Final Preview Review

samples/CodeBeam.UltimateAuth.Sample.Seed/UserSeedContributor.cs

@@ -59,11 +59,11 @@ await lifecycleStore.AddAsync(
                 ct);
         }
 
-        var profileKey = new UserProfileKey(tenant, userKey);
+        var profileKey = new UserProfileKey(tenant, userKey, ProfileKey.Default);
         if (!await profileStore.ExistsAsync(profileKey, ct))
         {
             await profileStore.AddAsync(
-                UserProfile.Create(Guid.NewGuid(), tenant, userKey, now, displayName: displayName),
+                UserProfile.Create(Guid.NewGuid(), tenant, userKey, ProfileKey.Default, now, displayName: displayName),
                 ct);
         }
 

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Program.cs

@@ -38,6 +38,7 @@
     o.Login.MaxFailedAttempts = 2;
     o.Login.LockoutDuration = TimeSpan.FromSeconds(10);
     o.Identifiers.AllowMultipleUsernames = true;
+    o.UserProfile.EnableMultiProfile = true;
 })
     .AddUltimateAuthInMemory()
     .AddUAuthHub(o => o.AllowedClientOrigins.Add("https://localhost:6130")); // Client sample's URL

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/Components/Dialogs/UsersDialog.razor.cs

@@ -144,7 +144,7 @@ Are you sure you want to delete <b>{user.DisplayName ?? user.UserName ?? user.Pr
             Mode = DeleteMode.Soft
         };
 
-        var result = await UAuthClient.Users.DeleteUserAsync(UserKey.Parse(user.UserKey, null), req);
+        var result = await UAuthClient.Users.DeleteUserAsync(user.UserKey, req);
 
         if (result.IsSuccess)
         {

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/Migrations/20260327184128_InitUltimateAuth.cs → samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/Migrations/20260406192328_InitUltimateAuth.cs

@@ -182,6 +182,7 @@ protected override void Up(MigrationBuilder migrationBuilder)
                     Id = table.Column<Guid>(type: "TEXT", nullable: false),
                     Tenant = table.Column<string>(type: "TEXT", maxLength: 128, nullable: false),
                     UserKey = table.Column<string>(type: "TEXT", maxLength: 128, nullable: false),
+                    ProfileKey = table.Column<string>(type: "TEXT", maxLength: 64, nullable: false),
                     FirstName = table.Column<string>(type: "TEXT", nullable: true),
                     LastName = table.Column<string>(type: "TEXT", nullable: true),
                     DisplayName = table.Column<string>(type: "TEXT", nullable: true),
@@ -498,9 +499,10 @@ protected override void Up(MigrationBuilder migrationBuilder)
                 unique: true);
 
             migrationBuilder.CreateIndex(
-                name: "IX_UAuth_UserProfiles_Tenant_UserKey",
+                name: "IX_UAuth_UserProfiles_Tenant_UserKey_ProfileKey",
                 table: "UAuth_UserProfiles",
-                columns: new[] { "Tenant", "UserKey" });
+                columns: new[] { "Tenant", "UserKey", "ProfileKey" },
+                unique: true);
 
             migrationBuilder.CreateIndex(
                 name: "IX_UAuth_UserRoles_Tenant_RoleId",

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/Migrations/UAuthDbContextModelSnapshot.cs

@@ -655,6 +655,11 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                     b.Property<string>("Metadata")
                         .HasColumnType("TEXT");
 
+                    b.Property<string>("ProfileKey")
+                        .IsRequired()
+                        .HasMaxLength(64)
+                        .HasColumnType("TEXT");
+
                     b.Property<string>("Tenant")
                         .IsRequired()
                         .HasMaxLength(128)
@@ -677,7 +682,8 @@ protected override void BuildModel(ModelBuilder modelBuilder)
 
                     b.HasKey("Id");
 
-                    b.HasIndex("Tenant", "UserKey");
+                    b.HasIndex("Tenant", "UserKey", "ProfileKey")
+                        .IsUnique();
 
                     b.ToTable("UAuth_UserProfiles", (string)null);
                 });

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Components/Dialogs/UsersDialog.razor.cs

@@ -144,7 +144,7 @@ Are you sure you want to delete <b>{user.DisplayName ?? user.UserName ?? user.Pr
             Mode = DeleteMode.Soft
         };
 
-        var result = await UAuthClient.Users.DeleteUserAsync(UserKey.Parse(user.UserKey, null), req);
+        var result = await UAuthClient.Users.DeleteUserAsync(user.UserKey, req);
 
         if (result.IsSuccess)
         {

src/CodeBeam.UltimateAuth.Core/Abstractions/Infrastructure/IUAuthPasswordHasher.cs

@@ -7,6 +7,7 @@
 /// </summary>
 public interface IUAuthPasswordHasher
 {
-    string Hash(string password);
-    bool Verify(string hash, string secret);
+    PasswordHash Hash(string password);
+    bool Verify(PasswordHash hash, string secret);
+    bool NeedsRehash(PasswordHash hash);
 }

src/CodeBeam.UltimateAuth.Core/Contracts/Login/ExternalLoginRequest.cs

@@ -1,5 +1,4 @@
 using CodeBeam.UltimateAuth.Core.Domain;
-using CodeBeam.UltimateAuth.Core.MultiTenancy;
 
 namespace CodeBeam.UltimateAuth.Core.Contracts;
 

src/CodeBeam.UltimateAuth.Core/Contracts/Login/ReauthRequest.cs

@@ -1,5 +1,4 @@
 using CodeBeam.UltimateAuth.Core.Domain;
-using CodeBeam.UltimateAuth.Core.MultiTenancy;
 
 namespace CodeBeam.UltimateAuth.Core.Contracts;
 

src/CodeBeam.UltimateAuth.Core/Contracts/Pkce/PkceCompleteRequest.cs

@@ -15,8 +15,8 @@ public sealed record PkceCompleteRequest
     public required string Secret { get; init; }
 
     [JsonPropertyName("return_url")]
-    public string ReturnUrl { get; init; }
+    public string? ReturnUrl { get; init; }
 
     [JsonPropertyName("hub_session_id")]
-    public string HubSessionId { get; init; }
+    public string? HubSessionId { get; init; }
 }

src/CodeBeam.UltimateAuth.Core/Domain/Session/SessionRefreshStatus.cs → src/CodeBeam.UltimateAuth.Core/Contracts/Refresh/SessionRefreshStatus.cs

@@ -1,4 +1,4 @@
-namespace CodeBeam.UltimateAuth.Core.Domain;
+namespace CodeBeam.UltimateAuth.Core.Contracts;
 
 public enum SessionRefreshStatus
 {

src/CodeBeam.UltimateAuth.Core/Contracts/Session/Dtos/IdentityInfo.cs

@@ -7,5 +7,4 @@ public sealed class IdentityInfo
     public string? UserKey { get; set; }
 
     public DateTimeOffset? AuthenticatedAt { get; set; }
-
 }

src/CodeBeam.UltimateAuth.Core/Contracts/Token/AccessToken.cs

@@ -15,7 +15,7 @@ public sealed class AccessToken
     /// Token type: "jwt" or "opaque".
     /// Used for diagnostics and middleware behavior.
     /// </summary>
-    public TokenType Type { get; init; }
+    public TokenFormat Format { get; init; }
 
     /// <summary>
     /// Expiration time of the token.

src/CodeBeam.UltimateAuth.Core/Contracts/Token/TokenFormat.cs

@@ -1,9 +1,8 @@
 namespace CodeBeam.UltimateAuth.Core.Contracts;
 
-// TODO: It's same as TokenType
-// It's not primary token kind, it's about transport format.
 public enum TokenFormat
 {
     Opaque = 0,
-    Jwt = 10
+    Jwt = 10,
+    Unknown = 100
 }

src/CodeBeam.UltimateAuth.Core/Contracts/Token/TokenValidationResult.cs

@@ -7,7 +7,7 @@ namespace CodeBeam.UltimateAuth.Core.Contracts;
 public sealed record TokenValidationResult<TUserId>
 {
     public bool IsValid { get; init; }
-    public TokenType Type { get; init; }
+    public TokenFormat Format { get; init; }
     public TenantKey? Tenant { get; init; }
     public TUserId? UserId { get; init; }
     public AuthSessionId? SessionId { get; init; }
@@ -17,7 +17,7 @@ public sealed record TokenValidationResult<TUserId>
 
     private TokenValidationResult(
         bool isValid,
-        TokenType type,
+        TokenFormat format,
         TenantKey? tenant,
         TUserId? userId,
         AuthSessionId? sessionId,
@@ -27,6 +27,7 @@ private TokenValidationResult(
         )
     {
         IsValid = isValid;
+        Format = format;
         Tenant = tenant;
         UserId = userId;
         SessionId = sessionId;
@@ -36,15 +37,15 @@ private TokenValidationResult(
     }
 
     public static TokenValidationResult<TUserId> Valid(
-        TokenType type,
+        TokenFormat format,
         TenantKey tenant,
         TUserId userId,
         AuthSessionId? sessionId,
         IReadOnlyCollection<Claim> claims,
         DateTimeOffset? expiresAt)
         => new(
             isValid: true,
-            type,
+            format,
             tenant,
             userId,
             sessionId,
@@ -53,10 +54,10 @@ public static TokenValidationResult<TUserId> Valid(
             expiresAt
             );
 
-    public static TokenValidationResult<TUserId> Invalid(TokenType type, TokenInvalidReason reason)
+    public static TokenValidationResult<TUserId> Invalid(TokenFormat format, TokenInvalidReason reason)
         => new(
             isValid: false,
-            type: type,
+            format: format,
             tenant: null,
             userId: default,
             sessionId: null,

src/CodeBeam.UltimateAuth.Core/Defaults/UAuthActions.cs

@@ -68,8 +68,12 @@ public static class UserProfiles
 
         public const string GetSelf = "users.profile.get.self";
         public const string UpdateSelf = "users.profile.update.self";
+        public const string CreateSelf = "users.profile.add.self";
+        public const string CreateAdmin = "users.profile.add.admin";
         public const string GetAdmin = "users.profile.get.admin";
         public const string UpdateAdmin = "users.profile.update.admin";
+        public const string DeleteSelf = "users.profile.delete.self";
+        public const string DeleteAdmin = "users.profile.delete.admin";
     }
 
     public static class UserIdentifiers

src/CodeBeam.UltimateAuth.Core/Defaults/UAuthConstants.cs

@@ -31,6 +31,7 @@ public static class Form
         public const string ReturnUrl = "return_url";
         public const string Device = "__uauth_device";
         public const string ClientProfile = "__uauth_client_profile";
+        public const string FormCacheKey = "__uauth_form";
     }
 
     public static class Query

src/CodeBeam.UltimateAuth.Core/Domain/Auth/AuthArtifactType.cs

@@ -2,13 +2,13 @@
 
 public enum AuthArtifactType
 {
-    PkceAuthorizationCode,
-    HubFlow,
-    LoginPreview,
-    HubLogin,
-    MfaChallenge,
-    PasswordReset,
-    MagicLink,
-    OAuthState,
+    PkceAuthorizationCode = 0,
+    HubFlow = 10,
+    LoginPreview = 20,
+    HubLogin = 30,
+    MfaChallenge = 40,
+    PasswordReset = 50,
+    MagicLink = 60,
+    OAuthState = 100,
     Custom = 1000
 }

src/CodeBeam.UltimateAuth.Core/Domain/Auth/AuthFlowType.cs

@@ -0,0 +1,29 @@
+namespace CodeBeam.UltimateAuth.Core.Domain;
+
+public enum AuthFlowType
+{
+    Login = 0,
+    Reauthentication = 10,
+    Logout = 20,
+
+    RefreshSession = 100,
+    ValidateSession = 110,
+    QuerySession = 120,
+    RevokeSession = 130,
+
+    IssueToken = 200,
+    RefreshToken = 210,
+    IntrospectToken = 220,
+    RevokeToken = 230,
+
+    UserInfo = 300,
+    PermissionQuery = 310,
+
+    UserManagement = 400,
+    UserProfileManagement = 410,
+    UserIdentifierManagement = 420,
+    CredentialManagement = 430,
+    AuthorizationManagement = 440,
+
+    ApiAccess = 500
+}