Conversation
Updated the feature request template to include new sections and improved formatting.
Added a pull request template to guide contributors.
* First Implementation of Core Project * Extensions & Options & Validators * Errors & Utilities & Multi Tenancy Support & Events * Fixes * Add XML Definitions
* First Implementation of Server Project * Add MultiTenancy * Checking Architecture & Fixes
* Build Server Project (Part 2) * TokenService Implementation * Login Flow & Code Improvements * Folder Classification
* Start to Authority Layer * Complete Basic Authority Layer * Finalize Server Project's Layers * Change Slnx
* Create HappyPath * Add All Required Projects * Add Cookie Manager With Basics & Create Blazor Server Sample * The First Succesful Blazor Server Sample Startup * Finalize First Working Login Flow on Blazor Server
* Create Main Flows * Complete Login Path with Minimum Required Features * Add Validation Flow * Logout Flow & Fix Cookie Options Conflict * Refresh Flow * Polish Flows
Updated project status message and added badges.
* Preparation of First Release (Part 1) * Create Test Project
* Preparation of First Release v 0.0.1 (Part 2) * Add Project References To Test Project * Add CodeBeam.UltimateAuth.Sessions.EntityFrameworkCore project & Implementation * Add CodeBeam.UltimateAuth.Tokens.EntityFramework project & Implementation & First Unit Tests * Add CodeBeam.UltimateAuth.Credentials.EntityFrameworkCore & Implementation
Updated project release timeline and added badges.
* Preparation Of First Release (Part 3/7) * Add AuthenticationStateProvider Support to Blazor Server * Great Enhancements for Blazor Server * Add Tests * Add ValidateAsync into Client Project * Little Changes and Notes
* Create UAuthHub and ResourceApi Projects * Arrange Program.cs of WASM & Hub & Api * WASM Login & Validation & Logout Flows * Add Multi-Client Support * Push Before Going Complex * Start Fixing Bugs in Blazor Server * Fix Programmatic Login and AuthenticationStateProvider for Blazor Server * Fix Refresh on Blazor Server * UAuthState Implementation
* Preparation of First Release (Part 5/7) * Add Complete Refresh Flow Especially For PureOpaque and Hybrid Auth Mode * Add PKCE for Login Flow * Add PKCE form login & Failed Behavior * PKCE Polish & Cleanup * Fix SessionId Cookie MaxAge on Hybrid Auth Mode * Add DeviceId Support & Big Refactoring * Minor Fixes * Fix Tests
* Preparation of First Release (Part 6/7) * Add Required Projects * Project Name Change to Proper Ones * Add Contracts & Reference Projects For Users & Credentials * Complete Reference & InMemory Projects for Users & Credentials * Add Role Support & Enhance ClaimsSnapshot * User Management Endpoints & Orchestrator Basics * Add Credential Endpoints * Added Policy Project * Added User Client
This document outlines the architectural principles, scope, and responsibilities of the UltimateAuth framework, emphasizing the separation of authentication and authorization, session management, and security invariants.
This document outlines mandatory guidelines for AI-assisted tools in the UltimateAuth codebase, emphasizing security and integrity rules.
* Add New User Domains * Fix Login Flow With UserStatus Check Support & Added IUserApplicationService * Fix Policies * Added User Status Change * Added Identifier Client * Added Authorizaton Client * Added Credentials Client
* Code Refactoring & Polishing * Core Project Cleanup * Remove Base64Url Duplicated Methods * Remove Session Domain Interfaces & EFCore Session Multi Tenant Enhancements * Added ISessionValidator * Added TenantKey Value Object * Refactoring on Credential Projects * Main Refactoring * Fix Compiler Warnings & Last Refactorings
* Fail-Fast Strategy & Options Improvement * Added Lockout Mechanism & Bind LoginOptions * Session & Token Options and Validators * Bind Login & Logout Events With Options * Improved PKCE and MultiTenant Options & Fixed Path Tenant Resolver Logic * Completed Core Options & Improved AuthFlowContext and AccessContext Creation Security * Change Mode Option to AllowedModes * Server Options Improvements * Complete Checking Server Options * Improved ServiceCollectionExtensions * Enhanced Redirect Options & Handling * Added ReturnUrl Resolving * Fix Absolute Uri Platform Differencies * Try Another Fix * Complete Client Options Draft * Added Auth Invariants
* Client Improvization * Little Cleanup & UseUltimateAuthWithAspNetCore Pipeline Method Addition * Improvized Sample Page Seperation & Fix UAuthLoginForm ReturnUrl Behavior * Login Redirect Improvization * Improved UAuthStateManager * Complete AuthStateSnapshot * Complete UAuthState * Add Tests & Fix Current Tests * Minify uauth.js * Last Client Refinement & ProductInfo Improvement
* Sample Improvement * Added UAuthStateView Component * Add UAuthScope component and UAuthReactiveComponentBase & Arrange Other Components * Enhanced Login Page * Fixed Login Failure Message Flow * Enhanced Login Lockout Client Handling * Complete Login Flow For Client & Login Sample Page * Fix Test * Login Page Last Improvement * Login Page Cleanup * Home Page Profile Section Design & Fixed DisplayName Doesn't Show in State & Sample DarkMode Implementation * Diagnostics Section Design & RefreshOutcome Improvement * Improve Validation Client Handling & Postpone Reauth Flow Until Adding MFA * Enhance Identifier Handling (Part 1) * Enhance Credential Plugin Domain
* Sample Improvement (Part 2/2) * Identifier Normalization & Improved Exists Logic * Complete Identifier and Add New Tests * Complete Needed Identifier Logics & Improved PagedResult * Added Concurrency Support & Identifier Implementation * Add & Fix Test * Added Session Concurrency * Improved Session Domains & Basic Device Id Binding * Improved Device Context Properties * Added State Clear on Current Chain Revoke * Credential Enhancement * Support Credential Level Lockout * Complete Credential Change & Tests * Complete Credential Reset & Added Tests * Added Generic InMemory Store and User Lifecycle Store Implementation * Completed User Create * Enhanced Authorization (RBAC) * Authorization Completion & Tests * Fixed Identifier Concurrency Test * Profile Dialog & UAuthClientEvents * User Self Deletion * Added Self User Status Change * Complete Logout & Revoke Semantics & Added Tests * Home Page Design and ReauthRequired Raiese Event Test Fix * Admin Role Crud Dialog & State Handling Mode Enhancement :) * Permission Set Logic * UAuthStateView Enhancement * Completed User Role Management * Finalized Endpoints & Admin User Management Dialog * Finalize Blazor Server Sample
Updated the README to reflect the current development status and upcoming release plans.
* Improve Blazor WASM Sample * WASM Sample New Design Implementation * Added Device Id Support For PKCE Login * Completed WASM Sample
* EFCore Store Implementation * Completed EFCore Session Store * Completed EFCore Token Store * Completed EFCore User Store * Completed EFCore Credential Store * Completed EFCore Authorization Store
* Added Authentication EFCore Store * Completed Routes Improvization * Added InMemory & EFCore NuGet-Aimed Projects * Changed InMemory Stores With Tenant-Aware Factory Pattern * EFCore User Plugin Domain Store Tests * Added EFCore Session Store Tests * Added Authentication & Authorization EFCore Tests * Core to Server Project's NuGet Package Arrangement * Seperate Client to a new CodeBeam.UltimateAuth.Client.Blazor Package & ResourceApi Pipeline Skeleton * Completed NuGet Package Preparation * Directory.Build.props Addition * Automatized NuGet Pack Arrangements * Completed DX Fundamentals & First Quick Start and Examples in Readme.md
* Interactive Login Enhancement * Some WASM TryPkceComplete Arrangements * More Fixes * Completed PKCE * Code Refactoring * More Code Refactoring * UAuthUserAgentParser and Complete DeviceContext Implementation on WASM * Fix PKCE Client Provile & RedirectUri Mismatch * Added PKCE Tests * Little Sample Change
* ResourceApi Infrastructure & Sample Improvement * Cleanup Not Needed ResourceApi Definitions * Completed ResourceApi Infrastructure & Sample * Added Integration Test Project & First Login Tests
* Added Some Client Tests * Created Blacor Server EFCore Sample * Session Store Fix * Added Facade UAuthDbContext * Fix CORS & Completed Samples * Update README
* Reviewed Credential Client API * Reviewed Authorization Client API * Reviewed Flow Client API * Reviewed User Client API
* Added Client Credentials Tests * Added Client Authorization Tests * Added Client Session Tests * Added Client User Tests * Added Client Flow Tests * Added Missing Flow Tests * Added Options & Runtime Tests * Added UAuthLoginForm Tests * Fix Test * UAuthApp & UAuthStateView Tests
Removed outdated development status and updated roadmap release dates.
* Docs Content * Refactor and enhance getting started documentation * Add quick start guide for UltimateAuth setup Added a quick start guide for setting up UltimateAuth with Blazor Server, including project creation, package installation, service configuration, middleware setup, and first login example. * Enhance Real-World Setup documentation for UltimateAuth Updated the Real-World Setup guide to clarify the use of a persistent configuration and added detailed setup instructions for UltimateAuth with Entity Framework Core and Blazor. * Improve Service Collection Extensions * Add authentication model documentation for UltimateAuth Added comprehensive documentation on the authentication model for UltimateAuth, detailing the concepts of Root, Chain, and Session, and their interactions. * Move fundaments to content * Add flow-based authentication documentation Introduced a comprehensive guide on flow-based authentication, detailing its principles, processes, and benefits compared to traditional token-based systems. * Document authentication modes in UltimateAuth Added documentation for authentication modes in UltimateAuth, detailing available modes, comparisons, and recommendations. * Add fundamentals section to documentation * Add documentation for Client Profiles in UltimateAuth Added detailed documentation on Client Profiles, including definitions, runtime detection, configuration options, and built-in profiles. * Add runtime architecture documentation for UltimateAuth This document outlines the runtime architecture of UltimateAuth, detailing the structured execution pipeline for authentication, including components like Endpoint Filter, AuthFlowContext, Flow Service, Orchestrator, and Authority. * Enhance getting started guide with UAuthHub config Added UAuthHub Pipeline Configuration section to the setup guide. * Add request lifecycle documentation for UltimateAuth This document explains the request lifecycle in UltimateAuth, detailing the processing of passive and active flow requests, middleware pipeline, and user resolution. * Document Flow Execution Boundary for authentication Add section on Flow Execution Boundary to clarify authentication flow behavior. * Fix Tenant Restriction even in normal Requests * Add documentation for Auth Flows in UltimateAuth Introduced a comprehensive guide on authentication flows in UltimateAuth, detailing the flow-driven system, types of flows, and supporting concepts. * Add detailed documentation for login flow in UltimateAuth This document outlines the login flow in UltimateAuth, detailing the structured pipeline from identifier resolution to session creation and optional token issuance. It emphasizes the importance of session hierarchy and security considerations. * Add documentation for UltimateAuth refresh flow Document the refresh flow in UltimateAuth, detailing its strategies and execution steps. * Add documentation for logout flow in UltimateAuth Document the logout flow and its distinctions in UltimateAuth, including session, device, and identity scopes. * Add session lifecycle documentation for UltimateAuth Document the structured session lifecycle in UltimateAuth, detailing core entities, relationships, and lifecycle phases. * Add documentation for token behavior in UltimateAuth Document the behavior and characteristics of tokens in UltimateAuth, including types, modes, access and refresh tokens, security model, and key takeaways. * Add device management documentation Document the device management features in UltimateAuth, covering the importance of devices, their lifecycle, security model, and configuration options. * Add configuration and extensibility documentation Added detailed documentation on configuration and extensibility in UltimateAuth, covering configuration layers, sources, and safety measures. * Create configuration overview documentation Added comprehensive overview of UltimateAuth configuration, detailing its runtime-adaptive nature and layered configuration model. * Some Improvements * Document server options for UltimateAuth configuration Added documentation for configuring server options in UltimateAuth, including usage examples and key takeaways. * Add client options documentation for UltimateAuth Added documentation for client options in UltimateAuth, detailing configuration, usage, and key features. * Add documentation for configuration sources and rules Document configuration sources, precedence rules, and best practices for UltimateAuth. * Add advanced configuration documentation for UltimateAuth Added detailed documentation on advanced configuration options for UltimateAuth, including customization points, service replacement, and safety boundaries. * Add documentation for Plugin Domains in UltimateAuth Introduced documentation for Plugin Domains in UltimateAuth, detailing architecture, extensibility, and recommended approaches. * Add Users Domain documentation Document the Users Domain in UltimateAuth, detailing core concepts, lifecycle, identifiers, and user profiles. * Add documentation for Credentials Domain Document the credentials domain, including core concepts, types, validation, integration with users, lifecycle, and security behavior. * Enhance documentation on plugin domains Added sections on domain isolation and communication via hooks. * Clean up formatting in plugin-domains index Remove unnecessary line break in documentation. * Add documentation for Authorization & Policies domain Added detailed documentation for the Authorization & Policies domain, covering core concepts, permission structure, built-in action catalog, role definitions, permission resolution, claims integration, authorization flow, and policies. * Create policies.md * Add client usage guide for UltimateAuth Added a comprehensive client usage guide for UltimateAuth, detailing its features, architecture, core concepts, examples, and state events. * Add authentication guide for UltimateAuth client Added comprehensive authentication guide for UltimateAuth client, covering login, refresh, logout, and PKCE flow. * Document Client Entry Point for UltimateAuth Added section on Client Entry Point with usage examples. * Update example for LoginAsync method * Improve clarity on authentication mode usage Clarified usage recommendations for authentication modes. * Add session management guide for UltimateAuth client Added comprehensive session management guide for UltimateAuth client, detailing session structure, methods for retrieving active sessions, logging out, revoking sessions, and security implications. * Add User Identifiers Guide documentation This document provides a comprehensive guide on user identifiers in UltimateAuth, detailing their types, management, and security considerations. * Add User Management Guide for UltimateAuth client This document provides a comprehensive guide on user management using the UltimateAuth client, covering user operations, profile management, lifecycle, and admin functionalities. * Add Authorization Guide for UltimateAuth client This guide details the management of roles, permissions, and access control using the UltimateAuth client, including core concepts, querying roles, creating and renaming roles, setting permissions, and user role assignments. * Add Credential Management Guide This document provides a comprehensive guide on managing user credentials with the UltimateAuth client, covering operations like changing, resetting, adding, and revoking credentials, along with security notes and summaries. * Add session security model documentation Document the hierarchical session security model of UltimateAuth, detailing the roles of Root, Chain, and Session in authentication, as well as security versioning, validation, device awareness, expiration, and revocation boundaries. * Document refresh token rotation security features Added comprehensive documentation on refresh token rotation, detailing its security features, rotation model, and invalid scenarios. * Add documentation for access token behavior in UltimateAuth Document the behavior and principles of access tokens in UltimateAuth, including token types, mode-dependent behavior, lifetime strategy, refresh interaction, claims model, and security implications. * Add detailed policy pipeline documentation This document provides a comprehensive overview of the multi-stage policy pipeline used in UltimateAuth for authorization decisions, detailing each step from context enrichment to final decision-making. * Create readme.md
* Website Docs * Enhance Home Page
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.