From 4572e20c51d79c65e6b6c40037a6f4ef3f3b290a Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Tue, 16 Jun 2026 16:32:53 +0200
Subject: [PATCH] Restrict Logout method to Sender auth scheme

The `[Authorize]` attribute on the `Logout` method in the
`AuthController` class was updated to use the
`AuthenticationSchemes = AuthScheme.Sender` instead of the
`Policy = AuthPolicy.SenderOrReceiver`. This change narrows
the authorization requirement, ensuring only users under the
`Sender` authentication scheme can access the `Logout`
functionality.
---
 EnvelopeGenerator.API/Controllers/AuthController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/EnvelopeGenerator.API/Controllers/AuthController.cs b/EnvelopeGenerator.API/Controllers/AuthController.cs
index b6044216..56e710d8 100644
--- a/EnvelopeGenerator.API/Controllers/AuthController.cs
+++ b/EnvelopeGenerator.API/Controllers/AuthController.cs
@@ -40,7 +40,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions,
     /// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
     [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
-    [Authorize(Policy = AuthPolicy.SenderOrReceiver)]
+    [Authorize(AuthenticationSchemes = AuthScheme.Sender)]
     [HttpPost("logout")]
     public async Task<IActionResult> Logout()
     {