diff --git a/EnvelopeGenerator.API/Program.cs b/EnvelopeGenerator.API/Program.cs
index a3da64df..b97c2d99 100644
--- a/EnvelopeGenerator.API/Program.cs
+++ b/EnvelopeGenerator.API/Program.cs
@@ -240,19 +240,16 @@ try
     });
 
     builder.Services.AddAuthorizationBuilder()
-        .AddPolicy(AuthPolicy.SenderOrReceiver, policy =>
-            policy.RequireRole(Role.Sender, Role.Receiver.Full))
-        .AddPolicy(AuthPolicy.Sender, policy =>
-            policy.RequireRole(Role.Sender))
-        // Per-envelope policy: uses the dedicated EnvelopeReceiverJwt scheme so it
-        // never conflicts with the default JwtBearer scheme.
-        .AddPolicy(AuthPolicy.Receiver, policy =>
-            policy
-                .AddAuthenticationSchemes(EnvelopeReceiverScheme)
-                .RequireAuthenticatedUser()
+        .AddPolicy(AuthPolicy.SenderOrReceiver, policy => policy.RequireRole(Role.Sender, Role.Receiver.Full))
+
+        .AddPolicy(AuthPolicy.Sender, policy => policy.RequireRole(Role.Sender))
+
+        .AddPolicy(AuthPolicy.Receiver, policy => policy
+            .AddAuthenticationSchemes(EnvelopeReceiverScheme)
+            .RequireAuthenticatedUser()
             .RequireRole(Role.Receiver.Full, "receiver"))
-        .AddPolicy(AuthPolicy.ReceiverTFA, policy =>
-            policy.RequireRole(Role.Receiver.TFA));
+
+        .AddPolicy(AuthPolicy.ReceiverTFA, policy => policy.RequireRole(Role.Receiver.TFA));
 
     // User manager
 #pragma warning disable CS0618 // Type or member is obsolete