diff --git a/framework/core/tests/integration/AuthenticatedTestCase.php b/framework/core/tests/integration/AuthenticatedTestCase.php
deleted file mode 100644
index 3f2ce4e5f..000000000
--- a/framework/core/tests/integration/AuthenticatedTestCase.php
+++ /dev/null
@@ -1,72 +0,0 @@
-<?php
-
-/*
- * This file is part of Flarum.
- *
- * For detailed copyright and license information, please view the
- * LICENSE file that was distributed with this source code.
- */
-
-namespace Flarum\Tests\integration;
-
-use Carbon\Carbon;
-use Flarum\Api\ApiKey;
-use Illuminate\Support\Str;
-use Psr\Http\Message\ServerRequestInterface;
-
-abstract class AuthenticatedTestCase extends TestCase
-{
-    use RetrievesAuthorizedUsers;
-
-    protected function genKey(int $user_id = null): ApiKey
-    {
-        return ApiKey::unguarded(function () use ($user_id) {
-            return ApiKey::query()->firstOrCreate([
-                'key'        => Str::random(),
-                'user_id'    => $user_id,
-                'created_at' => Carbon::now()
-            ]);
-        });
-    }
-
-    /**
-     * Build an authenticated HTTP request that can be passed through middleware.
-     *
-     * This method simplifies building HTTP request for use in our HTTP-level
-     * integration tests. It provides options for all features repeatedly being
-     * used in those tests.
-     *
-     * @param string $method
-     * @param string $path
-     * @param array $options
-     *   An array of optional request properties.
-     *   Currently supported:
-     *   - "json" should point to a JSON-serializable object that will be
-     *     serialized and used as request body. The corresponding Content-Type
-     *     header will be set automatically.
-     *   - "cookiesFrom" should hold a response object from a previous HTTP
-     *     interaction. All cookies returned from the server in that response
-     *     (via the "Set-Cookie" header) will be copied to the cookie params of
-     *     the new request.
-     * @param int $userId Which user should be emulated? User ID 1 will return a
-     * user with admin perms unless this has been modified in your test case.
-     * @return ServerRequestInterface
-     */
-    protected function authenticatedRequest(string $method, string $path, array $options = [], int $userId = 1): ServerRequestInterface
-    {
-        $request = $this->request($method, $path, $options);
-
-        $this->prepareDatabase([
-            'users' => [
-                $this->adminUser(),
-                $this->normalUser(),
-            ],
-        ]);
-
-        if (! isset($this->key)) {
-            $this->key = $this->genKey();
-        }
-
-        return $request->withAddedHeader('Authorization', "Token {$this->key->key}; userId=$userId");
-    }
-}
diff --git a/framework/core/tests/integration/BuildsHttpRequests.php b/framework/core/tests/integration/BuildsHttpRequests.php
index d0a21b61c..09704de8b 100644
--- a/framework/core/tests/integration/BuildsHttpRequests.php
+++ b/framework/core/tests/integration/BuildsHttpRequests.php
@@ -10,6 +10,7 @@
 namespace Flarum\Tests\integration;
 
 use Dflydev\FigCookies\SetCookie;
+use Flarum\Http\AccessToken;
 use Laminas\Diactoros\CallbackStream;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -30,6 +31,14 @@ trait BuildsHttpRequests
             );
     }
 
+    protected function requestAsUser(Request $req, int $userId): Request
+    {
+        $token = AccessToken::generate($userId);
+        $token->save();
+
+        return $req->withAddedHeader('Authorization', "Token {$token->token}");
+    }
+
     protected function requestWithCookiesFrom(Request $req, Response $previous): Request
     {
         $cookies = array_reduce(
diff --git a/framework/core/tests/integration/TestCase.php b/framework/core/tests/integration/TestCase.php
index 65af8cdca..6e99a778e 100644
--- a/framework/core/tests/integration/TestCase.php
+++ b/framework/core/tests/integration/TestCase.php
@@ -143,6 +143,9 @@ abstract class TestCase extends \PHPUnit\Framework\TestCase
      *   - "json" should point to a JSON-serializable object that will be
      *     serialized and used as request body. The corresponding Content-Type
      *     header will be set automatically.
+     *   - "authenticatedAs" should identify an *existing* user by ID. This will
+     *     cause an access token to be created for this user, which will be used
+     *     to authenticate the request via the "Authorization" header.
      *   - "cookiesFrom" should hold a response object from a previous HTTP
      *     interaction. All cookies returned from the server in that response
      *     (via the "Set-Cookie" header) will be copied to the cookie params of
@@ -160,6 +163,13 @@ abstract class TestCase extends \PHPUnit\Framework\TestCase
             );
         }
 
+        // Authenticate as a given user
+        if (isset($options['authenticatedAs'])) {
+            $request = $this->requestAsUser(
+                $request, $options['authenticatedAs']
+            );
+        }
+
         // Let's copy the cookies from a previous response
         if (isset($options['cookiesFrom'])) {
             $request = $this->requestWithCookiesFrom(