Complete UAuthState

Author: mckaragoz

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Components/Pages/Home.razor

@@ -1,4 +1,5 @@
 @page "/home"
+@using System.Security.Claims
 @attribute [Authorize]
 
 @inject AuthenticationStateProvider AuthProvider
@@ -33,6 +34,7 @@
                 <MudText>Tenant: @AuthState?.Identity?.Tenant.Value</MudText>
                 <MudText>Authenticated At: @AuthState?.Identity?.AuthenticatedAt</MudText>
                 <MudText>Last Validated At: @AuthState?.LastValidatedAt</MudText>
+                <MudText>Is Admin: @AuthState.IsInRole("Admin")</MudText>
                 <MudText>Roles: @string.Join(", ", AuthState.Claims.Roles)</MudText>
             </MudPaper>
         </MudItem>

samples/blazor-standalone-wasm/CodeBeam.UltimateAuth.Sample.BlazorStandaloneWasm/Pages/Home.razor

@@ -48,7 +48,7 @@
             <MudButton Variant="Variant.Filled" Color="Color.Primary" OnClick="StateHasChanged">StateHasChanged</MudButton>
             <MudButton Variant="Variant.Filled" Color="Color.Primary" OnClick="RefreshAuthState">Refresh Auth State</MudButton>
             <MudText>State of Authentication:</MudText>
-            <MudText>From UltimateAuth: @(Auth?.IsAuthenticated == true ? "Authenticated" : "Not Authenticated") - UserId:@(Auth?.UserKey)</MudText>
+            <MudText>From UltimateAuth: @(Auth?.IsAuthenticated == true ? "Authenticated" : "Not Authenticated") - UserId:@(Auth?.Identity?.UserKey)</MudText>
             <MudText>From ASPNET Core: @(_authState?.User?.Identity?.IsAuthenticated == true ? "Authenticated" : "Not Authenticated") - UserId:@(_authState?.User?.Identity?.Name)</MudText>
             <AuthorizeView>
                 <Authorized>

src/CodeBeam.UltimateAuth.Client/Authentication/UAuthState.cs

@@ -72,6 +72,14 @@ internal void Clear()
         Changed?.Invoke(UAuthStateChangeReason.Cleared);
     }
 
+    public bool IsInRole(string role) => IsAuthenticated && Claims.IsInRole(role);
+
+    public bool HasPermission(string permission) => IsAuthenticated && Claims.HasPermission(permission);
+
+    public bool HasClaim(string type, string value) => IsAuthenticated && Claims.HasValue(type, value);
+
+    public string? GetClaim(string type) => IsAuthenticated ? Claims.Get(type) : null;
+
     /// <summary>
     /// Creates a ClaimsPrincipal view for ASP.NET / Blazor integration.
     /// </summary>

src/CodeBeam.UltimateAuth.Core/Domain/Session/AuthSessionId.cs

@@ -1,6 +1,10 @@
-namespace CodeBeam.UltimateAuth.Core.Domain;
+using CodeBeam.UltimateAuth.Core.Infrastructure;
+using System.Text.Json.Serialization;
+
+namespace CodeBeam.UltimateAuth.Core.Domain;
 
 // AuthSessionId is a opaque token, because it's more sensitive data. SessionChainId and SessionRootId are Guid.
+[JsonConverter(typeof(AuthSessionIdJsonConverter))]
 public readonly record struct AuthSessionId
 {
     public string Value { get; }

src/CodeBeam.UltimateAuth.Core/Domain/Session/SessionChainId.cs

@@ -1,5 +1,9 @@
-namespace CodeBeam.UltimateAuth.Core.Domain;
+using CodeBeam.UltimateAuth.Core.Infrastructure;
+using System.Text.Json.Serialization;
 
+namespace CodeBeam.UltimateAuth.Core.Domain;
+
+[JsonConverter(typeof(SessionChainIdJsonConverter))]
 public readonly record struct SessionChainId(Guid Value)
 {
     public static SessionChainId New() => new(Guid.NewGuid());

src/CodeBeam.UltimateAuth.Core/Domain/Session/SessionRootId.cs

@@ -1,5 +1,9 @@
-namespace CodeBeam.UltimateAuth.Core.Domain;
+using CodeBeam.UltimateAuth.Core.Infrastructure;
+using System.Text.Json.Serialization;
 
+namespace CodeBeam.UltimateAuth.Core.Domain;
+
+[JsonConverter(typeof(SessionRootIdJsonConverter))]
 public readonly record struct SessionRootId(Guid Value)
 {
     public static SessionRootId New() => new(Guid.NewGuid());

src/CodeBeam.UltimateAuth.Core/Extensions/ClaimsSnapshotExtensions.cs

@@ -1,4 +1,5 @@
-using CodeBeam.UltimateAuth.Core.Domain;
+using CodeBeam.UltimateAuth.Core.Contracts;
+using CodeBeam.UltimateAuth.Core.Domain;
 using System.Security.Claims;
 
 namespace CodeBeam.UltimateAuth.Core.Extensions;
@@ -19,25 +20,19 @@ public static ClaimsPrincipal ToClaimsPrincipal(this ClaimsSnapshot snapshot, st
         return new ClaimsPrincipal(identity);
     }
 
-    public static ClaimsPrincipal ToClaimsPrincipal(this ClaimsSnapshot snapshot, UserKey? userKey, string authenticationType)
+    public static ClaimsPrincipal ToClaimsPrincipal(this AuthStateSnapshot snapshot, string authenticationType)
     {
-        if (snapshot == null)
-            return new ClaimsPrincipal(new ClaimsIdentity());
+        var claims = snapshot.Claims.ToClaims().ToList();
 
-        var claims = snapshot.Claims.SelectMany(kv => kv.Value.Select(v => new Claim(kv.Key, v))).ToList();
+        claims.Add(new Claim(ClaimTypes.NameIdentifier, snapshot.Identity.UserKey.Value));
 
-        if (userKey is not null)
-        {
-            var value = userKey.Value.ToString();
-            claims.Add(new Claim(ClaimTypes.Name, value));
-            claims.Add(new Claim(ClaimTypes.NameIdentifier, value));
-        }
+        if (!string.IsNullOrWhiteSpace(snapshot.Identity.PrimaryUserName))
+            claims.Add(new Claim(ClaimTypes.Name, snapshot.Identity.PrimaryUserName));
 
-        var identity = new ClaimsIdentity(claims, authenticationType, ClaimTypes.Name, ClaimTypes.Role);
-        return new ClaimsPrincipal(identity);
+        var ci = new ClaimsIdentity(claims, authenticationType, ClaimTypes.Name, ClaimTypes.Role);
+        return new ClaimsPrincipal(ci);
     }
 
-
     /// <summary>
     /// Converts an ASP.NET Core ClaimsPrincipal into a ClaimsSnapshot.
     /// </summary>

src/CodeBeam.UltimateAuth.Core/Infrastructure/AuthSessionIdJsonConverter.cs

@@ -0,0 +1,26 @@
+using CodeBeam.UltimateAuth.Core.Domain;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+namespace CodeBeam.UltimateAuth.Core.Infrastructure;
+
+public sealed class AuthSessionIdJsonConverter : JsonConverter<AuthSessionId>
+{
+    public override AuthSessionId Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+    {
+        if (reader.TokenType != JsonTokenType.String)
+            throw new JsonException("AuthSessionId must be a string.");
+
+        var value = reader.GetString();
+
+        if (!AuthSessionId.TryCreate(value, out var id))
+            throw new JsonException($"Invalid AuthSessionId value: '{value}'");
+
+        return id;
+    }
+
+    public override void Write(Utf8JsonWriter writer, AuthSessionId value, JsonSerializerOptions options)
+    {
+        writer.WriteStringValue(value.Value);
+    }
+}

src/CodeBeam.UltimateAuth.Core/Infrastructure/SessionChainIdJsonConverter.cs

@@ -0,0 +1,26 @@
+using CodeBeam.UltimateAuth.Core.Domain;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+namespace CodeBeam.UltimateAuth.Core.Infrastructure;
+
+public sealed class SessionChainIdJsonConverter : JsonConverter<SessionChainId>
+{
+    public override SessionChainId Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+    {
+        if (reader.TokenType != JsonTokenType.String)
+            throw new JsonException("SessionChainId must be a string.");
+
+        var raw = reader.GetString();
+
+        if (!SessionChainId.TryCreate(raw!, out var id))
+            throw new JsonException($"Invalid SessionChainId value: '{raw}'");
+
+        return id;
+    }
+
+    public override void Write(Utf8JsonWriter writer, SessionChainId value, JsonSerializerOptions options)
+    {
+        writer.WriteStringValue(value.Value.ToString("N"));
+    }
+}

src/CodeBeam.UltimateAuth.Core/Infrastructure/SessionRootIdJsonConverter.cs

@@ -0,0 +1,26 @@
+using CodeBeam.UltimateAuth.Core.Domain;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+namespace CodeBeam.UltimateAuth.Core.Infrastructure;
+
+public sealed class SessionRootIdJsonConverter : JsonConverter<SessionRootId>
+{
+    public override SessionRootId Read(ref Utf8JsonReader reader, Type typeToConvert, JsonSerializerOptions options)
+    {
+        if (reader.TokenType != JsonTokenType.String)
+            throw new JsonException("SessionChainId must be a string.");
+
+        var raw = reader.GetString();
+
+        if (!SessionRootId.TryCreate(raw!, out var id))
+            throw new JsonException($"Invalid SessionChainId value: '{raw}'");
+
+        return id;
+    }
+
+    public override void Write(Utf8JsonWriter writer, SessionRootId value, JsonSerializerOptions options)
+    {
+        writer.WriteStringValue(value.Value.ToString("N"));
+    }
+}