feat: add generic gRPC auth service for AuthenticateUser and RefreshToken

Shared auth gRPC endpoints that can be used by any mobile client plugin,
avoiding duplication of auth logic across plugins. Directly injects
IAuthService — no reflection needed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: renemadsen

eFormAPI/eFormAPI.Web.Tests/GrpcServices/EformAuthGrpcServiceTests.cs

@@ -0,0 +1,115 @@
+using System.Threading.Tasks;
+using eFormAPI.Web.Abstractions;
+using eFormAPI.Web.Grpc;
+using eFormAPI.Web.Infrastructure.Models.Auth;
+using eFormAPI.Web.Services.GrpcServices;
+using eFormAPI.Web.Tests.Helpers;
+using Microting.eFormApi.BasePn.Infrastructure.Models.API;
+using Microting.eFormApi.BasePn.Infrastructure.Models.Auth;
+using NSubstitute;
+using NUnit.Framework;
+
+namespace eFormAPI.Web.Tests.GrpcServices;
+
+[TestFixture]
+public class EformAuthGrpcServiceTests
+{
+    private IAuthService _authService;
+    private EformAuthGrpcService _grpcService;
+
+    [SetUp]
+    public void SetUp()
+    {
+        _authService = Substitute.For<IAuthService>();
+        _grpcService = new EformAuthGrpcService(_authService);
+    }
+
+    [Test]
+    public async Task AuthenticateUser_Success_ReturnsTokenAndUser()
+    {
+        _authService.AuthenticateUser(Arg.Any<LoginModel>())
+            .Returns(new OperationDataResult<EformAuthorizeResult>(
+                true, "OK", new EformAuthorizeResult
+                {
+                    AccessToken = "jwt-token-abc",
+                    FirstName = "John",
+                    LastName = "Doe"
+                }));
+
+        var request = new AuthenticateUserRequest
+        {
+            Username = "user@test.com",
+            Password = "password123"
+        };
+
+        var response = await _grpcService.AuthenticateUser(
+            request, TestServerCallContextFactory.Create());
+
+        Assert.That(response.Success, Is.True);
+        Assert.That(response.Model, Is.Not.Null);
+        Assert.That(response.Model.AccessToken, Is.EqualTo("jwt-token-abc"));
+        Assert.That(response.Model.FirstName, Is.EqualTo("John"));
+        Assert.That(response.Model.LastName, Is.EqualTo("Doe"));
+
+        await _authService.Received(1).AuthenticateUser(
+            Arg.Is<LoginModel>(m => m.Username == "user@test.com" && m.Password == "password123"));
+    }
+
+    [Test]
+    public async Task AuthenticateUser_Failure_ReturnsError()
+    {
+        _authService.AuthenticateUser(Arg.Any<LoginModel>())
+            .Returns(new OperationDataResult<EformAuthorizeResult>(
+                false, "Invalid credentials"));
+
+        var request = new AuthenticateUserRequest
+        {
+            Username = "user@test.com",
+            Password = "wrong"
+        };
+
+        var response = await _grpcService.AuthenticateUser(
+            request, TestServerCallContextFactory.Create());
+
+        Assert.That(response.Success, Is.False);
+        Assert.That(response.Message, Is.EqualTo("Invalid credentials"));
+        Assert.That(response.Model, Is.Null);
+    }
+
+    [Test]
+    public async Task RefreshToken_Success_ReturnsNewToken()
+    {
+        _authService.RefreshToken()
+            .Returns(new OperationDataResult<EformAuthorizeResult>(
+                true, "OK", new EformAuthorizeResult
+                {
+                    AccessToken = "refreshed-token-xyz",
+                    FirstName = "Jane",
+                    LastName = "Smith"
+                }));
+
+        var response = await _grpcService.RefreshToken(
+            new RefreshTokenRequest(), TestServerCallContextFactory.Create());
+
+        Assert.That(response.Success, Is.True);
+        Assert.That(response.Model, Is.Not.Null);
+        Assert.That(response.Model.AccessToken, Is.EqualTo("refreshed-token-xyz"));
+        Assert.That(response.Model.FirstName, Is.EqualTo("Jane"));
+        Assert.That(response.Model.LastName, Is.EqualTo("Smith"));
+    }
+
+    [Test]
+    public async Task RefreshToken_Failure_ReturnsError()
+    {
+        _authService.RefreshToken()
+            .Returns(new OperationDataResult<EformAuthorizeResult>(
+                false, "Token expired"));
+
+        var response = await _grpcService.RefreshToken(
+            new RefreshTokenRequest(), TestServerCallContextFactory.Create());
+
+        Assert.That(response.Success, Is.False);
+        Assert.That(response.Message, Is.EqualTo("Token expired"));
+        Assert.That(response.Model, Is.Null);
+    }
+}

eFormAPI/eFormAPI.Web.Tests/Helpers/TestServerCallContext.cs

@@ -0,0 +1,46 @@
+using System;
+using System.Collections.Generic;
+using System.Threading;
+using System.Threading.Tasks;
+using Grpc.Core;
+
+namespace eFormAPI.Web.Tests.Helpers;
+
+public static class TestServerCallContextFactory
+{
+    public static ServerCallContext Create(
+        Metadata requestHeaders = null,
+        CancellationToken cancellationToken = default)
+    {
+        return new TestCallContext(requestHeaders ?? new Metadata(), cancellationToken);
+    }
+
+    private class TestCallContext : ServerCallContext
+    {
+        public TestCallContext(Metadata requestHeaders, CancellationToken ct)
+        {
+            RequestHeadersCore = requestHeaders;
+            CancellationTokenCore = ct;
+            DeadlineCore = DateTime.UtcNow.AddHours(1);
+        }
+
+        protected override string MethodCore => "TestMethod";
+        protected override string HostCore => "localhost";
+        protected override string PeerCore => "ipv4:127.0.0.1:0";
+        protected override DateTime DeadlineCore { get; }
+        protected override Metadata RequestHeadersCore { get; }
+        protected override CancellationToken CancellationTokenCore { get; }
+        protected override Metadata ResponseTrailersCore => new();
+        protected override Status StatusCore { get; set; }
+        protected override WriteOptions WriteOptionsCore { get; set; }
+
+        protected override AuthContext AuthContextCore =>
+            new(string.Empty, new Dictionary<string, List<AuthProperty>>());
+
+        protected override ContextPropagationToken CreatePropagationTokenCore(
+            ContextPropagationOptions options) => throw new NotImplementedException();
+
+        protected override Task WriteResponseHeadersAsyncCore(Metadata responseHeaders) =>
+            Task.CompletedTask;
+    }
+}

eFormAPI/eFormAPI.Web.Tests/eFormAPI.Web.Tests.csproj

@@ -13,6 +13,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
+    <PackageReference Include="NSubstitute" Version="5.3.0" />
     <PackageReference Include="NUnit3TestAdapter" Version="6.2.0" />
   </ItemGroup>
 

eFormAPI/eFormAPI.Web/Protos/auth.proto

@@ -0,0 +1,36 @@
+syntax = "proto3";
+
+package eform;
+
+option csharp_namespace = "eFormAPI.Web.Grpc";
+
+message AuthenticateUserRequest {
+  string username = 1;
+  string password = 2;
+  string grant_type = 3;
+}
+
+message AuthenticateUserResponse {
+  bool success = 1;
+  string message = 2;
+  AuthUserModel model = 3;
+}
+
+message AuthUserModel {
+  string access_token = 1;
+  string first_name = 2;
+  string last_name = 3;
+}
+
+message RefreshTokenRequest {}
+
+message RefreshTokenResponse {
+  bool success = 1;
+  string message = 2;
+  AuthUserModel model = 3;
+}
+
+service EformAuthService {
+  rpc AuthenticateUser(AuthenticateUserRequest) returns (AuthenticateUserResponse);
+  rpc RefreshToken(RefreshTokenRequest) returns (RefreshTokenResponse);
+}

eFormAPI/eFormAPI.Web/Services/GrpcServices/EformAuthGrpcService.cs

@@ -0,0 +1,94 @@
+using System;
+using System.Threading.Tasks;
+using eFormAPI.Web.Abstractions;
+using eFormAPI.Web.Grpc;
+using Grpc.Core;
+using Microting.eFormApi.BasePn.Infrastructure.Models.Auth;
+
+namespace eFormAPI.Web.Services.GrpcServices;
+
+public class EformAuthGrpcService : Grpc.EformAuthService.EformAuthServiceBase
+{
+    private readonly IAuthService _authService;
+
+    public EformAuthGrpcService(IAuthService authService)
+    {
+        _authService = authService;
+    }
+
+    public override async Task<AuthenticateUserResponse> AuthenticateUser(
+        AuthenticateUserRequest request, ServerCallContext context)
+    {
+        try
+        {
+            var loginModel = new LoginModel
+            {
+                Username = request.Username,
+                Password = request.Password
+            };
+
+            var result = await _authService.AuthenticateUser(loginModel);
+
+            var response = new AuthenticateUserResponse
+            {
+                Success = result.Success,
+                Message = result.Message ?? ""
+            };
+
+            if (result.Success && result.Model != null)
+            {
+                response.Model = new AuthUserModel
+                {
+                    AccessToken = result.Model.AccessToken ?? "",
+                    FirstName = result.Model.FirstName ?? "",
+                    LastName = result.Model.LastName ?? ""
+                };
+            }
+
+            return response;
+        }
+        catch (Exception ex)
+        {
+            return new AuthenticateUserResponse
+            {
+                Success = false,
+                Message = ex.Message
+            };
+        }
+    }
+
+    public override async Task<RefreshTokenResponse> RefreshToken(
+        RefreshTokenRequest request, ServerCallContext context)
+    {
+        try
+        {
+            var result = await _authService.RefreshToken();
+
+            var response = new RefreshTokenResponse
+            {
+                Success = result.Success,
+                Message = result.Message ?? ""
+            };
+
+            if (result.Success && result.Model != null)
+            {
+                response.Model = new AuthUserModel
+                {
+                    AccessToken = result.Model.AccessToken ?? "",
+                    FirstName = result.Model.FirstName ?? "",
+                    LastName = result.Model.LastName ?? ""
+                };
+            }
+
+            return response;
+        }
+        catch (Exception ex)
+        {
+            return new RefreshTokenResponse
+            {
+                Success = false,
+                Message = ex.Message
+            };
+        }
+    }
+}

eFormAPI/eFormAPI.Web/Startup.cs

@@ -318,6 +318,9 @@ public void ConfigureServices(IServiceCollection services)
         }
         ConnectServices(services);
 
+        // gRPC
+        services.AddGrpc();
+
         // plugins
         services.AddEFormPlugins(Program.EnabledPlugins);
     }
@@ -381,6 +384,14 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
         // Plugins
         app.UseEFormPlugins(Program.EnabledPlugins);
+
+        // gRPC
+        app.UseRouting();
+        app.UseEndpoints(endpoints =>
+        {
+            endpoints.MapGrpcService<Services.GrpcServices.EformAuthGrpcService>();
+        });
+
         // Route all unknown requests to app root
         app.UseAngularMiddleware(env);
         FixUserToWorkerLinks();

eFormAPI/eFormAPI.Web/eFormAPI.Web.csproj

@@ -62,6 +62,7 @@
     <PackageReference Include="Sentry" Version="6.3.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.7" />
     <PackageReference Include="McMaster.NETCore.Plugins" Version="2.0.0" />
+    <PackageReference Include="Grpc.AspNetCore" Version="2.71.0" />
     <PackageReference Include="sendgrid" Version="9.29.3" />
     <PackageReference Include="System.Configuration.ConfigurationManager" Version="10.0.5" />
     <PackageReference Include="System.Threading.AccessControl" Version="10.0.5" />
@@ -71,4 +72,8 @@
     <Folder Include="Plugins" />
   </ItemGroup>
 
+  <ItemGroup>
+    <Protobuf Include="Protos\auth.proto" GrpcServices="Server" />
+  </ItemGroup>
+
 </Project>