFactoryParamsOf(newApp).TokenDescriptors.Get("Foo", "Bar").PublicKey;
+
+        // wait for network
+        await Task.Delay(5000);
+
+        // Assert
+        Assert.Multiple(() =>
+        {
+            Assert.That(cancellationToken.IsCancellationRequested, Is.False);
+            Assert.That(publicKey.Content, Is.EqualTo(expectedPublicKey.Content));
+        });
+    }
 }
\ No newline at end of file