Fix Expired Chain Doesn't Rotate on Successful Login

src/CodeBeam.UltimateAuth.Server/Flows/Login/LoginOrchestrator.cs

@@ -131,8 +131,15 @@ public async Task<LoginResult> LoginAsync(AuthFlowContext flow, LoginRequest req
         {
             var chain = await sessionStore.GetChainByDeviceAsync(userKey.Value, deviceId, ct);
 
-            if (chain is not null && !chain.IsRevoked)
-                chainId = chain.ChainId;
+            if (chain is not null)
+            {
+                var chainState = chain.GetState(now, _options.Session.IdleTimeout);
+
+                if (chainState == SessionState.Active)
+                {
+                    chainId = chain.ChainId;
+                }
+            }
         }
 
         // TODO: Add accountState here, currently it only checks factor state

src/CodeBeam.UltimateAuth.Server/Infrastructure/Issuers/UAuthSessionIssuer.cs

@@ -92,8 +92,13 @@ await kernel.ExecuteAsync(async _ =>
                 //chain = await kernel.GetChainAsync(context.ChainId.Value)
                 //    ?? throw new UAuthNotFoundException("Chain not found.");
 
-                if (chain.IsRevoked)
-                    throw new UAuthValidationException("Chain revoked.");
+                var chainState = chain.GetState(now, _options.Session.IdleTimeout);
+
+                if (chainState != SessionState.Active)
+                    throw new UAuthValidationException("Chain is not active.");
+
+                //if (chain.IsRevoked)
+                //    throw new UAuthValidationException("Chain revoked.");
 
                 if (chain.UserKey != context.UserKey || chain.Tenant != context.Tenant)
                     throw new UAuthValidationException("Invalid chain ownership.");