From a6e174e7c13de8f9f1a0d3c50dc14c033d8f65cd Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Wed, 10 Jun 2026 17:14:46 +0200
Subject: [PATCH] Refactor JWT auth scheme configuration

Replaced hardcoded per-envelope receiver JWT auth scheme string with a new `AuthScheme` static class containing a `Receiver` constant. Updated `Program.cs` to use `AuthScheme.Receiver` for authentication and policy configuration. Removed redundant comments and unused constants. Added necessary `using` directive for `AuthScheme`.
---
 EnvelopeGenerator.API/AuthScheme.cs | 12 ++++++++++++
 EnvelopeGenerator.API/Program.cs    |  8 +++-----
 2 files changed, 15 insertions(+), 5 deletions(-)
 create mode 100644 EnvelopeGenerator.API/AuthScheme.cs

diff --git a/EnvelopeGenerator.API/AuthScheme.cs b/EnvelopeGenerator.API/AuthScheme.cs
new file mode 100644
index 00000000..5f2a2699
--- /dev/null
+++ b/EnvelopeGenerator.API/AuthScheme.cs
@@ -0,0 +1,12 @@
+namespace EnvelopeGenerator.API;
+
+/// <summary>
+/// 
+/// </summary>
+public static class AuthScheme
+{
+    /// <summary>
+    /// Scheme name used for per-envelope receiver JWT authentication.
+    /// </summary>
+    public const string Receiver = "EnvelopeGenerator.API.EnvelopeReceiverJwt";
+}
diff --git a/EnvelopeGenerator.API/Program.cs b/EnvelopeGenerator.API/Program.cs
index b97c2d99..fdcbd4c0 100644
--- a/EnvelopeGenerator.API/Program.cs
+++ b/EnvelopeGenerator.API/Program.cs
@@ -21,6 +21,7 @@ using EnvelopeGenerator.API.Options;
 using NLog.Web;
 using NLog;
 using DigitalData.Auth.Claims;
+using EnvelopeGenerator.API;
 
 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Info("Logging initialized!");
@@ -130,9 +131,6 @@ try
 
     var authTokenKeys = config.GetOrDefault<AuthTokenKeys>();
 
-    // Scheme name used for per-envelope receiver JWT authentication.
-    const string EnvelopeReceiverScheme = "EnvelopeReceiverJwt";
-
     builder.Services.AddAuthentication(options =>
     {
         options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
@@ -176,7 +174,7 @@ try
         // last path segment of the request URL.
         // This enables simultaneous authentication for multiple envelopes
         // within the same browser session.
-        .AddJwtBearer(EnvelopeReceiverScheme, opt =>
+        .AddJwtBearer(AuthScheme.Receiver, opt =>
         {
             opt.TokenValidationParameters = new TokenValidationParameters
             {
@@ -245,7 +243,7 @@ try
         .AddPolicy(AuthPolicy.Sender, policy => policy.RequireRole(Role.Sender))
 
         .AddPolicy(AuthPolicy.Receiver, policy => policy
-            .AddAuthenticationSchemes(EnvelopeReceiverScheme)
+            .AddAuthenticationSchemes(AuthScheme.Receiver)
             .RequireAuthenticatedUser()
             .RequireRole(Role.Receiver.Full, "receiver"))