Add generic user ID support and Google login endpoint

Refactored `BaseAuthController` to support generic user ID types (`TId`), enabling flexibility for different identifier types.

Added new authentication endpoints:
- `POST /login` for username/password authentication.
- `POST /login/google` for Google OpenID Connect authentication.

Introduced new abstract and virtual methods for extensibility:
- `FindUserByUsernameAsync`, `OnUserLoggedInAsync`, `IsEmailVerificationRequired`, and `CreateUserFromGoogleAsync`.

Enhanced token management with secure refresh token rotation and role-based access token creation.

Added new DTOs:
- `GoogleOpenIdResponseDto` for Google user info.
- `LoginRequestDto` for login credentials.

Introduced `IUserIdentity<TId>` interface for standardized user identity representation.

Refactored `using` directives, improved documentation, and enhanced code readability and maintainability.

Author: Vadim Belov

Sources/EasyExtensions.AspNetCore.Authorization/Controllers/BaseAuthController.cs

@@ -1,17 +1,19 @@
-using System;
-using System.Net;
+using EasyExtensions.Abstractions;
+using EasyExtensions.AspNetCore.Authorization.Abstractions;
+using EasyExtensions.AspNetCore.Authorization.Models.Dto;
+using EasyExtensions.AspNetCore.Authorization.Models.Dto.Enums;
+using EasyExtensions.AspNetCore.Extensions;
 using EasyExtensions.Helpers;
-using System.Threading.Tasks;
-using System.Security.Claims;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using System;
 using System.Collections.Generic;
-using EasyExtensions.Abstractions;
 using System.IdentityModel.Tokens.Jwt;
-using Microsoft.AspNetCore.Authorization;
-using EasyExtensions.AspNetCore.Extensions;
-using EasyExtensions.AspNetCore.Authorization.Models.Dto;
-using EasyExtensions.AspNetCore.Authorization.Abstractions;
-using EasyExtensions.AspNetCore.Authorization.Models.Dto.Enums;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Json;
+using System.Security.Claims;
+using System.Threading.Tasks;
 
 namespace EasyExtensions.AspNetCore.Authorization.Controllers
 {
@@ -90,6 +92,80 @@ public async Task<IActionResult> RefreshToken([FromBody] RefreshTokenRequestDto
             });
         }
 
+        /// <summary>
+        /// Authenticates a user using the provided credentials and issues a new access and refresh token pair.
+        /// </summary>
+        /// <remarks>This endpoint is typically used as part of a username and password authentication
+        /// flow. The returned tokens can be used to access protected resources and to refresh authentication without
+        /// re-entering credentials. Repeated failed login attempts may be subject to rate limiting or account lockout
+        /// policies, depending on system configuration.</remarks>
+        /// <param name="request">The login request containing the user's username and password. Cannot be null.</param>
+        /// <returns>An <see cref="IActionResult"/> containing a <see cref="TokenPairDto"/> with access and refresh tokens if
+        /// authentication is successful; otherwise, an unauthorized response if the credentials are invalid.</returns>
+        [HttpPost("login")]
+        public async Task<IActionResult> Login([FromBody] LoginRequestDto request)
+        {
+            Guid? userId = await FindUserByUsernameAsync(request.Username);
+            if (!userId.HasValue || userId == Guid.Empty)
+            {
+                return this.ApiUnauthorized("Invalid username or password");
+            }
+            string? phc = await FindUserPhcAsync(userId.Value);
+            if (string.IsNullOrWhiteSpace(phc))
+            {
+                return this.ApiUnauthorized("Invalid username or password");
+            }
+            bool isValidPassword = _passwordHasher.Verify(request.Password, phc);
+            if (!isValidPassword)
+            {
+                return this.ApiUnauthorized("Invalid username or password");
+            }
+            var roles = await GetUserRolesAsync(userId.Value);
+            string accessToken = CreateAccessToken(userId.Value, roles);
+            string refreshToken = StringHelpers.CreateRandomString(64);
+            await SaveAndRevokeRefreshTokenAsync(userId.Value, string.Empty, refreshToken);
+            await OnUserLoggedInAsync(userId.Value, AuthType.Credentials);
+            return Ok(new TokenPairDto
+            {
+                AccessToken = accessToken,
+                RefreshToken = refreshToken
+            });
+        }
+
+        [HttpPost("login/google")]
+        public async Task<IActionResult> Login([FromQuery] string token)
+        {
+            const string url = "https://openidconnect.googleapis.com/v1/userinfo";
+            using HttpClient http = new();
+            http.DefaultRequestHeaders.Authorization = new("Bearer", token);
+            GoogleOpenIdResponseDto response = await http.GetFromJsonAsync<GoogleOpenIdResponseDto>(url)
+                ?? throw new InvalidOperationException("Failed to get user info from Google.");
+            bool mustVerifyEmail = IsEmailVerificationRequired();
+            if (mustVerifyEmail && !response.IsEmailVerified)
+            {
+                return this.ApiUnauthorized("Email is not verified");
+            }
+            Guid? userId = await FindUserByUsernameAsync(response.Email);
+            if (!userId.HasValue || userId == Guid.Empty)
+            {
+                userId = await CreateUserFromGoogleAsync(response);
+                if (!userId.HasValue || userId == Guid.Empty)
+                {
+                    return this.ApiUnauthorized("User not found");
+                }
+            }
+            var roles = await GetUserRolesAsync(userId.Value);
+            string accessToken = CreateAccessToken(userId.Value, roles);
+            string refreshToken = StringHelpers.CreateRandomString(64);
+            await SaveAndRevokeRefreshTokenAsync(userId.Value, string.Empty, refreshToken);
+            await OnUserLoggedInAsync(userId.Value, AuthType.Google);
+            return Ok(new TokenPairDto
+            {
+                AccessToken = accessToken,
+                RefreshToken = refreshToken
+            });
+        }
+
         private string CreateAccessToken(Guid userId, IEnumerable<string> roles)
         {
             return _tokenProvider.CreateToken(cb =>
@@ -103,6 +179,14 @@ private string CreateAccessToken(Guid userId, IEnumerable<string> roles)
             });
         }
 
+        /// <summary>
+        /// Asynchronously searches for a user by username and returns the user's unique identifier if found.
+        /// </summary>
+        /// <param name="username">The username of the user to locate. Cannot be null or empty.</param>
+        /// <returns>A task that represents the asynchronous operation. The task result contains the unique identifier of the
+        /// user if found; otherwise, null.</returns>
+        public abstract Task<Guid?> FindUserByUsernameAsync(string username);
+
         /// <summary>
         /// Saves a new refresh token for the specified user and revokes the previous refresh token asynchronously.
         /// </summary>
@@ -169,5 +253,36 @@ public virtual Task OnTokenRefreshedAsync(Guid userId, string newRefreshToken)
         {
             return Task.CompletedTask;
         }
+
+        /// <summary>
+        /// Handles logic to be performed when a user has successfully logged in.
+        /// </summary>
+        /// <param name="userId">The unique identifier of the user who has logged in.</param>
+        /// <param name="authType">The type of authentication used for login.</param>
+        /// <returns>A task that represents the asynchronous operation.</returns>
+        public virtual Task OnUserLoggedInAsync(Guid userId, AuthType authType)
+        {
+            return Task.CompletedTask;
+        }
+
+        /// <summary>
+        /// Determines whether email verification is required for user accounts.
+        /// </summary>
+        /// <returns><see langword="true"/> if email verification is required; otherwise, <see langword="false"/>.</returns>
+        public virtual bool IsEmailVerificationRequired()
+        {
+            return true;
+        }
+
+        /// <summary>
+        /// Creates a new user account based on the information provided by a Google OpenID response.
+        /// </summary>
+        /// <param name="dto">The Google OpenID response data containing user information to create the account. Cannot be null.</param>
+        /// <returns>A task that represents the asynchronous operation. The task result contains the unique identifier of the
+        /// newly created user if successful; otherwise, null.</returns>
+        public virtual Task<Guid?> CreateUserFromGoogleAsync(GoogleOpenIdResponseDto dto)
+        {
+            return Task.FromResult<Guid?>(null);
+        }
     }
 }

Sources/EasyExtensions.AspNetCore.Authorization/Models/Dto/GoogleOpenIdResponseDto.cs

@@ -0,0 +1,65 @@
+using System.Text.Json.Serialization;
+
+namespace EasyExtensions.AspNetCore.Authorization.Models.Dto
+{
+    /// <summary>
+    /// Represents the user information returned from a Google OpenID Connect authentication response.
+    /// </summary>
+    /// <remarks>This data transfer object maps to the standard claims provided by Google when authenticating
+    /// users via OpenID Connect. It is typically used to deserialize the JSON payload received from Google's identity
+    /// platform after a successful authentication. Property values correspond to the claims defined in the OpenID
+    /// Connect specification as implemented by Google.</remarks>
+    public class GoogleOpenIdResponseDto
+    {
+        /// <summary>
+        /// Gets or sets the subject identifier for the entity represented by the token.
+        /// </summary>
+        [JsonPropertyName("sub")]
+        public string Subject { get; set; } = null!;
+
+        /// <summary>
+        /// Gets or sets the name associated with this instance.
+        /// </summary>
+        [JsonPropertyName("name")]
+        public string Name { get; set; } = null!;
+
+        /// <summary>
+        /// Gets or sets the given name (first name) of the person.
+        /// </summary>
+        [JsonPropertyName("given_name")]
+        public string GivenName { get; set; } = null!;
+
+        /// <summary>
+        /// Gets or sets the family name (surname) of the person.
+        /// </summary>
+        [JsonPropertyName("family_name")]
+        public string FamilyName { get; set; } = null!;
+
+        /// <summary>
+        /// Gets or sets the URL of the user's profile picture.
+        /// </summary>
+        [JsonPropertyName("picture")]
+        public string PictureUrl { get; set; } = null!;
+
+        /// <summary>
+        /// Gets or sets the email address associated with the user.
+        /// </summary>
+        [JsonPropertyName("email")]
+        public string Email { get; set; } = null!;
+
+        /// <summary>
+        /// Gets or sets a value indicating whether the user's email address has been verified.
+        /// </summary>
+        [JsonPropertyName("email_verified")]
+        public bool IsEmailVerified { get; set; }
+
+        /// <summary>
+        /// Gets or sets the hosted domain associated with the authenticated user, if available.
+        /// </summary>
+        /// <remarks>This property is typically present when the user's account is part of a hosted
+        /// domain, such as a Google Workspace organization. If the user does not belong to a hosted domain, this
+        /// property may be null.</remarks>
+        [JsonPropertyName("hd")]
+        public string? HostedDomain { get; set; } = null!;
+    }
+}

Sources/EasyExtensions.AspNetCore.Authorization/Models/Dto/LoginRequestDto.cs

@@ -0,0 +1,26 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace EasyExtensions.AspNetCore.Authorization.Models.Dto
+{
+    /// <summary>
+    /// Represents the data required to perform a user login request, including the username and password.
+    /// </summary>
+    /// <remarks>This data transfer object is typically used to submit login credentials to an authentication
+    /// endpoint. The <see cref="Username"/> property is required and must not be null or empty. The <see
+    /// cref="Password"/> property should contain the user's password in plain text; ensure secure transmission and
+    /// handling of this information.</remarks>
+    public record class LoginRequestDto
+    {
+        /// <summary>
+        /// Gets or sets the username associated with the user account.
+        /// </summary>
+        [Required]
+        public string Username { get; set; } = null!;
+
+        /// <summary>
+        /// Gets or sets the password used for authentication.
+        /// </summary>
+        [Required]
+        public string Password { get; set; } = null!;
+    }
+}

Sources/EasyExtensions/Abstractions/IUserCredentials.cs

@@ -0,0 +1,13 @@
+using System;
+using System.Text;
+using System.Collections.Generic;
+
+namespace EasyExtensions.Abstractions
+{
+    public interface IUserIdentity<out TId>
+    {
+        TId Id { get; }
+        string UserName { get; }
+        string PasswordPhc { get; }
+    }
+}