App Platform Prometheus#131
Draft
d2dyno1 wants to merge 28 commits into
Draft
Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces “App Platform” support as an authentication/credential source for vault creation and unlocking, integrating an OIDC-based sign-in flow and server-brokered vault key retrieval/registration across the SDK, UI, Core routines, and Uno/Maui platform hosts.
Changes:
- Add App Platform auth UX (creation + login), including a device bootstrap dialog and template selector wiring.
- Add Core support for App Platform vault creation/unlock routines (DEK+MAC generated server-side flow) and JWE helpers for key wrapping/encryption.
- Add build-time detection/DI wiring for the App Platform SDK and supporting services (OIDC provider, device key store), plus supporting project/package references.
Reviewed changes
Copilot reviewed 38 out of 38 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Shared/SecureFolderFS.Shared/Models/AppPlatformVaultOptions.cs | Simplifies App Platform vault options schema. |
| src/Shared/SecureFolderFS.Shared/ComponentModel/IOidcProvider.cs | Adds shared abstraction for obtaining OIDC access tokens. |
| src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Wizard/CredentialsWizardViewModel.cs | Adds App Platform-specific vault creation + server registration path. |
| src/Sdk/SecureFolderFS.Sdk/ViewModels/Views/Overlays/DeviceSetupOverlayViewModel.cs | Adds overlay VM for device bootstrap passphrase prompt/reset flow. |
| src/Sdk/SecureFolderFS.Sdk/ViewModels/Controls/LoginViewModel.cs | Routes unlock through App Platform routine when the method is used. |
| src/Sdk/SecureFolderFS.Sdk/ViewModels/Controls/Authentication/IAppPlatformVaultRegistration.cs | Adds contract for registering newly created vault keys to server. |
| src/Sdk/SecureFolderFS.Sdk/Services/IVaultManagerService.cs | Adds App Platform create/unlock APIs to the vault manager interface. |
| src/Platforms/SecureFolderFS.Uno/Views/Vault/VaultDashboardPage.xaml.cs | Adjusts navigation lifecycle ordering. |
| src/Platforms/SecureFolderFS.Uno/UserControls/RegisterControl.xaml | Adds App Platform creation template to the register control. |
| src/Platforms/SecureFolderFS.Uno/UserControls/LoginControl.xaml | Enables App Platform login UI (replaces “not supported” warning). |
| src/Platforms/SecureFolderFS.Uno/TemplateSelectors/RegistrationTemplateSelector.cs | Adds template selection support for App Platform creation VM. |
| src/Platforms/SecureFolderFS.Uno/ServiceImplementation/UnoDialogService.cs | Wires new device setup dialog overlay. |
| src/Platforms/SecureFolderFS.Uno/ServiceImplementation/FileDeviceKeyStore.cs | Adds (temporary) file-backed device key persistence for desktop. |
| src/Platforms/SecureFolderFS.Uno/SecureFolderFS.Uno.csproj | Adds dialog XAML items and fixes constant definitions aggregation. |
| src/Platforms/SecureFolderFS.Uno/Platforms/Windows/ServiceImplementation/WindowsVaultCredentialsService.cs | Exposes App Platform auth in creation/login method enumeration. |
| src/Platforms/SecureFolderFS.Uno/Platforms/Windows/Helpers/WindowsLifecycleHelper.cs | Registers OIDC provider and device key store in DI (Windows). |
| src/Platforms/SecureFolderFS.Uno/Platforms/Desktop/ServiceImplementation/SkiaVaultCredentialsService.cs | Exposes App Platform auth in creation/login method enumeration (Skia). |
| src/Platforms/SecureFolderFS.Uno/Platforms/Desktop/Helpers/SkiaLifecycleHelper.cs | Registers OIDC provider and device key store in DI (Skia). |
| src/Platforms/SecureFolderFS.Uno/Dialogs/DeviceSetupDialog.xaml.cs | Implements the App Platform device setup dialog behavior. |
| src/Platforms/SecureFolderFS.Uno/Dialogs/DeviceSetupDialog.xaml | Adds the App Platform device setup dialog UI. |
| src/Platforms/SecureFolderFS.UI/ViewModels/Authentication/AppPlatformLoginViewModel.cs | Implements OIDC + device bootstrap + vault key decrypt flow for login. |
| src/Platforms/SecureFolderFS.UI/ViewModels/Authentication/AppPlatformCreationViewModel.cs | Implements OIDC auth + vault key registration flow for creation. |
| src/Platforms/SecureFolderFS.UI/ServiceImplementation/VaultManagerService.cs | Implements App Platform create/unlock via new routines. |
| src/Platforms/SecureFolderFS.UI/SecureFolderFS.UI.csproj | Enables unsafe blocks and conditionally references App Platform SDK. |
| src/Platforms/SecureFolderFS.Maui/Platforms/iOS/ServiceImplementation/IOSVaultCredentialsService.cs | Passes vault folder into App Platform login VM. |
| src/Platforms/SecureFolderFS.Maui/Platforms/Android/ServiceImplementation/AndroidVaultCredentialsService.cs | Passes vault folder into App Platform login VM. |
| src/Platforms/Directory.Packages.props | Adds package versions used by platform projects (incl. jose-jwt). |
| src/Platforms/Directory.Build.props | Adds App Platform SDK detection and compile-time constant. |
| src/Core/SecureFolderFS.Core/VaultAccess/VaultParser.cs | Updates configuration MAC computation to include App Platform ServerUrl. |
| src/Core/SecureFolderFS.Core/Routines/Operational/VaultRoutines.cs | Adds create/unlock routines for App Platform vaults. |
| src/Core/SecureFolderFS.Core/Routines/Operational/AppPlatformUnlockRoutine.cs | New unlock routine accepting DEK‖MAC directly. |
| src/Core/SecureFolderFS.Core/Routines/Operational/AppPlatformCreationRoutine.cs | New creation routine generating DEK+MAC internally (no keystore.cfg). |
| src/Core/SecureFolderFS.Core/Models/SecurityWrapper.cs | Exposes KeyPair via wrapper for consumers that need raw key access. |
| src/Core/SecureFolderFS.Core.Cryptography/SecureFolderFS.Core.Cryptography.csproj | Adds jose-jwt dependency for JWE helpers. |
| src/Core/SecureFolderFS.Core.Cryptography/Jwe/JweHelper.cs | Adds JWE encrypt/decrypt helpers for vault key material. |
| src/Core/SecureFolderFS.Core.Cryptography/Jwe/EcKeyHelper.cs | Adds EC P-256 JWK import/export and thumbprint support. |
| src/Core/SecureFolderFS.Core.Cryptography/Jwe/AccountKeyHelper.cs | Adds PBES2-based wrapping for account key bootstrap flow. |
| SecureFolderFS.slnx | Adds App Platform SDK project to the solution. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
Author
|
Wow! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Tasklist