fix 401 loop hell

API/ROLAC.API/Program.cs

@@ -21,10 +21,10 @@ builder.Services.AddDbContext<AppDbContext>((sp, opt) =>
        .AddInterceptors(sp.GetRequiredService<AuditSaveChangesInterceptor>()));
 
 // ---------------------------------------------------------------------------
-// Identity
+// Identity (API-only — no cookie auth; JWT is the default scheme)
 // ---------------------------------------------------------------------------
 builder.Services
-    .AddIdentity<AppUser, AppRole>(opt =>
+    .AddIdentityCore<AppUser>(opt =>
     {
         opt.Password.RequiredLength         = 8;
         opt.Password.RequireDigit           = true;
@@ -32,8 +32,8 @@ builder.Services
         opt.Password.RequireLowercase       = true;
         opt.Password.RequireNonAlphanumeric = true;
         opt.User.RequireUniqueEmail         = true;
-        opt.SignIn.RequireConfirmedAccount  = false;
     })
+    .AddRoles<AppRole>()
     .AddEntityFrameworkStores<AppDbContext>()
     .AddDefaultTokenProviders();
 
@@ -44,11 +44,7 @@ var jwtKey = config["Jwt:SecretKey"]
     ?? throw new InvalidOperationException("Jwt:SecretKey is not configured.");
 
 builder.Services
-    .AddAuthentication(opt =>
-    {
-        opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
-        opt.DefaultChallengeScheme    = JwtBearerDefaults.AuthenticationScheme;
-    })
+    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
     .AddJwtBearer(opt =>
     {
         opt.TokenValidationParameters = new TokenValidationParameters