UAuthUserAgentParser and Complete DeviceContext Implementation on WASM

Author: mckaragoz

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Components/Layout/MainLayout.razor

@@ -1,8 +1,44 @@
-@inherits LayoutComponentBase
+@inherits UAuthHubLayoutComponentBase
 @inject IUAuthClient UAuthClient
 @inject ISnackbar Snackbar
 @inject NavigationManager Nav
 
+@if (!IsHubAuthorized)
+{
+    <MudAppBar Class="uauth-blur" Color="Color.Transparent" Dense="true" Elevation="0">
+        <UAuthLogo />
+        <MudText Class="ml-2 cursor-pointer" Style="user-select: none" @onclick="@(() => Nav.NavigateTo("/home", true))"><b>UltimateAuth</b></MudText>
+        <MudDivider Class="ml-3 mr-1" Vertical="true" />
+        <MudText Class="ml-2" Style="line-height: 14px" Typo="Typo.subtitle2">UAuthHub Sample</MudText>
+
+        <MudSpacer />
+
+        <MudIconButton Icon="@(DarkModeManager.IsDarkMode? Icons.Material.Filled.LightMode : Icons.Material.Filled.DarkMode)" OnClick="@(() => DarkModeManager.ToggleAsync())" />
+    </MudAppBar>
+
+    <MudPage Class="d-flex align-center justify-center" FullScreen="FullScreen.FullWithoutAppbar" Column="1" Row="1">
+        <MudPaper Class="pa-8" Elevation="4" Style="max-width: 520px; width: 100%;">
+            <MudStack Spacing="3" AlignItems="AlignItems.Center">
+                <UAuthLogo Size="72" />
+
+                <MudText Typo="Typo.h5"><b>Access Denied</b></MudText>
+
+                <MudText Typo="Typo.body2" Align="Align.Center">
+                    This page cannot be accessed directly.
+                    UAuthHub login flows can only be initiated by an authorized client application.
+                </MudText>
+
+                <MudDivider Class="my-2" />
+
+                <MudText Typo="Typo.caption" Color="Color.Secondary">
+                    UltimateAuth protects this resource based on your session and permissions.
+                </MudText>
+            </MudStack>
+        </MudPaper>
+    </MudPage>
+    return;
+}
+
 <MudLayout>
     <MudAppBar Class="uauth-blur" Color="Color.Transparent" Dense="true" Elevation="0">
         <UAuthLogo />

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Components/Pages/Home.razor

@@ -24,31 +24,6 @@
 @inject IDialogService DialogService
 @inject IOptions<UAuthClientOptions> Options
 
-@if (!IsHubAuthorized)
-{
-    <MudPage Class="d-flex align-center justify-center" FullScreen="FullScreen.FullWithoutAppbar" Column="1" Row="1">
-        <MudPaper Class="pa-8" Elevation="4" Style="max-width: 520px; width: 100%;">
-            <MudStack Spacing="3" AlignItems="AlignItems.Center">
-                <UAuthLogo Size="72" />
-
-                <MudText Typo="Typo.h5"><b>Access Denied</b></MudText>
-
-                <MudText Typo="Typo.body2" Align="Align.Center">
-                    This page cannot be accessed directly.
-                    UAuthHub login flows can only be initiated by an authorized client application.
-                </MudText>
-
-                <MudDivider Class="my-2" />
-
-                <MudText Typo="Typo.caption" Color="Color.Secondary">
-                    UltimateAuth protects this resource based on your session and permissions.
-                </MudText>
-            </MudStack>
-        </MudPaper>
-    </MudPage>
-    return;
-}
-
 <MudPage FullScreen="FullScreen.FullWithoutAppbar" Column="1" Row="1">
     <MudContainer Class="d-flex align-center justify-center" MaxWidth="MaxWidth.Medium" Gutters="false">
         <MudGrid Spacing="0">

src/CodeBeam.UltimateAuth.Core/Abstractions/Device/IUserAgentParser.cs

@@ -0,0 +1,8 @@
+using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions;
+
+public interface IUserAgentParser
+{
+    UserAgentInfo Parse(string? userAgent);
+}

src/CodeBeam.UltimateAuth.Core/Contracts/Pkce/PkceAuthorizeCommand.cs

@@ -1,4 +1,5 @@
-using CodeBeam.UltimateAuth.Core.MultiTenancy;
+using CodeBeam.UltimateAuth.Core.Domain;
+using CodeBeam.UltimateAuth.Core.MultiTenancy;
 using CodeBeam.UltimateAuth.Core.Options;
 
 namespace CodeBeam.UltimateAuth.Core.Contracts;
@@ -7,7 +8,7 @@ public sealed record PkceAuthorizeCommand
 {
     public string CodeChallenge { get; init; } = default!;
     public string ChallengeMethod { get; init; } = "S256";
-    public string? DeviceId { get; init; }
+    public required DeviceContext Device { get; init; }
     public string? RedirectUri { get; init; }
 
     public UAuthClientProfile ClientProfile { get; init; }

src/CodeBeam.UltimateAuth.Core/Domain/Device/UserAgentInfo.cs

@@ -0,0 +1,9 @@
+namespace CodeBeam.UltimateAuth.Core.Domain;
+
+public sealed class UserAgentInfo
+{
+    public string? DeviceType { get; init; }
+    public string? Platform { get; init; }
+    public string? OperatingSystem { get; init; }
+    public string? Browser { get; init; }
+}

src/CodeBeam.UltimateAuth.Core/Domain/Hub/HubFlowArtifact.cs

@@ -10,6 +10,7 @@ public sealed class HubFlowArtifact : AuthArtifact
 
     public UAuthClientProfile ClientProfile { get; }
     public TenantKey Tenant { get; }
+    public DeviceContext Device { get; }
     public string? ReturnUrl { get; }
 
     public HubFlowPayload Payload { get; }
@@ -21,6 +22,7 @@ public HubFlowArtifact(
         HubFlowType flowType,
         UAuthClientProfile clientProfile,
         TenantKey tenant,
+        DeviceContext device,
         string? returnUrl,
         HubFlowPayload payload,
         DateTimeOffset expiresAt)
@@ -30,6 +32,7 @@ public HubFlowArtifact(
         FlowType = flowType;
         ClientProfile = clientProfile;
         Tenant = tenant;
+        Device = device;
         ReturnUrl = returnUrl;
         Payload = payload;
     }

src/CodeBeam.UltimateAuth.Core/Extensions/ServiceCollectionExtensions.cs

@@ -74,6 +74,7 @@ private static IServiceCollection AddUltimateAuthInternal(this IServiceCollectio
 
         services.AddSingleton<IUserIdConverterResolver, UAuthUserIdConverterResolver>();
         services.TryAddSingleton<IUAuthProductInfoProvider, UAuthProductInfoProvider>();
+        services.TryAddSingleton<IUserAgentParser, UAuthUserAgentParser>();
 
         return services;
     }

src/CodeBeam.UltimateAuth.Core/Infrastructure/UAuthUserAgentParser.cs

@@ -0,0 +1,85 @@
+using CodeBeam.UltimateAuth.Core.Abstractions;
+using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Core.Infrastructure;
+
+internal sealed class UAuthUserAgentParser : IUserAgentParser
+{
+    public UserAgentInfo Parse(string? userAgent)
+    {
+        if (string.IsNullOrWhiteSpace(userAgent))
+            return new UserAgentInfo();
+
+        var ua = userAgent.ToLowerInvariant();
+
+        return new UserAgentInfo
+        {
+            DeviceType = ResolveDeviceType(ua),
+            Platform = ResolvePlatform(ua),
+            OperatingSystem = ResolveOperatingSystem(ua),
+            Browser = ResolveBrowser(ua)
+        };
+    }
+
+    private static string ResolveDeviceType(string ua)
+    {
+        if (ua.Contains("ipad") || ua.Contains("tablet"))
+            return "tablet";
+
+        if (ua.Contains("mobi") || ua.Contains("iphone") || ua.Contains("android"))
+            return "mobile";
+
+        return "desktop";
+    }
+
+    private static string ResolvePlatform(string ua)
+    {
+        if (ua.Contains("ipad") || ua.Contains("tablet"))
+            return "tablet";
+
+        if (ua.Contains("mobi") || ua.Contains("iphone") || ua.Contains("android"))
+            return "mobile";
+
+        return "desktop";
+    }
+
+    private static string ResolveOperatingSystem(string ua)
+    {
+        if (ua.Contains("android"))
+            return "android";
+
+        if (ua.Contains("iphone") || ua.Contains("ipad"))
+            return "ios";
+
+        if (ua.Contains("windows"))
+            return "windows";
+
+        if (ua.Contains("mac"))
+            return "macos";
+
+        if (ua.Contains("linux"))
+            return "linux";
+
+        return "unknown";
+    }
+
+    private static string ResolveBrowser(string ua)
+    {
+        if (ua.Contains("edg/"))
+            return "edge";
+
+        if (ua.Contains("opr/") || ua.Contains("opera"))
+            return "opera";
+
+        if (ua.Contains("chrome") && !ua.Contains("chromium"))
+            return "chrome";
+
+        if (ua.Contains("safari") && !ua.Contains("chrome"))
+            return "safari";
+
+        if (ua.Contains("firefox"))
+            return "firefox";
+
+        return "unknown";
+    }
+}

src/CodeBeam.UltimateAuth.Server/Contracts/Hub/HubBeginRequest.cs

@@ -1,4 +1,5 @@
-using CodeBeam.UltimateAuth.Core.MultiTenancy;
+using CodeBeam.UltimateAuth.Core.Domain;
+using CodeBeam.UltimateAuth.Core.MultiTenancy;
 using CodeBeam.UltimateAuth.Core.Options;
 
 namespace CodeBeam.UltimateAuth.Server.Contracts;
@@ -15,5 +16,5 @@ public sealed record HubBeginRequest
 
     public string? PreviousHubSessionId { get; init; }
 
-    public string? DeviceId { get; init; }
+    public required DeviceContext Device { get; init; }
 }

src/CodeBeam.UltimateAuth.Server/Endpoints/PkceEndpointHandler.cs

@@ -1,16 +1,18 @@
 using CodeBeam.UltimateAuth.Core.Abstractions;
 using CodeBeam.UltimateAuth.Core.Contracts;
+using CodeBeam.UltimateAuth.Core.Defaults;
 using CodeBeam.UltimateAuth.Core.Domain;
 using CodeBeam.UltimateAuth.Server.Abstractions;
 using CodeBeam.UltimateAuth.Server.Auth;
 using CodeBeam.UltimateAuth.Server.Extensions;
 using CodeBeam.UltimateAuth.Server.Flows;
 using CodeBeam.UltimateAuth.Server.Infrastructure;
-using CodeBeam.UltimateAuth.Server.Options;
 using CodeBeam.UltimateAuth.Server.Services;
 using CodeBeam.UltimateAuth.Server.Stores;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Options;
+using Microsoft.AspNetCore.WebUtilities;
+using System.Text;
+using System.Text.Json;
 
 namespace CodeBeam.UltimateAuth.Server.Endpoints;
 
@@ -61,7 +63,7 @@ public async Task<IResult> AuthorizeAsync(HttpContext ctx)
             {
                 CodeChallenge = request.CodeChallenge,
                 ChallengeMethod = request.ChallengeMethod,
-                DeviceId = request.DeviceId,
+                Device = request.Device,
                 RedirectUri = request.RedirectUri,
                 ClientProfile = auth.ClientProfile,
                 Tenant = auth.Tenant
@@ -108,7 +110,7 @@ public async Task<IResult> TryCompleteAsync(HttpContext ctx)
                 clientProfile: authContext.ClientProfile,
                 tenant: authContext.Tenant,
                 redirectUri: null,
-                deviceId: artifact.Context.DeviceId),
+                device: artifact.Context.Device),
             _clock.UtcNow);
 
         if (!validation.Success)
@@ -130,7 +132,7 @@ public async Task<IResult> TryCompleteAsync(HttpContext ctx)
         var execution = new AuthExecutionContext
         {
             EffectiveClientProfile = artifact.Context.ClientProfile,
-            Device = DeviceContext.Create(DeviceId.Create(artifact.Context.DeviceId))
+            Device = artifact.Context.Device
         };
 
         var preview = await _internalFlowService.LoginAsync(authContext, execution, loginRequest,
@@ -204,19 +206,41 @@ public async Task<IResult> CompleteAsync(HttpContext ctx)
 
         if (ctx.Request.HasFormContentType)
         {
-            var form = await ctx.Request.ReadFormAsync(ctx.RequestAborted);
+            var form = await ctx.GetCachedFormAsync();
 
             var codeChallenge = form["code_challenge"].ToString();
             var challengeMethod = form["challenge_method"].ToString();
             var redirectUri = form["redirect_uri"].ToString();
-            var deviceId = form["device_id"].ToString();
+
+            var deviceRaw = form["device"].FirstOrDefault();
+            DeviceContext? device = null;
+
+            if (!string.IsNullOrWhiteSpace(deviceRaw))
+            {
+                try
+                {
+                    var bytes = WebEncoders.Base64UrlDecode(deviceRaw);
+                    var json = Encoding.UTF8.GetString(bytes);
+                    device = JsonSerializer.Deserialize<DeviceContext>(json);
+                }
+                catch
+                {
+                    device = null;
+                }
+            }
+
+            if (device == null)
+            {
+                var info = await ctx.GetDeviceAsync();
+                device = DeviceContext.Create(info.DeviceId, info.DeviceType, info.Platform, info.OperatingSystem, info.Browser, info.IpAddress);
+            }
 
             return new PkceAuthorizeRequest
             {
                 CodeChallenge = codeChallenge,
                 ChallengeMethod = challengeMethod,
                 RedirectUri = string.IsNullOrWhiteSpace(redirectUri) ? null : redirectUri,
-                DeviceId = deviceId
+                Device = device
             };
         }
 
@@ -268,15 +292,15 @@ private async Task<IResult> RedirectToLoginWithErrorAsync(HttpContext ctx, AuthF
                 hub.SetError(HubErrorCode.InvalidCredentials);
                 await _authStore.StoreAsync(key, hub);
 
-                return Results.Redirect($"{basePath}?hub={Uri.EscapeDataString(hubKey)}");
+                return Results.Redirect($"{basePath}?{UAuthConstants.Query.Hub}={Uri.EscapeDataString(hubKey)}");
             }
         }
         return Results.Redirect(basePath);
     }
 
     private async Task<string?> ResolveHubKeyAsync(HttpContext ctx)
     {
-        if (ctx.Request.Query.TryGetValue("hub", out var q) && !string.IsNullOrWhiteSpace(q))
+        if (ctx.Request.Query.TryGetValue(UAuthConstants.Query.Hub, out var q) && !string.IsNullOrWhiteSpace(q))
             return q.ToString();
 
         if (ctx.Request.HasFormContentType)