adds default picture, simplify claims, adds support for cookie as well as bearer

Author: jakeoverall

CodeWorks.Auth.csproj

@@ -6,7 +6,7 @@
     <Nullable>enable</Nullable>
 
     <PackageId>CodeWorks.Auth</PackageId>
-    <Version>0.0.1</Version>
+    <Version>0.0.2</Version>
     <Authors>CodeWorks</Authors>
     <Company>CodeWorks</Company>
     <Description>Flexible, pluggable authentication module for .NET APIs with JWT, email login, and MFA support.</Description>

Extensions/ServiceCollectionExtensions.cs

@@ -36,6 +36,26 @@ public static IServiceCollection AddAuthModule<TAccountIdentity, TAccountIdentit
 
           options.Events = new JwtBearerEvents
           {
+
+            OnMessageReceived = context =>
+            {
+              // Check for Authorization header first
+              var authHeader = context.Request.Headers["Authorization"].FirstOrDefault();
+              if (!string.IsNullOrEmpty(authHeader) && authHeader.StartsWith("Bearer "))
+              {
+                context.Token = authHeader["Bearer ".Length..].Trim();
+              }
+
+              // Fallback to access-token cookie if no token found
+              if (string.IsNullOrEmpty(context.Token) &&
+                    context.Request.Cookies.TryGetValue(jwtOptions.CookieName, out var cookieToken))
+              {
+                context.Token = cookieToken;
+              }
+
+              return Task.CompletedTask;
+            },
+
             OnAuthenticationFailed = context =>
             {
               Console.WriteLine("Token invalid: " + context.Exception.Message);
@@ -64,7 +84,6 @@ public static IServiceCollection AddAuthModule<TAccountIdentity, TAccountIdentit
             ValidAudience = jwtOptions.Audience,
             IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtOptions.SigningKey)),
             ClockSkew = TimeSpan.Zero,
-
             RoleClaimType = ClaimTypes.Role,
             NameClaimType = ClaimTypes.Email
           };

Interfaces/IAccountIdentity.cs

@@ -4,8 +4,8 @@ public interface IAccountIdentity
 {
   string Id { get; set; }
   string Email { get; set; }
-  string? Name { get; set; }
-  string? Picture { get; set; }
+  string Name { get; set; }
+  string Picture { get; set; }
 
   string PasswordHash { get; set; }
   bool IsEmailVerified { get; set; }

Interfaces/IAccountIdentityStore.cs

@@ -2,10 +2,10 @@ namespace CodeWorks.Auth.Interfaces;
 
 public interface IAccountIdentityStore<TIdentity> where TIdentity : IAccountIdentity
 {
-  Task<TIdentity?> FindByEmailAsync(string email);
+  Task<TIdentity> FindByEmailAsync(string email);
   Task<bool> EmailExistsAsync(string email);
   Task SaveAsync(TIdentity user);
-  Task<TIdentity?> FindByIdAsync(string id);
+  Task<TIdentity> FindByIdAsync(string id);
 
   async public Task<TIdentity> MarkEmailVerifiedAsync(TIdentity user)
   {

Interfaces/IAccountIdentityTokenStore.cs

@@ -3,6 +3,6 @@ namespace CodeWorks.Auth.Interfaces;
 public interface IAccountIdentityTokenStore
 {
     Task SaveTokenAsync(TokenRecord token);
-    Task<TokenRecord?> GetValidTokenAsync(string token, EmailTokenPurpose purpose);
+    Task<TokenRecord> GetValidTokenAsync(string token, EmailTokenPurpose purpose);
     Task MarkTokenUsedAsync(string token);
 }

Interfaces/IUserTokenStore.cs

@@ -3,6 +3,6 @@ namespace CodeWorks.Auth.Interfaces;
 public interface IUserTokenStore
 {
     Task SaveTokenAsync(TokenRecord token);
-    Task<TokenRecord?> GetValidTokenAsync(string token, EmailTokenPurpose purpose);
+    Task<TokenRecord> GetValidTokenAsync(string token, EmailTokenPurpose purpose);
     Task MarkTokenUsedAsync(string token);
 }

Models/AuthResult.cs

@@ -3,9 +3,10 @@
 public class AuthResult
 {
   public bool IsSuccessful { get; init; }
+  public IAccountIdentity? User { get; init; }
   public string? Token { get; init; }
   public string? Error { get; init; }
 
-  public static AuthResult Success(IAccountIdentity user, string token) => new() { IsSuccessful = true, Token = token };
+  public static AuthResult Success(IAccountIdentity user, string token) => new() { IsSuccessful = true, Token = token, User = user };
   public static AuthResult Failure(string message) => new() { IsSuccessful = false, Error = message };
 }

Models/JwtOptions.cs

@@ -4,4 +4,5 @@ public class JwtOptions
     public string Issuer { get; set; } = "default-issuer";
     public string Audience { get; set; } = "default-audience";
     public TimeSpan Expiration { get; set; } = TimeSpan.FromHours(1);
+    public string CookieName { get; set; } = "access-token";
 }

Security/ClaimsExtensions.cs

@@ -15,8 +15,8 @@ public static IEnumerable<string> GetRoles(this ClaimsPrincipal user) =>
     {
         return new TUser
         {
-            Id = user.FindFirst(ClaimTypes.NameIdentifier)?.Value ?? "",
-            Email = user.FindFirst(ClaimTypes.Email)?.Value ?? "",
+            Id = user.FindFirst("id")?.Value ?? user.FindFirst(ClaimTypes.NameIdentifier)?.Value ?? "",
+            Email = user.FindFirst("email")?.Value ?? user.FindFirst(ClaimTypes.Email)?.Value ?? "",
             Name = user.FindFirst("name")?.Value ?? user.FindFirst(ClaimTypes.Email)?.Value ?? "",
             Picture = user.FindFirst("picture")?.Value ?? "",
             IsEmailVerified = user.FindFirst("email_verified")?.Value == "true",

Security/JWTService.cs

@@ -19,21 +19,23 @@ public string GenerateToken(IAccountIdentity user)
   {
     var claims = new List<Claim>
     {
-      new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
-      new Claim(ClaimTypes.Email, user.Email),
+      new(ClaimTypes.NameIdentifier, user.Id.ToString()),
+      new(ClaimTypes.Email, user.Email),
     };
 
-    var roles = user.Roles?.ToArray() ?? Array.Empty<string>();
-    claims.AddRange(roles.Select(r => new Claim(ClaimTypes.Role, r)).ToList());
+    user.Name ??= user.Email.Substring(0, user.Email.IndexOf('@'));
+    user.Picture ??= "https://ui-avatars.com/api/?name=" + user.Name + "&color=fff&background=" + StringToHex(user.Email);
 
+    claims.Add(new Claim("name", user.Name));
+    claims.Add(new Claim("picture", user.Picture));
+    claims.Add(new Claim("id", user.Id));
+    claims.Add(new Claim("email", user.Email));
 
-    var permissions = user.Permissions?.ToArray() ?? Array.Empty<string>();
-    claims.AddRange(permissions.Select(p => new Claim("permission", p)).ToList());
+    var roles = user.Roles?.ToArray() ?? [];
+    claims.AddRange([.. roles.Select(r => new Claim(ClaimTypes.Role, r))]);
 
-    if (!string.IsNullOrEmpty(user.Name))
-      claims.Add(new Claim("name", user.Name));
-    if (!string.IsNullOrEmpty(user.Picture))
-      claims.Add(new Claim("picture", user.Picture));
+    var permissions = user.Permissions?.ToArray() ?? [];
+    claims.AddRange([.. permissions.Select(p => new Claim("permission", p))]);
 
     claims.Add(new Claim("email_verified", user.IsEmailVerified.ToString()));
 
@@ -69,10 +71,8 @@ public string GenerateToken(IAccountIdentity user)
         ValidAudience = _options.Audience,
         IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_options.SigningKey)),
         ClockSkew = TimeSpan.Zero,
-
         RoleClaimType = ClaimTypes.Role,
         NameClaimType = ClaimTypes.Email
-
       }, out _);
     }
     catch
@@ -103,4 +103,22 @@ public string GetEmailFromToken(string token)
     var emailClaim = jwtToken.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email || c.Type == "email");
     return emailClaim?.Value ?? string.Empty;
   }
+
+
+  public static string StringToHex(string str = "")
+  {
+    try
+    {
+      if (string.IsNullOrEmpty(str)) return string.Empty;
+      if (str.Length > 6) str = str[..6];
+      return string.Join("", str.Select(c => ((int)c).ToString("x2")))[..6];
+    }
+    catch (Exception e)
+    {
+      Console.WriteLine(e.Message);
+      return string.Empty;
+    }
+  }
+
+
 }