WASM Login & Validation & Logout Flows

Author: mckaragoz

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Program.cs

@@ -69,6 +69,9 @@
 app.UseHttpsRedirection();
 app.UseCors("WasmSample");
 
+app.UseUltimateAuthServer();
+app.UseAuthentication();
+app.UseAuthorization();
 app.UseAntiforgery();
 
 app.MapUAuthEndpoints();

samples/blazor-standalone-wasm/CodeBeam.UltimateAuth.Sample.BlazorStandaloneWasm/Pages/Home.razor

@@ -1,4 +1,5 @@
 @page "/"
+@page "/login"
 @using CodeBeam.UltimateAuth.Client.Diagnostics
 @using CodeBeam.UltimateAuth.Core.Runtime
 @inject IHttpClientFactory HttpClientFactory

src/CodeBeam.UltimateAuth.Client/Abstractions/IBrowserPostClient.cs

@@ -19,8 +19,8 @@ public interface IBrowserPostClient
         /// </summary>
         /// <param name="endpoint"></param>
         /// <returns></returns>
-        Task<BrowserPostResult> BackgroundPostAsync(string endpoint);
+        Task<BrowserPostResult> FetchPostAsync(string endpoint);
 
-        Task<BrowserPostJsonResult<T>> BackgroundPostJsonAsync<T>(string url);
+        Task<BrowserPostJsonResult<T>> FetchPostJsonAsync<T>(string url);
     }
 }

src/CodeBeam.UltimateAuth.Client/Components/UALoginForm.razor

@@ -4,6 +4,7 @@
 @using Microsoft.Extensions.Options
 @inject IJSRuntime JS
 @inject IOptions<UAuthClientOptions> Options
+@inject NavigationManager Navigation
 
 <form @ref="_form" method="post" action="@ResolvedEndpoint">
     <input type="hidden" name="Identifier" value="@Identifier" />

src/CodeBeam.UltimateAuth.Client/Components/UALoginForm.razor.cs

@@ -15,6 +15,9 @@ public partial class UALoginForm
         [Parameter]
         public string? Endpoint { get; set; } = "/auth/login";
 
+        [Parameter]
+        public string? ReturnUrl { get; set; }
+
         [Parameter]
         public RenderFragment? ChildContent { get; set; }
 
@@ -23,14 +26,41 @@ public partial class UALoginForm
 
         private ElementReference _form;
 
-        private string ResolvedEndpoint => string.IsNullOrWhiteSpace(Endpoint) ? UAuthUrlBuilder.Combine(Options.Value.Endpoints.Authority, "/auth/login") : UAuthUrlBuilder.Combine(Options.Value.Endpoints.Authority, Endpoint);
-
         public async Task SubmitAsync()
         {
             if (_form.Context is null)
                 throw new InvalidOperationException("Form is not yet rendered. Call SubmitAsync after OnAfterRender.");
 
             await JS.InvokeVoidAsync("uauth.submitForm", _form);
         }
+
+        //private string ResolvedEndpoint => string.IsNullOrWhiteSpace(Endpoint) ? UAuthUrlBuilder.Combine(Options.Value.Endpoints.Authority, "/auth/login") : UAuthUrlBuilder.Combine(Options.Value.Endpoints.Authority, Endpoint);
+
+        private string ResolvedEndpoint
+        {
+            get
+            {
+                var loginPath = string.IsNullOrWhiteSpace(Endpoint)
+                    ? Options.Value.Endpoints.Login
+                    : Endpoint;
+
+                var baseUrl = UAuthUrlBuilder.Combine(
+                    Options.Value.Endpoints.Authority,
+                    loginPath);
+
+                var returnUrl = EffectiveReturnUrl;
+
+                if (string.IsNullOrWhiteSpace(returnUrl))
+                    return baseUrl;
+
+                return $"{baseUrl}?returnUrl={Uri.EscapeDataString(returnUrl)}";
+            }
+        }
+
+        private string EffectiveReturnUrl =>
+            !string.IsNullOrWhiteSpace(ReturnUrl)
+                ? ReturnUrl
+                : Navigation.Uri;
+
     }
 }

src/CodeBeam.UltimateAuth.Client/Infrastructure/BrowserPostClient.cs

@@ -15,18 +15,35 @@ public BrowserPostClient(IJSRuntime js)
 
         public Task NavigatePostAsync(string endpoint, IDictionary<string, string>? data = null)
         {
-            return _js.InvokeVoidAsync("uauth.post", endpoint, data).AsTask();
+            return _js.InvokeVoidAsync("uauth.post", new
+            {
+                url = endpoint,
+                mode = "navigate",
+                data = data
+            }).AsTask();
         }
 
-        public async Task<BrowserPostResult> BackgroundPostAsync(string endpoint)
+        public async Task<BrowserPostResult> FetchPostAsync(string endpoint)
         {
-            var result = await _js.InvokeAsync<BrowserPostResult>("uauth.refresh", endpoint);
+            var result = await _js.InvokeAsync<BrowserPostResult>("uauth.post", new
+            {
+                url = endpoint,
+                mode = "fetch",
+                expectJson = false
+            });
+
             return result;
         }
 
-        public async Task<BrowserPostJsonResult<T>> BackgroundPostJsonAsync<T>(string url)
+        public async Task<BrowserPostJsonResult<T>> FetchPostJsonAsync<T>(string endpoint)
         {
-            var result = await _js.InvokeAsync<BrowserPostJsonResult<T>>("uauth.validate", url);
+            var result = await _js.InvokeAsync<BrowserPostJsonResult<T>>("uauth.post", new
+            {
+                url = endpoint,
+                mode = "fetch",
+                expectJson = true
+            });
+
             return result;
         }
 

src/CodeBeam.UltimateAuth.Client/Options/UAuthClientProfileDetector.cs

@@ -13,13 +13,15 @@ public UAuthClientProfile Detect(IServiceProvider sp)
             if (AppDomain.CurrentDomain.GetAssemblies().Any(a => a.GetName().Name == "Microsoft.AspNetCore.Components.WebAssembly"))
                 return UAuthClientProfile.BlazorWasm;
 
-            //if (sp.GetService<Microsoft.AspNetCore.Components.Server.Circuits.CircuitHandler>() is not null)
-            //    return UAuthClientProfile.BlazorServer;
+            // Warning: This detection method may not be 100% reliable in all hosting scenarios.
+            if (AppDomain.CurrentDomain.GetAssemblies().Any(a => a.GetName().Name == "Microsoft.AspNetCore.Components.Server"))
+            {
+                return UAuthClientProfile.BlazorServer;
+            }
 
-            //if (sp.GetService<Microsoft.AspNetCore.Mvc.Infrastructure.IActionContextAccessor>() is not null)
-            //    return UAuthClientProfile.Mvc;
-
-            return UAuthClientProfile.NotSpecified;
+            // Default to WebServer profile for other ASP.NET Core scenarios such as MVC, Razor Pages, minimal APIs, etc.
+            // NotSpecified should only be used when user explicitly sets it. (For example in unit tests)
+            return UAuthClientProfile.WebServer;
         }
     }
 }

src/CodeBeam.UltimateAuth.Client/Services/UAuthClient.cs

@@ -50,7 +50,7 @@ public async Task<RefreshResult> RefreshAsync(bool isAuto = false)
             }
 
             var url = UAuthUrlBuilder.Combine(_options.Endpoints.Authority, _options.Endpoints.Refresh);
-            var result = await _post.BackgroundPostAsync(url);
+            var result = await _post.FetchPostAsync(url);
             var refreshOutcome = RefreshOutcomeParser.Parse(result.RefreshOutcome);
             switch (refreshOutcome)
             {
@@ -85,7 +85,7 @@ public async Task ReauthAsync()
         public async Task<AuthValidationResult> ValidateAsync()
         {
             var url = UAuthUrlBuilder.Combine(_options.Endpoints.Authority, _options.Endpoints.Validate);
-            var result = await _post.BackgroundPostJsonAsync<AuthValidationResult>(url);
+            var result = await _post.FetchPostJsonAsync<AuthValidationResult>(url);
 
             if (result.Body is null)
                 return new AuthValidationResult { IsValid = false, State = "transport" };

src/CodeBeam.UltimateAuth.Client/wwwroot/uauth.js

@@ -7,50 +7,48 @@
 };
 
 window.uauth = {
-    post: function (action, data) {
-        const form = document.createElement("form");
-        form.method = "POST";
-        form.action = action;
-
-        if (data) {
-            for (const key in data) {
-                const input = document.createElement("input");
-                input.type = "hidden";
-                input.name = key;
-                input.value = data[key];
-                form.appendChild(input);
+    post: async function (options) {
+        const {
+            url,
+            mode,
+            data,
+            expectJson
+        } = options;
+
+        if (mode === "navigate") {
+            const form = document.createElement("form");
+            form.method = "POST";
+            form.action = url;
+
+            if (data) {
+                for (const key in data) {
+                    const input = document.createElement("input");
+                    input.type = "hidden";
+                    input.name = key;
+                    input.value = data[key];
+                    form.appendChild(input);
+                }
             }
-        }
-
-        document.body.appendChild(form);
-        form.submit();
-    },
-
-    refresh: async function (action) {
-        const response = await fetch(action, {
-            method: "POST",
-            credentials: "include"
-        });
 
-        return {
-            ok: response.ok,
-            status: response.status,
-            refreshOutcome: response.headers.get("X-UAuth-Refresh")
-        };
-    },
+            document.body.appendChild(form);
+            form.submit();
+            return null;
+        }
 
-    validate: async function (action) {
-        const response = await fetch(action, {
+        const response = await fetch(url, {
             method: "POST",
             credentials: "include"
         });
 
         let body = null;
-        try { body = await response.json(); } catch { }
+        if (expectJson) {
+            try { body = await response.json(); } catch { }
+        }
 
         return {
             ok: response.ok,
             status: response.status,
+            refreshOutcome: response.headers.get("X-UAuth-Refresh"),
             body: body
         };
     }

src/CodeBeam.UltimateAuth.Core/Options/UAuthClientProfile.cs

@@ -6,7 +6,7 @@ public enum UAuthClientProfile
         BlazorWasm,
         BlazorServer,
         Maui,
-        Mvc,
+        WebServer,
         Api
     }
 }