Preparation of First Release (Part 6/7)

UltimateAuth.slnx

@@ -12,15 +12,25 @@
   <Folder Name="/Tests/">
     <Project Path="tests/CodeBeam.UltimateAuth.Tests.Unit/CodeBeam.UltimateAuth.Tests.Unit.csproj" Id="6f4b22da-849a-4a79-b5c5-aee7cb1429a6" />
   </Folder>
+  <Project Path="src/authorization/CodeBeam.UltimateAuth.Authorization.Contracts/CodeBeam.UltimateAuth.Authorization.Contracts.csproj" Id="40a23002-f885-42a8-bdd9-fd962ab28742" />
+  <Project Path="src/authorization/CodeBeam.UltimateAuth.Authorization.InMemory/CodeBeam.UltimateAuth.Authorization.InMemory.csproj" Id="a1e6d007-bdc0-4574-b549-ec863757edd3" />
+  <Project Path="src/authorization/CodeBeam.UltimateAuth.Authorization.Reference/CodeBeam.UltimateAuth.Authorization.Reference.csproj" Id="84b784d0-bb48-406a-a0d1-c600da667597" />
+  <Project Path="src/authorization/CodeBeam.UltimateAuth.Authorization/CodeBeam.UltimateAuth.Authorization.csproj" Id="28b1d647-fb0b-4cc3-8503-2680c4a9b28f" />
   <Project Path="src/CodeBeam.UltimateAuth.Client/CodeBeam.UltimateAuth.Client.csproj" Id="eb60a3b7-ba9d-48c9-98ad-b28e879b23bf" />
   <Project Path="src/CodeBeam.UltimateAuth.Core/CodeBeam.UltimateAuth.Core.csproj" />
   <Project Path="src/CodeBeam.UltimateAuth.Server/CodeBeam.UltimateAuth.Server.csproj" Id="0a8cdd12-a8c4-4530-87e8-ae778c46322b" />
-  <Project Path="src/CodeBeam.UltimateAuth.Users/CodeBeam.UltimateAuth.Server.Users.csproj" Id="30d5db36-6dc8-46f6-9139-8b6b3d6053d5" />
+  <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials.Contracts/CodeBeam.UltimateAuth.Credentials.Contracts.csproj" Id="88b70848-fa74-40ea-bf34-3fa2f70f4f37" />
   <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials.EntityFrameworkCore/CodeBeam.UltimateAuth.Credentials.EntityFrameworkCore.csproj" Id="1fd362d5-864b-4bb3-97be-9095d94cfdba" />
   <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials.InMemory/CodeBeam.UltimateAuth.Credentials.InMemory.csproj" Id="62ee7b1d-46ce-4f2e-985d-1e794f891b8b" />
+  <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials.Reference/CodeBeam.UltimateAuth.Credentials.Reference.csproj" Id="ca03a140-f3dc-4a21-9b7d-895a3b10808b" />
+  <Project Path="src/credentials/CodeBeam.UltimateAuth.Credentials/CodeBeam.UltimateAuth.Credentials.csproj" Id="2281c3b5-1d60-4542-a673-553f96eed25b" />
   <Project Path="src/security/CodeBeam.UltimateAuth.Security.Argon2/CodeBeam.UltimateAuth.Security.Argon2.csproj" Id="6abfb7a6-ea36-42db-a843-38054dd40fd8" />
   <Project Path="src/sessions/CodeBeam.UltimateAuth.Sessions.EntityFrameworkCore/CodeBeam.UltimateAuth.Sessions.EntityFrameworkCore.csproj" Id="5b9a090d-1689-4a81-9dfa-3ba69f0bda38" />
   <Project Path="src/sessions/CodeBeam.UltimateAuth.Sessions.InMemory/CodeBeam.UltimateAuth.Sessions.InMemory.csproj" Id="fc9bfef0-8a89-4639-81ee-3f84f6e33816" />
   <Project Path="src/tokens/CodeBeam.UltimateAuth.Tokens.EntityFrameworkCore/CodeBeam.UltimateAuth.Tokens.EntityFrameworkCore.csproj" Id="6eb14b32-0b56-460f-a2b2-f95d28bad625" />
   <Project Path="src/tokens/CodeBeam.UltimateAuth.Tokens.InMemory/CodeBeam.UltimateAuth.Tokens.InMemory.csproj" Id="8220884e-4958-4b49-8c69-56ce9d2b6c6f" />
+  <Project Path="src/users/CodeBeam.UltimateAuth.Users.Contracts/CodeBeam.UltimateAuth.Users.Contracts.csproj" Id="3a04f065-8f9d-46b3-9726-1febffe6d46f" />
+  <Project Path="src/users/CodeBeam.UltimateAuth.Users.InMemory/CodeBeam.UltimateAuth.Users.InMemory.csproj" Id="7ce3df22-4773-4b9b-afd0-8ba506e0f9de" />
+  <Project Path="src/users/CodeBeam.UltimateAuth.Users.Reference/CodeBeam.UltimateAuth.Users.Reference.csproj" Id="601176dd-b760-4b6f-9cc7-c618134ae178" />
+  <Project Path="src/users/CodeBeam.UltimateAuth.Users/CodeBeam.UltimateAuth.Users.csproj" Id="30d5db36-6dc8-46f6-9139-8b6b3d6053d5" />
 </Solution>

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>net10.0</TargetFramework>
@@ -14,13 +14,21 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\..\..\src\authorization\CodeBeam.UltimateAuth.Authorization.InMemory\CodeBeam.UltimateAuth.Authorization.InMemory.csproj" />
+    <ProjectReference Include="..\..\..\src\authorization\CodeBeam.UltimateAuth.Authorization.Reference\CodeBeam.UltimateAuth.Authorization.Reference.csproj" />
+    <ProjectReference Include="..\..\..\src\authorization\CodeBeam.UltimateAuth.Authorization\CodeBeam.UltimateAuth.Authorization.csproj" />
     <ProjectReference Include="..\..\..\src\CodeBeam.UltimateAuth.Client\CodeBeam.UltimateAuth.Client.csproj" />
     <ProjectReference Include="..\..\..\src\CodeBeam.UltimateAuth.Core\CodeBeam.UltimateAuth.Core.csproj" />
     <ProjectReference Include="..\..\..\src\CodeBeam.UltimateAuth.Server\CodeBeam.UltimateAuth.Server.csproj" />
     <ProjectReference Include="..\..\..\src\credentials\CodeBeam.UltimateAuth.Credentials.InMemory\CodeBeam.UltimateAuth.Credentials.InMemory.csproj" />
+    <ProjectReference Include="..\..\..\src\credentials\CodeBeam.UltimateAuth.Credentials.Reference\CodeBeam.UltimateAuth.Credentials.Reference.csproj" />
+    <ProjectReference Include="..\..\..\src\credentials\CodeBeam.UltimateAuth.Credentials\CodeBeam.UltimateAuth.Credentials.csproj" />
     <ProjectReference Include="..\..\..\src\security\CodeBeam.UltimateAuth.Security.Argon2\CodeBeam.UltimateAuth.Security.Argon2.csproj" />
     <ProjectReference Include="..\..\..\src\sessions\CodeBeam.UltimateAuth.Sessions.InMemory\CodeBeam.UltimateAuth.Sessions.InMemory.csproj" />
     <ProjectReference Include="..\..\..\src\tokens\CodeBeam.UltimateAuth.Tokens.InMemory\CodeBeam.UltimateAuth.Tokens.InMemory.csproj" />
+    <ProjectReference Include="..\..\..\src\users\CodeBeam.UltimateAuth.Users.InMemory\CodeBeam.UltimateAuth.Users.InMemory.csproj" />
+    <ProjectReference Include="..\..\..\src\users\CodeBeam.UltimateAuth.Users.Reference\CodeBeam.UltimateAuth.Users.Reference.csproj" />
+    <ProjectReference Include="..\..\..\src\users\CodeBeam.UltimateAuth.Users\CodeBeam.UltimateAuth.Users.csproj" />
   </ItemGroup>
 
 </Project>

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Components/Pages/Home.razor.cs

@@ -78,8 +78,8 @@ private async Task ProgrammaticPkceLogin()
 
             var request = new PkceLoginRequest
             {
-                Identifier = "Admin",
-                Secret = "Password!",
+                Identifier = "admin",
+                Secret = "admin",
                 AuthorizationCode = credentials?.AuthorizationCode ?? string.Empty,
                 CodeVerifier = credentials?.CodeVerifier ?? string.Empty,
                 ReturnUrl = _state?.ReturnUrl ?? string.Empty

samples/UAuthHub/CodeBeam.UltimateAuth.Sample.UAuthHub/Program.cs

@@ -1,16 +1,23 @@
+using CodeBeam.UltimateAuth.Authorization.InMemory;
+using CodeBeam.UltimateAuth.Authorization.InMemory.Extensions;
+using CodeBeam.UltimateAuth.Authorization.Reference.Extensions;
 using CodeBeam.UltimateAuth.Client.Extensions;
-using CodeBeam.UltimateAuth.Core.Abstractions;
 using CodeBeam.UltimateAuth.Core.Domain;
 using CodeBeam.UltimateAuth.Core.Extensions;
+using CodeBeam.UltimateAuth.Core.Infrastructure;
 using CodeBeam.UltimateAuth.Core.Runtime;
-using CodeBeam.UltimateAuth.Credentials.InMemory;
+using CodeBeam.UltimateAuth.Credentials.InMemory.Extensions;
+using CodeBeam.UltimateAuth.Credentials.Reference;
 using CodeBeam.UltimateAuth.Sample.UAuthHub.Components;
 using CodeBeam.UltimateAuth.Security.Argon2;
 using CodeBeam.UltimateAuth.Server.Authentication;
 using CodeBeam.UltimateAuth.Server.Extensions;
-using CodeBeam.UltimateAuth.Server.Infrastructure;
 using CodeBeam.UltimateAuth.Sessions.InMemory;
 using CodeBeam.UltimateAuth.Tokens.InMemory;
+using CodeBeam.UltimateAuth.Users;
+using CodeBeam.UltimateAuth.Users.InMemory.Extensions;
+using CodeBeam.UltimateAuth.Users.Reference;
+using CodeBeam.UltimateAuth.Users.Reference.Extensions;
 using MudBlazor.Services;
 using MudExtensions.Services;
 
@@ -46,7 +53,12 @@
     //o.Session.TouchInterval = TimeSpan.FromSeconds(9);
     //o.Session.IdleTimeout = TimeSpan.FromSeconds(15);
 })
-    .AddInMemoryCredentials()
+    .AddUltimateAuthUsersInMemory()
+    .AddUltimateAuthUsersReference()
+    .AddUltimateAuthCredentialsInMemory()
+    .AddUltimateAuthCredentialsReference()
+    .AddUltimateAuthAuthorizationInMemory()
+    .AddUltimateAuthAuthorizationReference()
     .AddUltimateAuthInMemorySessions()
     .AddUltimateAuthInMemoryTokens()
     .AddUltimateAuthArgon2();
@@ -73,6 +85,19 @@
 
 var app = builder.Build();
 
+using (var scope = app.Services.CreateScope())
+{
+    scope.ServiceProvider.GetRequiredService<IUserLifecycleStore>();
+    scope.ServiceProvider.GetRequiredService<IUserProfileStore>();
+    scope.ServiceProvider.GetRequiredService<IUserStore<UserKey>>();
+
+    var seeder = scope.ServiceProvider.GetService<IAuthorizationSeeder>();
+    //if (seeder is not null)
+    //    await seeder.SeedAsync();
+
+
+}
+
 // Configure the HTTP request pipeline.
 if (!app.Environment.IsDevelopment())
 {

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/CodeBeam.UltimateAuth.Sample.BlazorServer.csproj

@@ -13,13 +13,21 @@
 	</ItemGroup>
 
 	<ItemGroup>
+		<ProjectReference Include="..\..\..\src\authorization\CodeBeam.UltimateAuth.Authorization.InMemory\CodeBeam.UltimateAuth.Authorization.InMemory.csproj" />
+		<ProjectReference Include="..\..\..\src\authorization\CodeBeam.UltimateAuth.Authorization.Reference\CodeBeam.UltimateAuth.Authorization.Reference.csproj" />
+		<ProjectReference Include="..\..\..\src\authorization\CodeBeam.UltimateAuth.Authorization\CodeBeam.UltimateAuth.Authorization.csproj" />
 		<ProjectReference Include="..\..\..\src\CodeBeam.UltimateAuth.Client\CodeBeam.UltimateAuth.Client.csproj" />
 		<ProjectReference Include="..\..\..\src\CodeBeam.UltimateAuth.Core\CodeBeam.UltimateAuth.Core.csproj" />
 		<ProjectReference Include="..\..\..\src\CodeBeam.UltimateAuth.Server\CodeBeam.UltimateAuth.Server.csproj" />
+		<ProjectReference Include="..\..\..\src\credentials\CodeBeam.UltimateAuth.Credentials.Reference\CodeBeam.UltimateAuth.Credentials.Reference.csproj" />
+		<ProjectReference Include="..\..\..\src\credentials\CodeBeam.UltimateAuth.Credentials\CodeBeam.UltimateAuth.Credentials.csproj" />
 		<ProjectReference Include="..\..\..\src\security\CodeBeam.UltimateAuth.Security.Argon2\CodeBeam.UltimateAuth.Security.Argon2.csproj" />
 		<ProjectReference Include="..\..\..\src\credentials\CodeBeam.UltimateAuth.Credentials.InMemory\CodeBeam.UltimateAuth.Credentials.InMemory.csproj" />
 		<ProjectReference Include="..\..\..\src\sessions\CodeBeam.UltimateAuth.Sessions.InMemory\CodeBeam.UltimateAuth.Sessions.InMemory.csproj" />
 		<ProjectReference Include="..\..\..\src\tokens\CodeBeam.UltimateAuth.Tokens.InMemory\CodeBeam.UltimateAuth.Tokens.InMemory.csproj" />
+		<ProjectReference Include="..\..\..\src\users\CodeBeam.UltimateAuth.Users.InMemory\CodeBeam.UltimateAuth.Users.InMemory.csproj" />
+		<ProjectReference Include="..\..\..\src\users\CodeBeam.UltimateAuth.Users.Reference\CodeBeam.UltimateAuth.Users.Reference.csproj" />
+		<ProjectReference Include="..\..\..\src\users\CodeBeam.UltimateAuth.Users\CodeBeam.UltimateAuth.Users.csproj" />
 	</ItemGroup>
 
 </Project>

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Components/Pages/Home.razor

@@ -64,6 +64,12 @@
                     <MudText>Not Authorized context is shown.</MudText>
                 </NotAuthorized>
             </AuthorizeView>
+
+            <AuthorizeView Roles="Admin">
+                <Authorized>
+                    <MudText>This is Admin content.</MudText>
+                </Authorized>
+            </AuthorizeView>
         </MudStack>
 
         <MudStack>

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Components/Pages/Home.razor.cs

@@ -41,8 +41,8 @@ private async Task ProgrammaticLogin()
             var deviceId = await DeviceIdProvider.GetOrCreateAsync();
             var request = new LoginRequest
             {
-                Identifier = "Admin",
-                Secret = "Password!",
+                Identifier = "admin",
+                Secret = "admin",
                 Device = DeviceContext.FromDeviceId(deviceId),
             };
             await UAuthClient.LoginAsync(request);

samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer/Program.cs

@@ -1,13 +1,20 @@
+using CodeBeam.UltimateAuth.Authorization.InMemory;
+using CodeBeam.UltimateAuth.Authorization.InMemory.Extensions;
+using CodeBeam.UltimateAuth.Authorization.Reference.Extensions;
 using CodeBeam.UltimateAuth.Client.Extensions;
 using CodeBeam.UltimateAuth.Core.Domain;
 using CodeBeam.UltimateAuth.Core.Extensions;
-using CodeBeam.UltimateAuth.Credentials.InMemory;
+using CodeBeam.UltimateAuth.Credentials.InMemory.Extensions;
+using CodeBeam.UltimateAuth.Credentials.Reference;
 using CodeBeam.UltimateAuth.Sample.BlazorServer.Components;
 using CodeBeam.UltimateAuth.Security.Argon2;
 using CodeBeam.UltimateAuth.Server.Authentication;
 using CodeBeam.UltimateAuth.Server.Extensions;
 using CodeBeam.UltimateAuth.Sessions.InMemory;
 using CodeBeam.UltimateAuth.Tokens.InMemory;
+using CodeBeam.UltimateAuth.Users.InMemory.Extensions;
+using CodeBeam.UltimateAuth.Users.Reference;
+using CodeBeam.UltimateAuth.Users.Reference.Extensions;
 using Microsoft.AspNetCore.Components;
 using MudBlazor.Services;
 using MudExtensions.Services;
@@ -44,7 +51,12 @@
     //o.Session.TouchInterval = TimeSpan.FromSeconds(9);
     //o.Session.IdleTimeout = TimeSpan.FromSeconds(15);
 })
-    .AddInMemoryCredentials()
+    .AddUltimateAuthUsersInMemory()
+    .AddUltimateAuthUsersReference()
+    .AddUltimateAuthCredentialsInMemory()
+    .AddUltimateAuthCredentialsReference()
+    .AddUltimateAuthAuthorizationInMemory()
+    .AddUltimateAuthAuthorizationReference()
     .AddUltimateAuthInMemorySessions()
     .AddUltimateAuthInMemoryTokens()
     .AddUltimateAuthArgon2();
@@ -80,6 +92,17 @@
 
 var app = builder.Build();
 
+using (var scope = app.Services.CreateScope())
+{
+    scope.ServiceProvider.GetRequiredService<IUserLifecycleStore>();
+    //scope.ServiceProvider.GetRequiredService<IUserProfileStore>();
+    //scope.ServiceProvider.GetRequiredService<IUserStore<UserKey>>();
+
+    var seeder = scope.ServiceProvider.GetService<IAuthorizationSeeder>();
+    //if (seeder is not null)
+    //    await seeder.SeedAsync();
+}
+
 // Configure the HTTP request pipeline.
 if (!app.Environment.IsDevelopment())
 {

samples/blazor-standalone-wasm/CodeBeam.UltimateAuth.Sample.BlazorStandaloneWasm/CodeBeam.UltimateAuth.Sample.BlazorStandaloneWasm.csproj

@@ -17,8 +17,11 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\..\..\src\authorization\CodeBeam.UltimateAuth.Authorization.Contracts\CodeBeam.UltimateAuth.Authorization.Contracts.csproj" />
     <ProjectReference Include="..\..\..\src\CodeBeam.UltimateAuth.Client\CodeBeam.UltimateAuth.Client.csproj" />
     <ProjectReference Include="..\..\..\src\CodeBeam.UltimateAuth.Core\CodeBeam.UltimateAuth.Core.csproj" />
+    <ProjectReference Include="..\..\..\src\credentials\CodeBeam.UltimateAuth.Credentials.Contracts\CodeBeam.UltimateAuth.Credentials.Contracts.csproj" />
+    <ProjectReference Include="..\..\..\src\users\CodeBeam.UltimateAuth.Users.Contracts\CodeBeam.UltimateAuth.Users.Contracts.csproj" />
   </ItemGroup>
 
 </Project>

samples/blazor-standalone-wasm/CodeBeam.UltimateAuth.Sample.BlazorStandaloneWasm/Pages/Home.razor

@@ -59,6 +59,10 @@
                     <MudText>Not Authorized context is shown.</MudText>
                 </NotAuthorized>
             </AuthorizeView>
+
+            <AuthorizeView Roles="Admin">
+                <MudText>This is Admin content.</MudText>
+            </AuthorizeView>
         </MudStack>
 
         <MudStack>

samples/blazor-standalone-wasm/CodeBeam.UltimateAuth.Sample.BlazorStandaloneWasm/Pages/Home.razor.cs

@@ -46,8 +46,8 @@ private async Task ProgrammaticLogin()
             var device = await DeviceIdProvider.GetOrCreateAsync();
             var request = new LoginRequest
             {
-                Identifier = "Admin",
-                Secret = "Password!",
+                Identifier = "admin",
+                Secret = "admin",
                 Device = DeviceContext.FromDeviceId(device),
             };
             await UAuthClient.LoginAsync(request);

src/CodeBeam.UltimateAuth.Client/CodeBeam.UltimateAuth.Client.csproj

@@ -30,6 +30,8 @@
 
 	<ItemGroup>
 	  <ProjectReference Include="..\CodeBeam.UltimateAuth.Core\CodeBeam.UltimateAuth.Core.csproj" />
+	  <ProjectReference Include="..\credentials\CodeBeam.UltimateAuth.Credentials.Contracts\CodeBeam.UltimateAuth.Credentials.Contracts.csproj" />
+	  <ProjectReference Include="..\users\CodeBeam.UltimateAuth.Users.Contracts\CodeBeam.UltimateAuth.Users.Contracts.csproj" />
 	</ItemGroup>
 
 </Project>

src/CodeBeam.UltimateAuth.Core/Abstractions/Auth/IAuthContextFactory.cs

@@ -0,0 +1,8 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions;
+
+public interface IAuthContextFactory
+{
+    AuthContext Create(DateTimeOffset? at = null);
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAccessAuthority.cs

@@ -0,0 +1,10 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions
+{
+    public interface IAccessAuthority
+    {
+        AccessDecision Decide(AccessContext context, IEnumerable<IAccessPolicy> runtimePolicies);
+    }
+
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAccessInvariant.cs

@@ -0,0 +1,9 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions
+{
+    public interface IAccessInvariant
+    {
+        AccessDecision Decide(AccessContext context);
+    }
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAccessPolicy.cs

@@ -0,0 +1,10 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions
+{
+    public interface IAccessPolicy
+    {
+        bool AppliesTo(AccessContext context);
+        AccessDecision Decide(AccessContext context);
+    }
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAuthAuthority.cs

@@ -4,7 +4,6 @@ namespace CodeBeam.UltimateAuth.Core.Abstractions
 {
     public interface IAuthAuthority
     {
-        AuthorizationResult Decide(AuthContext context);
+        AccessDecisionResult Decide(AuthContext context, IEnumerable<IAuthorityPolicy>? policies = null);
     }
-
 }

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAuthorityInvariant.cs

@@ -4,6 +4,6 @@ namespace CodeBeam.UltimateAuth.Core.Abstractions
 {
     public interface IAuthorityInvariant
     {
-        AuthorizationResult Decide(AuthContext context);
+        AccessDecisionResult Decide(AuthContext context);
     }
 }

src/CodeBeam.UltimateAuth.Core/Abstractions/Authority/IAuthorityPolicy.cs

@@ -5,6 +5,6 @@ namespace CodeBeam.UltimateAuth.Core.Abstractions
     public interface IAuthorityPolicy
     {
         bool AppliesTo(AuthContext context);
-        AuthorizationResult Decide(AuthContext context);
+        AccessDecisionResult Decide(AuthContext context);
     }
 }

src/CodeBeam.UltimateAuth.Core/Abstractions/Infrastructure/IUAuthPasswordHasher.cs

@@ -8,6 +8,6 @@
     public interface IUAuthPasswordHasher
     {
         string Hash(string password);
-        bool Verify(string password, string hash);
+        bool Verify(string hash, string secret);
     }
 }

src/CodeBeam.UltimateAuth.Core/Abstractions/Principals/IUserClaimsProvider.cs

@@ -0,0 +1,8 @@
+using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Core;
+
+public interface IUserClaimsProvider
+{
+    Task<ClaimsSnapshot> GetClaimsAsync(string? tenantId, UserKey userKey, CancellationToken ct = default);
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Services/ISessionService.cs

@@ -0,0 +1,12 @@
+using CodeBeam.UltimateAuth.Core.Contracts;
+using CodeBeam.UltimateAuth.Core.Domain;
+
+namespace CodeBeam.UltimateAuth.Core.Abstractions
+{
+    public interface ISessionService
+    {
+        Task RevokeAllAsync(AuthContext authContext, UserKey userKey, CancellationToken ct = default);
+        Task RevokeAllExceptChainAsync(AuthContext authContext, UserKey userKey, SessionChainId exceptChainId, CancellationToken ct = default);
+        Task RevokeRootAsync(AuthContext authContext, UserKey userKey, CancellationToken ct = default);
+    }
+}

src/CodeBeam.UltimateAuth.Core/Abstractions/Services/IUAuthService.cs

@@ -1,15 +1,15 @@
 namespace CodeBeam.UltimateAuth.Core.Abstractions
 {
     /// <summary>
     /// High-level facade for UltimateAuth.
     /// Provides access to authentication flows,
     /// session lifecycle and user operations.
     /// </summary>
-    public interface IUAuthService<TUserId>
-    {
-        //IUAuthFlowService<TUserId> Flow { get; }
-        IUAuthSessionManager Sessions { get; }
-        //IUAuthTokenService<TUserId> Tokens { get; }
-        IUAuthUserService<TUserId> Users { get; }
-    }
+    //public interface IUAuthService<TUserId>
+    //{
+    //    //IUAuthFlowService<TUserId> Flow { get; }
+    //    IUAuthSessionManager Sessions { get; }
+    //    //IUAuthTokenService<TUserId> Tokens { get; }
+    //    IUAuthUserService<TUserId> Users { get; }
+    //}
 }