PKCE Polish & Cleanup

Author: mckaragoz

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Components/Layout/MainLayout.razor

@@ -1,8 +1,6 @@
 @using CodeBeam.UltimateAuth.Core.Abstractions
 @using CodeBeam.UltimateAuth.Server.Infrastructure
 @inherits LayoutComponentBase
-@inject IUAuthHubContextInitializer HubContextInitializer
-@inject UAuthHubContextAccessor HubContextAccessor
 
 <UAuthClientProvider />
 <MudThemeProvider />

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Components/Layout/MainLayout.razor.cs

@@ -2,12 +2,6 @@
 {
     public partial class MainLayout
     {
-        protected override async Task OnAfterRenderAsync(bool firstRender)
-        {
-            if (firstRender)
-            {
-                await HubContextInitializer.EnsureInitializedAsync();
-            }
-        }
+        
     }
 }

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Components/Pages/Home.razor

@@ -3,6 +3,7 @@
 @using CodeBeam.UltimateAuth.Client
 @using CodeBeam.UltimateAuth.Client.Authentication
 @using CodeBeam.UltimateAuth.Client.Diagnostics
+@using CodeBeam.UltimateAuth.Client.Utilities
 @using CodeBeam.UltimateAuth.Core.Abstractions
 @using CodeBeam.UltimateAuth.Core.Contracts
 @using CodeBeam.UltimateAuth.Core.Domain
@@ -13,12 +14,12 @@
 @using CodeBeam.UltimateAuth.Server.Services
 @using CodeBeam.UltimateAuth.Server.Stores
 @inject IUAuthStateManager StateManager
-@inject IHubFlowStateReader HubStateReader
+@inject IHubFlowReader HubFlowReader
+@inject IHubCredentialResolver HubCredentialResolver
 @inject IAuthStore AuthStore
-@inject UAuthHubContextAccessor HubContextAccessor
+@inject IBrowserStorage BrowserStorage
 @inject IUAuthFlowService<UserId> Flow
 @inject ISnackbar Snackbar
-@inject ISessionQueryService<UserId> SessionQuery
 @inject IFlowCredentialResolver CredentialResolver
 @inject IUAuthClient UAuthClient
 @inject NavigationManager Nav
@@ -29,7 +30,15 @@
 
 <div class="uauth-page d-flex align-center justify-center">
     <MudStack Class="uauth-stack">
-        <UALoginForm @ref="_form" Identifier="@_username" Secret="@_password" LoginType="UAuthLoginType.Pkce" HubContextAccessor="@HubContextAccessor">
+        @if (_state == null || !_state.IsActive)
+        {
+            <MudText>
+                This page cannot be accessed directly. 
+                UAuthHub login flows can only be initiated by an authorized client application.
+            </MudText>
+            return;
+        }
+        <UALoginForm Identifier="@_username" Secret="@_password" LoginType="UAuthLoginType.Pkce">
             <MudStack>
                 <MudText Typo="Typo.h4">Welcome to UltimateAuth!</MudText>
                 <MudTextField @bind-Value="@_username" Variant="Variant.Outlined" Label="Username" Immediate="true" HelperText="Default: Admin" />
@@ -48,15 +57,12 @@
         </MudStack>
 
         <MudStack Spacing="0">
-            <MudText>Hub SessionId: @HubContextAccessor?.Current?.HubSessionId</MudText>
-            <MudText>Client Profile: @HubContextAccessor?.Current?.ClientProfile</MudText>
-            <MudText>Return Url: @HubContextAccessor?.Current?.ReturnUrl</MudText>
-            <MudText>Flow Type: @HubContextAccessor?.Current?.FlowType</MudText>
-            <MudText>Created At: @HubContextAccessor?.Current?.CreatedAt</MudText>
-            <MudText>Completed: @HubContextAccessor?.Current?.IsCompleted</MudText>
-            <MudButton Variant="Variant.Filled" Color="Color.Primary" OnClick="CompleteHubFlow">Complete Hub Flow</MudButton>
+            <MudText>Hub SessionId: @_state?.HubSessionId</MudText>
+            <MudText>Client Profile: @_state?.ClientProfile</MudText>
+            <MudText>Return Url: @_state?.ReturnUrl</MudText>
+            <MudText>Flow Type: @_state?.FlowType</MudText>
+            <MudText>IsActive: @_state?.IsActive</MudText>
         </MudStack>
     </MudStack>
-
 </div>
 

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Components/Pages/Home.razor.cs

@@ -1,13 +1,11 @@
-using CodeBeam.UltimateAuth.Client;
+using CodeBeam.UltimateAuth.Client.Contracts;
+using CodeBeam.UltimateAuth.Client.Utilities;
 using CodeBeam.UltimateAuth.Core.Contracts;
 using CodeBeam.UltimateAuth.Core.Domain;
-using CodeBeam.UltimateAuth.Server.Infrastructure;
 using CodeBeam.UltimateAuth.Server.Stores;
 using Microsoft.AspNetCore.Components;
-using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.WebUtilities;
 using MudBlazor;
-using System;
 
 namespace CodeBeam.UltimateAuth.Sample.UAuthHub.Components.Pages
 {
@@ -16,68 +14,75 @@ public partial class Home
         [SupplyParameterFromQuery(Name = "hub")]
         public string? HubKey { get; set; }
 
-        private string _authorizationCode = default!;
-        private string _codeVerifier = default!;
-
         private string? _username;
         private string? _password;
 
-        private UALoginForm _form = null!;
+        private HubFlowState? _state;
+
+        protected override async Task OnParametersSetAsync()
+        {
+            if (string.IsNullOrWhiteSpace(HubKey))
+            {
+                _state = null;
+                return;
+            }
 
-        protected bool Ready;
-        protected string? Error;
+            _state = await HubFlowReader.GetStateAsync(new HubSessionId(HubKey));
+        }
 
         protected override async Task OnAfterRenderAsync(bool firstRender)
         {
             if (!firstRender)
                 return;
 
-            var hubKey = GetHubKeyFromQuery();
+            var currentError = await BrowserStorage.GetAsync(StorageScope.Session, "uauth:last_error");
 
-            if (hubKey is null)
+            if (!string.IsNullOrWhiteSpace(currentError))
             {
-                await StartNewPkceAsync();
-                return;
+                Snackbar.Add(ResolveErrorMessage(currentError), Severity.Error);
+                await BrowserStorage.RemoveAsync(StorageScope.Session, "uauth:last_error");
             }
 
-            var state = await HubStateReader.GetStateAsync(hubKey);
+            var uri = Nav.ToAbsoluteUri(Nav.Uri);
+            var query = QueryHelpers.ParseQuery(uri.Query);
 
-            if (!state.Exists || !state.IsActive)
+            if (query.TryGetValue("__uauth_error", out var error))
+            {
+                await BrowserStorage.SetAsync(StorageScope.Session, "uauth:last_error", error.ToString());
+            }
+            
+            if (string.IsNullOrWhiteSpace(HubKey))
             {
-                await StartNewPkceAsync();
                 return;
             }
-        }
 
-        private string? GetHubKeyFromQuery()
-        {
-            var uri = Nav.ToAbsoluteUri(Nav.Uri);
-            var query = Microsoft.AspNetCore.WebUtilities.QueryHelpers.ParseQuery(uri.Query);
-
-            if (query.TryGetValue("hub", out var hubKey) && !string.IsNullOrWhiteSpace(hubKey))
-                return hubKey;
+            if (_state is null || !_state.Exists)
+                return;
 
-            return null;
+            if (_state?.IsActive != true)
+            {
+                await StartNewPkceAsync();
+                return;
+            }
         }
 
+        // For testing & debugging
         private async Task ProgrammaticPkceLogin()
         {
-            var hub = HubContextAccessor.Current;
+            var hub = _state;
 
             if (hub is null)
                 return;
 
-            hub.Payload.TryGet("authorization_code", out string? authorizationCode);
-            hub.Payload.TryGet("code_verifier", out string? codeVerifier);
-            hub.Payload.TryGet("return_url", out string? returnUrl);
+            var credentials = await HubCredentialResolver.ResolveAsync(new HubSessionId(HubKey));
 
             var request = new PkceLoginRequest
             {
                 Identifier = "Admin",
                 Secret = "Password!",
-                AuthorizationCode = authorizationCode ?? string.Empty,
-                CodeVerifier = codeVerifier ?? string.Empty,
-                ReturnUrl = hub.ReturnUrl ?? string.Empty
+                AuthorizationCode = credentials?.AuthorizationCode ?? string.Empty,
+                CodeVerifier = credentials?.CodeVerifier ?? string.Empty,
+                ReturnUrl = _state?.ReturnUrl ?? string.Empty
             };
             await UAuthClient.CompletePkceLoginAsync(request);
         }
@@ -90,85 +95,38 @@ private async Task StartNewPkceAsync()
 
         private async Task<string> ResolveReturnUrlAsync()
         {
-            // 1) Live hub context
-            var fromContext = HubContextAccessor.Current?.ReturnUrl;
+            var fromContext = _state?.ReturnUrl;
             if (!string.IsNullOrWhiteSpace(fromContext))
                 return fromContext;
 
-            // 2) Query return_url (optional)
             var uri = Nav.ToAbsoluteUri(Nav.Uri);
             var query = Microsoft.AspNetCore.WebUtilities.QueryHelpers.ParseQuery(uri.Query);
 
             if (query.TryGetValue("return_url", out var ru) && !string.IsNullOrWhiteSpace(ru))
                 return ru!;
 
-            // 3) Query hub -> store lookup
             if (query.TryGetValue("hub", out var hubKey) && !string.IsNullOrWhiteSpace(hubKey))
             {
                 var artifact = await AuthStore.GetAsync(new AuthArtifactKey(hubKey!));
                 if (artifact is HubFlowArtifact flow && !string.IsNullOrWhiteSpace(flow.ReturnUrl))
                     return flow.ReturnUrl!;
             }
 
-            // 4) Config default (recommend adding to options)
+            // Config default (recommend adding to options)
             //if (!string.IsNullOrWhiteSpace(_options.Login.DefaultReturnUrl))
             //    return _options.Login.DefaultReturnUrl!;
 
-            // 5) Final fallback (Hub URL)
             return Nav.Uri;
         }
-
-        private void CompleteHubFlow()
+        
+        private string ResolveErrorMessage(string? errorKey)
         {
-            HubContextAccessor.Complete();
-            StateHasChanged();
-        }
-
-        private void HandleErrorFromQuery()
-        {
-            var uri = Nav.ToAbsoluteUri(Nav.Uri);
-            var query = QueryHelpers.ParseQuery(uri.Query);
-
-            if (query.TryGetValue("error", out var error))
+            if (errorKey == "invalid")
             {
-                Snackbar.Add("Login failed.", Severity.Error);
-                Nav.NavigateTo(uri.GetLeftPart(UriPartial.Path), replace: true);
+                return "Login failed.";
             }
-        }
-
-        //protected override void OnAfterRender(bool firstRender)
-        //{
-        //    if (firstRender)
-        //    {
-        //        var uri = Nav.ToAbsoluteUri(Nav.Uri);
-        //        var query = Microsoft.AspNetCore.WebUtilities.QueryHelpers.ParseQuery(uri.Query);
-
-        //        if (query.TryGetValue("error", out var error))
-        //        {
-        //            ShowLoginError(error.ToString());
-        //            ClearQueryString();
-        //        }
-        //    }
-        //}
-
-        private void ShowLoginError(string code)
-        {
-            var message = code switch
-            {
-                "invalid" => "Invalid username or password.",
-                "locked" => "Your account is locked.",
-                "mfa" => "Multi-factor authentication required.",
-                _ => "Login failed."
-            };
 
-            Snackbar.Add(message, Severity.Error);
-        }
-
-        private void ClearQueryString()
-        {
-            var uri = new Uri(Nav.Uri);
-            var clean = uri.GetLeftPart(UriPartial.Path);
-            Nav.NavigateTo(clean, replace: true);
+            return "Failed attempt.";
         }
 
     }

src/CodeBeam.UltimateAuth.Client/CodeBeam.UltimateAuth.Client.csproj

@@ -13,16 +13,19 @@
 		<PackageReference Include="Microsoft.AspNetCore.Components" Version="8.0.21" />
 		<PackageReference Include="Microsoft.AspNetCore.Components.Web" Version="8.0.21" />
 		<PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="8.0.21" />
+		<PackageReference Include="Microsoft.AspNetCore.WebUtilities" Version="8.0.21" />
 	</ItemGroup>
 	<ItemGroup Condition=" '$(TargetFramework)' == 'net9.0' ">
 		<PackageReference Include="Microsoft.AspNetCore.Components" Version="9.0.11" />
 		<PackageReference Include="Microsoft.AspNetCore.Components.Web" Version="9.0.11" />
 		<PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="9.0.11" />
+		<PackageReference Include="Microsoft.AspNetCore.WebUtilities" Version="9.0.11" />
 	</ItemGroup>
 	<ItemGroup Condition=" '$(TargetFramework)' == 'net10.0' ">
 		<PackageReference Include="Microsoft.AspNetCore.Components" Version="10.0.1" />
 		<PackageReference Include="Microsoft.AspNetCore.Components.Web" Version="10.0.1" />
 		<PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="10.0.1" />
+		<PackageReference Include="Microsoft.AspNetCore.WebUtilities" Version="10.0.1" />
 	</ItemGroup>
 
 	<ItemGroup>

src/CodeBeam.UltimateAuth.Client/Components/UALoginForm.razor

@@ -17,8 +17,8 @@
 
     @if (LoginType == UAuthLoginType.Pkce)
     {
-        <input type="hidden" name="authorization_code" value="@AuthorizationCode" />
-        <input type="hidden" name="code_verifier" value="@CodeVerifier" />
+        <input type="hidden" name="authorization_code" value="@_credentials?.AuthorizationCode" />
+        <input type="hidden" name="code_verifier" value="@_credentials?.CodeVerifier" />
         <input type="hidden" name="return_url" value="@EffectiveReturnUrl" />
     }