diff --git a/CHANGELOG.md b/CHANGELOG.md
index fec8041..7a09ed3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-Nothing yet.
+### Added
+
+- Some integration tests.
+
+### Fixed
+
+- EventBus Mediator is now public.
+- API key expiration.
 
 ## [3.0.1] - 2024-12-23
 
diff --git a/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/PostgreSQL/ApiKeyPostgresIntegrationTests.cs b/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/PostgreSQL/ApiKeyPostgresIntegrationTests.cs
index 0602df2..0cadc55 100644
--- a/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/PostgreSQL/ApiKeyPostgresIntegrationTests.cs
+++ b/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/PostgreSQL/ApiKeyPostgresIntegrationTests.cs
@@ -195,6 +195,35 @@ public async Task Given_TenantId_When_LoadAsync_Then_CorrectResults(bool found,
     }
   }
 
+  [Fact(DisplayName = "SaveAsync: it should remove an API key role.")]
+  public async Task Given_ApiKeyWithRole_When_SaveAsync_Then_RoleRemoved()
+  {
+    Role role = new(new UniqueName(new UniqueNameSettings(), "admin"));
+    await _roleRepository.SaveAsync(role);
+
+    ApiKey apiKey = new(new DisplayName("Test"), _secret);
+    apiKey.AddRole(role);
+
+    await _apiKeyRepository.SaveAsync(apiKey);
+
+    ApiKeyEntity? entity = await IdentityContext.ApiKeys.AsNoTracking()
+      .Include(x => x.Roles)
+      .SingleOrDefaultAsync();
+    Assert.NotNull(entity);
+    Assert.Equal(apiKey.Id.Value, entity.StreamId);
+    Assert.Equal(role.Id.Value, Assert.Single(entity.Roles).StreamId);
+
+    apiKey.RemoveRole(role);
+    await _apiKeyRepository.SaveAsync(apiKey);
+
+    entity = await IdentityContext.ApiKeys.AsNoTracking()
+      .Include(x => x.Roles)
+      .SingleOrDefaultAsync();
+    Assert.NotNull(entity);
+    Assert.Equal(apiKey.Id.Value, entity.StreamId);
+    Assert.Empty(entity.Roles);
+  }
+
   [Fact(DisplayName = "SaveAsync: it should save the API key correctly.")]
   public async Task Given_ApiKey_When_SaveAsync_Then_SavedCorrectly()
   {
diff --git a/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/PostgreSQL/UserPostgresIntegrationTests.cs b/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/PostgreSQL/UserPostgresIntegrationTests.cs
index eb6c502..7ce60fa 100644
--- a/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/PostgreSQL/UserPostgresIntegrationTests.cs
+++ b/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/PostgreSQL/UserPostgresIntegrationTests.cs
@@ -299,6 +299,35 @@ public async Task Given_TenantIdUniqueName_When_LoadAsync_Then_CorrectResult(str
     }
   }
 
+  [Fact(DisplayName = "SaveAsync: it should remove an API key role.")]
+  public async Task Given_ApiKeyWithRole_When_SaveAsync_Then_RoleRemoved()
+  {
+    Role role = new(new UniqueName(new UniqueNameSettings(), "admin"));
+    await _roleRepository.SaveAsync(role);
+
+    User user = new(new UniqueName(new UniqueNameSettings(), Faker.Person.UserName));
+    user.AddRole(role);
+
+    await _userRepository.SaveAsync(user);
+
+    UserEntity? entity = await IdentityContext.Users.AsNoTracking()
+      .Include(x => x.Roles)
+      .SingleOrDefaultAsync();
+    Assert.NotNull(entity);
+    Assert.Equal(user.Id.Value, entity.StreamId);
+    Assert.Equal(role.Id.Value, Assert.Single(entity.Roles).StreamId);
+
+    user.RemoveRole(role);
+    await _userRepository.SaveAsync(user);
+
+    entity = await IdentityContext.Users.AsNoTracking()
+      .Include(x => x.Roles)
+      .SingleOrDefaultAsync();
+    Assert.NotNull(entity);
+    Assert.Equal(user.Id.Value, entity.StreamId);
+    Assert.Empty(entity.Roles);
+  }
+
   [Fact(DisplayName = "SaveAsync: it should save the user correctly.")]
   public async Task Given_User_When_SaveAsync_Then_SavedCorrectly()
   {
diff --git a/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/SqlServer/ApiKeySqlServerIntegrationTests.cs b/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/SqlServer/ApiKeySqlServerIntegrationTests.cs
index 33ca4a0..ffb3470 100644
--- a/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/SqlServer/ApiKeySqlServerIntegrationTests.cs
+++ b/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/SqlServer/ApiKeySqlServerIntegrationTests.cs
@@ -195,6 +195,35 @@ public async Task Given_TenantId_When_LoadAsync_Then_CorrectResults(bool found,
     }
   }
 
+  [Fact(DisplayName = "SaveAsync: it should remove an API key role.")]
+  public async Task Given_ApiKeyWithRole_When_SaveAsync_Then_RoleRemoved()
+  {
+    Role role = new(new UniqueName(new UniqueNameSettings(), "admin"));
+    await _roleRepository.SaveAsync(role);
+
+    ApiKey apiKey = new(new DisplayName("Test"), _secret);
+    apiKey.AddRole(role);
+
+    await _apiKeyRepository.SaveAsync(apiKey);
+
+    ApiKeyEntity? entity = await IdentityContext.ApiKeys.AsNoTracking()
+      .Include(x => x.Roles)
+      .SingleOrDefaultAsync();
+    Assert.NotNull(entity);
+    Assert.Equal(apiKey.Id.Value, entity.StreamId);
+    Assert.Equal(role.Id.Value, Assert.Single(entity.Roles).StreamId);
+
+    apiKey.RemoveRole(role);
+    await _apiKeyRepository.SaveAsync(apiKey);
+
+    entity = await IdentityContext.ApiKeys.AsNoTracking()
+      .Include(x => x.Roles)
+      .SingleOrDefaultAsync();
+    Assert.NotNull(entity);
+    Assert.Equal(apiKey.Id.Value, entity.StreamId);
+    Assert.Empty(entity.Roles);
+  }
+
   [Fact(DisplayName = "SaveAsync: it should save the API key correctly.")]
   public async Task Given_ApiKey_When_SaveAsync_Then_SavedCorrectly()
   {
diff --git a/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/SqlServer/UserSqlServerIntegrationTests.cs b/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/SqlServer/UserSqlServerIntegrationTests.cs
index 84136c1..1194aad 100644
--- a/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/SqlServer/UserSqlServerIntegrationTests.cs
+++ b/tests/Logitar.Identity.IntegrationTests/EntityFrameworkCore/SqlServer/UserSqlServerIntegrationTests.cs
@@ -299,6 +299,35 @@ public async Task Given_TenantIdUniqueName_When_LoadAsync_Then_CorrectResult(str
     }
   }
 
+  [Fact(DisplayName = "SaveAsync: it should remove an API key role.")]
+  public async Task Given_ApiKeyWithRole_When_SaveAsync_Then_RoleRemoved()
+  {
+    Role role = new(new UniqueName(new UniqueNameSettings(), "admin"));
+    await _roleRepository.SaveAsync(role);
+
+    User user = new(new UniqueName(new UniqueNameSettings(), Faker.Person.UserName));
+    user.AddRole(role);
+
+    await _userRepository.SaveAsync(user);
+
+    UserEntity? entity = await IdentityContext.Users.AsNoTracking()
+      .Include(x => x.Roles)
+      .SingleOrDefaultAsync();
+    Assert.NotNull(entity);
+    Assert.Equal(user.Id.Value, entity.StreamId);
+    Assert.Equal(role.Id.Value, Assert.Single(entity.Roles).StreamId);
+
+    user.RemoveRole(role);
+    await _userRepository.SaveAsync(user);
+
+    entity = await IdentityContext.Users.AsNoTracking()
+      .Include(x => x.Roles)
+      .SingleOrDefaultAsync();
+    Assert.NotNull(entity);
+    Assert.Equal(user.Id.Value, entity.StreamId);
+    Assert.Empty(entity.Roles);
+  }
+
   [Fact(DisplayName = "SaveAsync: it should save the user correctly.")]
   public async Task Given_User_When_SaveAsync_Then_SavedCorrectly()
   {