Refactor: move Refresh Token generation logic to AccountManagement

application/account-management/Core/Configuration.cs

@@ -1,6 +1,9 @@
+using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using PlatformPlatform.AccountManagement.Database;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration;
 using PlatformPlatform.AccountManagement.Features.Users.Shared;
 using PlatformPlatform.AccountManagement.Integrations.Gravatar;
 using PlatformPlatform.SharedKernel.Configuration;
@@ -30,6 +33,17 @@ public static IServiceCollection AddAccountManagementServices(this IServiceColle
 
         return services
             .AddSharedServices<AccountManagementDbContext>(Assembly)
-            .AddScoped<AvatarUpdater>();
+            .AddScoped<AvatarUpdater>()
+            .AddAuthentication();
+    }
+
+
+    private static IServiceCollection AddAuthentication(this IServiceCollection services)
+    {
+        return services
+            .AddScoped<IPasswordHasher<object>, PasswordHasher<object>>()
+            .AddScoped<OneTimePasswordHelper>()
+            .AddScoped<RefreshTokenGenerator>()
+            .AddScoped<AuthenticationTokenService>();
     }
 }

application/account-management/Core/Features/Authentication/Commands/CompleteLogin.cs

@@ -1,12 +1,12 @@
 using JetBrains.Annotations;
 using Mapster;
 using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Commands;
 using PlatformPlatform.AccountManagement.Features.Users.Domain;
 using PlatformPlatform.AccountManagement.Features.Users.Shared;
 using PlatformPlatform.AccountManagement.Integrations.Gravatar;
 using PlatformPlatform.SharedKernel.Authentication;
-using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Telemetry;
 

application/account-management/Core/Features/Authentication/Commands/Logout.cs

@@ -1,5 +1,5 @@
 using JetBrains.Annotations;
-using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Telemetry;
 

application/account-management/Core/Features/Authentication/Commands/RefreshAuthenticationTokens.cs

@@ -3,9 +3,9 @@
 using JetBrains.Annotations;
 using Mapster;
 using Microsoft.AspNetCore.Http;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration;
 using PlatformPlatform.AccountManagement.Features.Users.Domain;
 using PlatformPlatform.SharedKernel.Authentication;
-using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Domain;
 using PlatformPlatform.SharedKernel.Telemetry;

application/account-management/Core/Features/Authentication/Domain/AuthenticationTokenHttpKeys.cs

@@ -0,0 +1,19 @@
+namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain;
+
+public static class AuthenticationTokenHttpKeys
+{
+    public const string RefreshTokenHttpHeaderKey = "x-refresh-token";
+
+    public const string AccessTokenHttpHeaderKey = "x-access-token";
+
+    public const string AntiforgeryTokenHttpHeaderKey = "x-xsrf-token";
+
+    public const string RefreshAuthenticationTokensHeaderKey = "x-refresh-authentication-tokens-required";
+
+    // __Host prefix ensures the cookie is sent only to the host, requires Secure, HTTPS, Path=/ and no Domain specified
+    public const string RefreshTokenCookieName = "__Host_Refresh_Token";
+
+    public const string AccessTokenCookieName = "__Host_Access_Token";
+
+    public const string AntiforgeryTokenCookieName = "__Host_Xsrf_Token";
+}

application/shared-kernel/SharedKernel/Authentication/OneTimePasswordHelper.cs → application/account-management/Core/Features/Authentication/Domain/OneTimePasswordHelper.cs

@@ -2,9 +2,9 @@
 using System.Text;
 using Microsoft.AspNetCore.Identity;
 
-namespace PlatformPlatform.SharedKernel.Authentication;
+namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain;
 
-public class OneTimePasswordHelper(IPasswordHasher<object> passwordHasher)
+public sealed class OneTimePasswordHelper(IPasswordHasher<object> passwordHasher)
 {
     public static string GenerateOneTimePassword(int length)
     {

application/shared-kernel/SharedKernel/Authentication/TokenGeneration/AuthenticationTokenService.cs → application/account-management/Core/Features/Authentication/Domain/TokenGeneration/AuthenticationTokenService.cs

@@ -1,6 +1,8 @@
 using Microsoft.AspNetCore.Http;
+using PlatformPlatform.SharedKernel.Authentication;
+using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 
-namespace PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
+namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration;
 
 public sealed class AuthenticationTokenService(
     RefreshTokenGenerator refreshTokenGenerator,

application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenGenerator.cs → application/account-management/Core/Features/Authentication/Domain/TokenGeneration/RefreshTokenGenerator.cs

@@ -1,9 +1,11 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using Microsoft.IdentityModel.Tokens;
+using PlatformPlatform.SharedKernel.Authentication;
+using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Authentication.TokenSigning;
 
-namespace PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
+namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration;
 
 public sealed class RefreshTokenGenerator(ITokenSigningClient tokenSigningClient)
 {

application/shared-kernel/SharedKernel/Authentication/TokenGeneration/RefreshTokenId.cs → application/account-management/Core/Features/Authentication/Domain/TokenGeneration/RefreshTokenId.cs

@@ -1,6 +1,7 @@
+using JetBrains.Annotations;
 using PlatformPlatform.SharedKernel.StronglyTypedIds;
 
-namespace PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
+namespace PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration;
 
 [PublicAPI]
 [IdPrefix("rt")]

application/account-management/Core/Features/EmailConfirmations/Commands/CompleteEmailConfirmation.cs

@@ -1,6 +1,6 @@
 using JetBrains.Annotations;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain;
-using PlatformPlatform.SharedKernel.Authentication;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Telemetry;
 

application/account-management/Core/Features/EmailConfirmations/Commands/ResendEmailConfirmationCode.cs

@@ -1,7 +1,7 @@
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Identity;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain;
-using PlatformPlatform.SharedKernel.Authentication;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Integrations.Email;
 using PlatformPlatform.SharedKernel.Telemetry;

application/account-management/Core/Features/EmailConfirmations/Commands/StartEmailConfirmation.cs

@@ -1,8 +1,8 @@
 using FluentValidation;
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Identity;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain;
-using PlatformPlatform.SharedKernel.Authentication;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Integrations.Email;
 using PlatformPlatform.SharedKernel.Validation;

application/account-management/Core/Features/Signups/Commands/CompleteSignup.cs

@@ -1,11 +1,11 @@
 using JetBrains.Annotations;
 using Mapster;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain.TokenGeneration;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Commands;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain;
 using PlatformPlatform.AccountManagement.Features.Tenants.Commands;
 using PlatformPlatform.AccountManagement.Features.Users.Domain;
 using PlatformPlatform.SharedKernel.Authentication;
-using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Cqrs;
 using PlatformPlatform.SharedKernel.Telemetry;
 

application/account-management/Tests/Signups/StartSignupTests.cs

@@ -4,9 +4,9 @@
 using Microsoft.AspNetCore.Identity;
 using NSubstitute;
 using PlatformPlatform.AccountManagement.Database;
+using PlatformPlatform.AccountManagement.Features.Authentication.Domain;
 using PlatformPlatform.AccountManagement.Features.EmailConfirmations.Domain;
 using PlatformPlatform.AccountManagement.Features.Signups.Commands;
-using PlatformPlatform.SharedKernel.Authentication;
 using PlatformPlatform.SharedKernel.Tests;
 using PlatformPlatform.SharedKernel.Tests.Persistence;
 using PlatformPlatform.SharedKernel.Validation;

application/shared-kernel/SharedKernel/Authentication/TokenGeneration/SecurityTokenDescriptorExtensions.cs

@@ -3,9 +3,9 @@
 
 namespace PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 
-internal static class SecurityTokenDescriptorExtensions
+public static class SecurityTokenDescriptorExtensions
 {
-    internal static string GenerateToken(
+    public static string GenerateToken(
         this SecurityTokenDescriptor tokenDescriptor,
         DateTimeOffset expires,
         string issuer,

application/shared-kernel/SharedKernel/Configuration/SharedDependencyConfiguration.cs

@@ -4,11 +4,9 @@
 using Azure.Security.KeyVault.Secrets;
 using FluentValidation;
 using Microsoft.AspNetCore.Http.Json;
-using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Diagnostics.HealthChecks;
-using PlatformPlatform.SharedKernel.Authentication;
 using PlatformPlatform.SharedKernel.Authentication.TokenGeneration;
 using PlatformPlatform.SharedKernel.Authentication.TokenSigning;
 using PlatformPlatform.SharedKernel.DomainEvents;
@@ -73,11 +71,7 @@ public static ITokenSigningClient GetTokenSigningService()
     private static IServiceCollection AddAuthentication(this IServiceCollection services)
     {
         return services
-            .AddScoped<IPasswordHasher<object>, PasswordHasher<object>>()
-            .AddScoped<OneTimePasswordHelper>()
-            .AddScoped<RefreshTokenGenerator>()
-            .AddScoped<AccessTokenGenerator>()
-            .AddScoped<AuthenticationTokenService>();
+            .AddScoped<AccessTokenGenerator>();
     }
 
     private static IServiceCollection AddDefaultJsonSerializerOptions(this IServiceCollection services)