♻️ Refactor OpenID: Phase 3: Async Flow Modernization

- Added async GetAuthorizationUrlAsync() methods to all OIDC providers
- Updated base OidcService with abstract async contract and backward-compatible sync wrapper
- Modified OidcController to use async authorization URL generation
- Removed sync blocks using .GetAwaiter().GetResult() in Google provider
- Maintained backward compatibility with existing sync method calls
- Eliminated thread blocking and improved async flow throughout auth pipeline
- Enhanced scalability by allowing non-blocking async authorization URL generation

DysonNetwork.Pass/Auth/OpenId/AfdianOidcService.cs

@@ -17,6 +17,11 @@ public class AfdianOidcService(
     protected override string DiscoveryEndpoint => ""; // Afdian doesn't have a standard OIDC discovery endpoint
     protected override string ConfigSectionName => "Afdian";
 
+    public override Task<string> GetAuthorizationUrlAsync(string state, string nonce)
+    {
+        return Task.FromResult(GetAuthorizationUrl(state, nonce));
+    }
+
     public override string GetAuthorizationUrl(string state, string nonce)
     {
         var config = GetProviderConfig();

DysonNetwork.Pass/Auth/OpenId/AppleOidcService.cs

@@ -27,6 +27,30 @@ public class AppleOidcService(
     protected override string DiscoveryEndpoint => "https://appleid.apple.com/.well-known/openid-configuration";
     protected override string ConfigSectionName => "Apple";
 
+    public override async Task<string> GetAuthorizationUrlAsync(string state, string nonce)
+    {
+        var config = GetProviderConfig();
+        var discoveryDocument = await GetDiscoveryDocumentAsync();
+
+        if (discoveryDocument?.AuthorizationEndpoint == null)
+        {
+            throw new InvalidOperationException("Authorization endpoint not found in discovery document");
+        }
+
+        var queryParams = BuildAuthorizationParameters(
+            config.ClientId,
+            config.RedirectUri,
+            "name email",
+            "code id_token",
+            state,
+            nonce,
+            "form_post"
+        );
+
+        var queryString = string.Join("&", queryParams.Select(p => $"{p.Key}={Uri.EscapeDataString(p.Value)}"));
+        return $"{discoveryDocument.AuthorizationEndpoint}?{queryString}";
+    }
+
     public override string GetAuthorizationUrl(string state, string nonce)
     {
         var config = GetProviderConfig();

DysonNetwork.Pass/Auth/OpenId/DiscordOidcService.cs

@@ -16,6 +16,11 @@ public class DiscordOidcService(
     protected override string DiscoveryEndpoint => ""; // Discord doesn't have a standard OIDC discovery endpoint
     protected override string ConfigSectionName => "Discord";
 
+    public override Task<string> GetAuthorizationUrlAsync(string state, string nonce)
+    {
+        return Task.FromResult(GetAuthorizationUrl(state, nonce));
+    }
+
     public override string GetAuthorizationUrl(string state, string nonce)
     {
         var config = GetProviderConfig();

DysonNetwork.Pass/Auth/OpenId/GitHubOidcService.cs

@@ -16,6 +16,11 @@ public class GitHubOidcService(
     protected override string DiscoveryEndpoint => ""; // GitHub doesn't have a standard OIDC discovery endpoint
     protected override string ConfigSectionName => "GitHub";
 
+    public override Task<string> GetAuthorizationUrlAsync(string state, string nonce)
+    {
+        return Task.FromResult(GetAuthorizationUrl(state, nonce));
+    }
+
     public override string GetAuthorizationUrl(string state, string nonce)
     {
         var config = GetProviderConfig();

DysonNetwork.Pass/Auth/OpenId/GoogleOidcService.cs

@@ -19,10 +19,10 @@ public class GoogleOidcService(
     protected override string DiscoveryEndpoint => "https://accounts.google.com/.well-known/openid-configuration";
     protected override string ConfigSectionName => "Google";
 
-    public override string GetAuthorizationUrl(string state, string nonce)
+    public override async Task<string> GetAuthorizationUrlAsync(string state, string nonce)
     {
         var config = GetProviderConfig();
-        var discoveryDocument = GetDiscoveryDocumentAsync().GetAwaiter().GetResult();
+        var discoveryDocument = await GetDiscoveryDocumentAsync();
 
         if (discoveryDocument?.AuthorizationEndpoint == null)
         {
@@ -48,7 +48,7 @@ public class GoogleOidcService(
 
         // Store code verifier in cache for later token exchange
         var codeVerifierKey = $"pkce:{state}";
-        cache.SetAsync(codeVerifierKey, codeVerifier, TimeSpan.FromMinutes(15)).GetAwaiter().GetResult();
+        await cache.SetAsync(codeVerifierKey, codeVerifier, TimeSpan.FromMinutes(15));
 
         var queryString = string.Join("&", queryParams.Select(p => $"{p.Key}={Uri.EscapeDataString(p.Value)}"));
         return $"{discoveryDocument.AuthorizationEndpoint}?{queryString}";

DysonNetwork.Pass/Auth/OpenId/MicrosoftOidcService.cs

@@ -20,6 +20,27 @@ public class MicrosoftOidcService(
 
     protected override string ConfigSectionName => "Microsoft";
 
+    public override async Task<string> GetAuthorizationUrlAsync(string state, string nonce)
+    {
+        var config = GetProviderConfig();
+        var discoveryDocument = await GetDiscoveryDocumentAsync();
+
+        if (discoveryDocument?.AuthorizationEndpoint == null)
+            throw new InvalidOperationException("Authorization endpoint not found in discovery document.");
+
+        var queryParams = BuildAuthorizationParameters(
+            config.ClientId,
+            config.RedirectUri,
+            "openid profile email",
+            "code",
+            state,
+            nonce
+        );
+
+        var queryString = string.Join("&", queryParams.Select(p => $"{p.Key}={Uri.EscapeDataString(p.Value)}"));
+        return $"{discoveryDocument.AuthorizationEndpoint}?{queryString}";
+    }
+
     public override string GetAuthorizationUrl(string state, string nonce)
     {
         var config = GetProviderConfig();

DysonNetwork.Pass/Auth/OpenId/OidcController.cs

@@ -43,7 +43,7 @@ public class OidcController(
                 await cache.SetAsync($"{StateCachePrefix}{state}", oidcState, StateExpiration);
 
                 // The state parameter sent to the provider is the GUID key for the cache.
-                var authUrl = oidcService.GetAuthorizationUrl(state, nonce);
+                var authUrl = await oidcService.GetAuthorizationUrlAsync(state, nonce);
                 return Redirect(authUrl);
             }
             else // Otherwise, proceed with the login / registration flow
@@ -54,7 +54,7 @@ public class OidcController(
                 // Create login state with return URL and device ID
                 var oidcState = OidcState.ForLogin(returnUrl ?? "/", deviceId);
                 await cache.SetAsync($"{StateCachePrefix}{state}", oidcState, StateExpiration);
-                var authUrl = oidcService.GetAuthorizationUrl(state, nonce);
+                var authUrl = await oidcService.GetAuthorizationUrlAsync(state, nonce);
                 return Redirect(authUrl);
             }
         }

DysonNetwork.Pass/Auth/OpenId/OidcService.cs

@@ -42,9 +42,17 @@ public abstract class OidcService(
     protected abstract string ConfigSectionName { get; }
 
     /// <summary>
-    /// Gets the authorization URL for initiating the authentication flow
+    /// Gets the authorization URL for initiating the authentication flow (async)
     /// </summary>
-    public abstract string GetAuthorizationUrl(string state, string nonce);
+    public abstract Task<string> GetAuthorizationUrlAsync(string state, string nonce);
+
+    /// <summary>
+    /// Gets the authorization URL for initiating the authentication flow (sync for backward compatibility)
+    /// </summary>
+    public virtual string GetAuthorizationUrl(string state, string nonce)
+    {
+        return GetAuthorizationUrlAsync(state, nonce).GetAwaiter().GetResult();
+    }
 
     /// <summary>
     /// Builds common authorization URL query parameters