Refactor authentication token logic and standardize naming conventions

tjementum commented 6 days ago

Summary & Motivation

Move authentication token logic to the SharedKernel for improved separation of concerns, enabling tests in other self-contained systems to generate valid access tokens. This includes using UserInfo instead of User to create tokens. The AuthenticationTokenGenerator has been split into AccessTokenGenerator, RefreshTokenGenerator, and SecurityTokenDescriptorExtensions, providing clear and modular responsibilities.

Introduce a strongly typed ID for RefreshTokenId to enhance type safety. Standardize the naming of authentication cookies, changing from hyphen-case (refresh-token and access-token) to snake_case (refresh_token and access_token) to align with common practices.

Additional improvements include extracting refresh and access token validation periods into constants with added documentation. The RefreshAuthenticationTokens command now returns an Unauthorized result instead of throwing exceptions for invalid refresh tokens.

The CreateUser command has been updated to validate that the TenantId matches the execution context, except during signup, ensuring data integrity.

New HTTP clients (anonymous and authenticated) have been introduced in the BackOffice self-contained system's EndpointBaseTest, facilitating robust testing.