[Blazor] Remove obsolete APIs from Components

[tomerqodo]

Benchmark PR from agentic-review-benchmarks#6

Summary by CodeRabbit

• Chores
  • Removed deprecated APIs across Components, Forms, WebAssembly, and Web modules that were previously marked obsolete. Applications relying on these deprecated APIs will need to migrate to their recommended replacements.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request removes multiple obsolete public APIs and classes across ASP.NET Core Components modules, including deprecation of Router's PreferExactMatches property, EditContext validation extension methods, RemoteBrowserFileStreamOptions class, WebEventCallbackFactoryEventArgsExtensions, SignOutSessionStateManager, and coordinated updates to WebAssembly authentication components.

Changes

Cohort / File(s)	Summary
Router Component Obsolescence src/Components/Components/src/Routing/Router.cs, src/Components/Components/src/PublicAPI.Unshipped.txt	Removed obsolete PreferExactMatches property from Router component that controlled route matching behavior.
EditContext Validation Extensions src/Components/Forms/src/EditContextDataAnnotationsExtensions.cs, src/Components/Forms/src/PublicAPI.Unshipped.txt, src/Components/Forms/test/EditContextDataAnnotationsExtensionsTest.cs	Removed obsolete AddDataAnnotationsValidation() and EnableDataAnnotationsValidation() overload extension methods; retained EnableDataAnnotationsValidation(EditContext, IServiceProvider) variant.
RemoteBrowserFileStreamOptions Removal src/Components/Web/src/Forms/InputFile/RemoteBrowserFileStreamOptions.cs	Deleted entire obsolete class exposing file streaming configuration (MaxSegmentSize, MaxBufferSize, SegmentFetchTimeout).
WebEventCallbackFactory Extensions Removal src/Components/Web/src/Web/WebEventCallbackFactoryEventArgsExtensions.cs	Removed entire static extension class with 20 obsolete Create overloads for various EventArgs types (Clipboard, Drag, Error, Focus, Keyboard, Mouse, Pointer, Progress, Touch, Wheel).
Web Public API Surface Cleanup src/Components/Web/src/PublicAPI.Unshipped.txt	Removed public API declarations for RemoteBrowserFileStreamOptions, WebEventCallbackFactoryEventArgsExtensions, FileDownload media components (FileDownload, Image, Video, MediaComponentBase, MediaSource, MediaContext).
WebRenderer Init Accessor src/Components/Web/src/WebRenderer.cs	Removed init-only setter and Obsolete attribute from RendererId property, making it fully read-only.
JSInterop Internal Calls src/Components/WebAssembly/JSInterop/src/InternalCalls.cs	Removed obsolete generic InvokeJS<T0, T1, T2, TRes> method.
WebAssembly Auth: SignOutSessionStateManager Removal src/Components/WebAssembly/WebAssembly.Authentication/src/Services/SignOutSessionStateManager.cs, src/Components/WebAssembly/WebAssembly.Authentication/src/WebAssemblyAuthenticationServiceCollectionExtensions.cs, src/Components/WebAssembly/WebAssembly.Authentication/test/RemoteAuthenticatorCoreTests.cs	Deleted entire obsolete CSRF-protection class for logout state management; removed registration and related test.
AccessTokenResult Redesign src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenResult.cs, src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt	Replaced obsolete RedirectUrl property with InteractiveRequestUrl and new InteractionOptions property; updated constructor signature.
RemoteAuthenticationService Constructor Cleanup src/Components/WebAssembly/WebAssembly.Authentication/src/Services/RemoteAuthenticationService.cs	Removed obsolete 4-parameter constructor overload; retained primary constructor with Logger.
RemoteAuthenticatorViewCore SignOutManager Removal src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs	Removed injected SignOutManager dependency; simplified logout validation to use ValidateSignOutRequestState directly.
AccessTokenNotAvailableException Navigation Update src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenNotAvailableException.cs	Updated Redirect() to use InteractiveRequestUrl instead of obsolete RedirectUrl.
JSInteropMethods Location Change src/Components/WebAssembly/WebAssembly/src/Infrastructure/JSInteropMethods.cs, src/Components/WebAssembly/WebAssembly/src/PublicAPI.Unshipped.txt	Updated NotifyLocationChanged(string uri, bool isInterceptedLink) to NotifyLocationChanged(string uri, string? state, bool isInterceptedLink) with JSInvokable attribute.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 Whiskers twitching with delight,
Old APIs fade away tonight,
Clean code hops forward, fresh and new,
Obsolete baggage bid adieu! ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is minimal and does not follow the required template structure. It only includes a single line referencing a benchmark PR URL without providing the required sections: summary, description, or issue reference.	Expand the description to include a detailed explanation of changes, rationale for removing these obsolete APIs, and reference the issue being fixed using the format 'Fixes #{bug number}'.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title '[Blazor] Remove obsolete APIs from Components' clearly and concisely summarizes the main change: removing obsolete APIs from the Blazor Components library.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In
`@src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenNotAvailableException.cs`:
- Around line 38-45: The code currently passes the nullable
_tokenResult.InteractiveRequestUrl directly to _navigation.NavigateToLogin and
uses the null-forgiving operator for _navigation.NavigateTo; update
AccessTokenNotAvailableException handling to first check if
_tokenResult.InteractiveRequestUrl is null and if so throw a clear exception
(e.g., InvalidOperationException/ArgumentNullException) to fail fast, otherwise
call _navigation.NavigateToLogin(_tokenResult.InteractiveRequestUrl) when
_tokenResult.InteractionOptions != null or
_navigation.NavigateTo(_tokenResult.InteractiveRequestUrl) when
InteractionOptions is null; ensure you reference _tokenResult,
InteractionOptions, InteractiveRequestUrl, _navigation.NavigateToLogin and
_navigation.NavigateTo in the fix.

🧹 Nitpick comments (1)

src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs (1)

290-292: Clarify the purpose of Task.Yield() here.

The comment states "Ensure we're authenticated before proceeding with sign-out", but Task.Yield() simply yields control to the scheduler and doesn't directly ensure authentication state readiness. If this is meant to allow pending async operations (like authentication state initialization) to complete, consider adding a more descriptive comment explaining the specific timing issue this addresses.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between abb3471 and fec6351.

📒 Files selected for processing (20)

• src/Components/Components/src/PublicAPI.Unshipped.txt
• src/Components/Components/src/Routing/Router.cs
• src/Components/Forms/src/EditContextDataAnnotationsExtensions.cs
• src/Components/Forms/src/PublicAPI.Unshipped.txt
• src/Components/Forms/test/EditContextDataAnnotationsExtensionsTest.cs
• src/Components/Web/src/Forms/InputFile/RemoteBrowserFileStreamOptions.cs
• src/Components/Web/src/PublicAPI.Unshipped.txt
• src/Components/Web/src/Web/WebEventCallbackFactoryEventArgsExtensions.cs
• src/Components/Web/src/WebRenderer.cs
• src/Components/WebAssembly/JSInterop/src/InternalCalls.cs
• src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt
• src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs
• src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenNotAvailableException.cs
• src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenResult.cs
• src/Components/WebAssembly/WebAssembly.Authentication/src/Services/RemoteAuthenticationService.cs
• src/Components/WebAssembly/WebAssembly.Authentication/src/Services/SignOutSessionStateManager.cs
• src/Components/WebAssembly/WebAssembly.Authentication/src/WebAssemblyAuthenticationServiceCollectionExtensions.cs
• src/Components/WebAssembly/WebAssembly.Authentication/test/RemoteAuthenticatorCoreTests.cs
• src/Components/WebAssembly/WebAssembly/src/Infrastructure/JSInteropMethods.cs
• src/Components/WebAssembly/WebAssembly/src/PublicAPI.Unshipped.txt

💤 Files with no reviewable changes (13)

• src/Components/WebAssembly/WebAssembly.Authentication/src/WebAssemblyAuthenticationServiceCollectionExtensions.cs
• src/Components/Components/src/Routing/Router.cs
• src/Components/Web/src/Forms/InputFile/RemoteBrowserFileStreamOptions.cs
• src/Components/WebAssembly/JSInterop/src/InternalCalls.cs
• src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenResult.cs
• src/Components/WebAssembly/WebAssembly.Authentication/test/RemoteAuthenticatorCoreTests.cs
• src/Components/Forms/test/EditContextDataAnnotationsExtensionsTest.cs
• src/Components/WebAssembly/WebAssembly.Authentication/src/Services/RemoteAuthenticationService.cs
• src/Components/Web/src/WebRenderer.cs
• src/Components/Forms/src/EditContextDataAnnotationsExtensions.cs
• src/Components/WebAssembly/WebAssembly/src/Infrastructure/JSInteropMethods.cs
• src/Components/Web/src/Web/WebEventCallbackFactoryEventArgsExtensions.cs
• src/Components/WebAssembly/WebAssembly.Authentication/src/Services/SignOutSessionStateManager.cs

🧰 Additional context used

🪛 LanguageTool

src/Components/Forms/src/PublicAPI.Unshipped.txt

[style] ~3-~3: Using many exclamation marks might seem excessive (in this case: 4 exclamation marks for a text that’s 475 characters long)
Context: ...text! editContext) -> System.IDisposable!

(EN_EXCESSIVE_EXCLAMATION)

🔇 Additional comments (7)

src/Components/WebAssembly/WebAssembly/src/PublicAPI.Unshipped.txt (1)

2-3: LGTM!

The removal of the two-parameter NotifyLocationChanged overloads is consistent with the PR's objective of removing obsolete APIs. Per the summary, these are replaced with a three-parameter version that includes a state parameter.

src/Components/Components/src/PublicAPI.Unshipped.txt (1)

2-4: LGTM!

The removal of the ResourceAsset constructor overload and Router.PreferExactMatches property aligns with the PR's objective of removing obsolete APIs. These changes reduce the public API surface as intended.

src/Components/WebAssembly/WebAssembly.Authentication/src/RemoteAuthenticatorViewCore.cs (2)

279-286: LGTM on the simplified sign-out validation.

The removal of SignOutSessionStateManager and direct use of ValidateSignOutRequestState() simplifies the logout flow. The validation correctly rejects sign-out attempts that weren't initiated through proper navigation state (i.e., GetCachedNavigationState() returns null or has a different interaction type).

---

380-383: LGTM!

The ValidateSignOutRequestState() implementation correctly validates that the sign-out request originated from within the application by checking that the cached navigation state has an InteractionType.SignOut interaction. The null-conditional operator ensures safe handling when navigation state is absent.

src/Components/WebAssembly/WebAssembly.Authentication/src/PublicAPI.Unshipped.txt (1)

2-8: LGTM!

The removal of obsolete APIs is consistent with the PR objectives:

• AccessTokenResult constructor and RedirectUrl property removed (replaced with InteractiveRequestUrl and InteractionOptions)
• RemoteAuthenticationService constructor overload removed (now requires Logger parameter)
• SignOutSessionStateManager class entirely removed, aligning with the simplified sign-out flow in RemoteAuthenticatorViewCore.cs

src/Components/Web/src/PublicAPI.Unshipped.txt (1)

2-31: LGTM!

Comprehensive removal of obsolete public API surface:

• RemoteBrowserFileStreamOptions class and all its configuration properties
• WebRenderer.RendererId init-only setter (now read-only)
• WebEventCallbackFactoryEventArgsExtensions and all 20 Create overloads for various event args types

These removals align with the PR's objective of cleaning up obsolete APIs across the Components modules.

src/Components/Forms/src/PublicAPI.Unshipped.txt (1)

2-3: LGTM!

The removal of the obsolete AddDataAnnotationsValidation and parameterless EnableDataAnnotationsValidation extension methods is appropriate. The non-obsolete EnableDataAnnotationsValidation(EditContext, IServiceProvider) overload remains available for proper dependency injection support.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify where InteractiveRequestUrl and RedirectUrl are populated and how Redirect() is used.

echo "=== AccessTokenResult class definition ==="
rg -n "class AccessTokenResult\b" -A 15 src/Components/WebAssembly/WebAssembly.Authentication

echo ""
echo "=== InteractiveRequestUrl and RedirectUrl usage ==="
rg -n "InteractiveRequestUrl|RedirectUrl" -B 2 -A 2 src/Components/WebAssembly/WebAssembly.Authentication

echo ""
echo "=== AccessTokenNotAvailableException.Redirect() method ==="
rg -n "void Redirect\(\)" -A 15 src/Components/WebAssembly/WebAssembly.Authentication

Repository: qodo-benchmark/aspnetcore-combined-coderabbit

Length of output: 14695

---

🏁 Script executed:

#!/bin/bash
echo "=== Calls to Redirect() method ==="
rg -n "\.Redirect\(\)" -B 3 -A 1 src/Components/WebAssembly/WebAssembly.Authentication

echo ""
echo "=== NavigateToLogin and NavigateTo method signatures ==="
rg -n "NavigateToLogin|NavigateTo" -B 1 -A 3 src/Components/WebAssembly/WebAssembly.Authentication | head -50

echo ""
echo "=== AccessTokenNotAvailableException constructor and full context ==="
rg -n "class AccessTokenNotAvailableException" -A 30 src/Components/WebAssembly/WebAssembly.Authentication

Repository: qodo-benchmark/aspnetcore-combined-coderabbit

Length of output: 12829

---

🏁 Script executed:

#!/bin/bash
echo "=== NavigateToLogin extension method definition ==="
rg -n "NavigateToLogin" -B 2 -A 5 src/Components/WebAssembly/WebAssembly.Authentication | grep -A 7 "extension\|method\|void\|public"

echo ""
echo "=== Check for invariants or guards before calling Redirect() ==="
rg -n "\.Redirect\(\)" -B 5 -A 1 --type cs src/

echo ""
echo "=== Check how AccessTokenResult is created ==="
rg -n "new AccessTokenResult" -B 2 -A 2 src/Components/WebAssembly/WebAssembly.Authentication

Repository: qodo-benchmark/aspnetcore-combined-coderabbit

Length of output: 13537

---

🏁 Script executed:

#!/bin/bash
echo "=== AccessTokenResult.Status and documentation ==="
rg -n "enum AccessTokenResultStatus|class AccessTokenResult" -A 20 src/Components/WebAssembly/WebAssembly.Authentication | head -60

echo ""
echo "=== Check if there are preconditions/guards for calling Redirect() ==="
cat src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenNotAvailableException.cs

Repository: qodo-benchmark/aspnetcore-combined-coderabbit

Length of output: 9897

---

Add null checks before navigating with InteractiveRequestUrl.

Line 40 passes InteractiveRequestUrl (which is nullable string?) directly to NavigateToLogin, which expects a non-nullable string. Additionally, line 44 uses a null-forgiving operator without runtime validation. Since InteractiveRequestUrl can be null even when InteractionOptions is null, add explicit null checks or throw an exception to fail fast rather than silently navigating to a null/invalid URL.

Suggested fix

         if (_tokenResult.InteractionOptions != null)
         {
-            _navigation.NavigateToLogin(_tokenResult.InteractiveRequestUrl, _tokenResult.InteractionOptions);
+            if (string.IsNullOrEmpty(_tokenResult.InteractiveRequestUrl))
+            {
+                throw new InvalidOperationException("Interactive request URL is required when interaction options are specified.");
+            }
+            _navigation.NavigateToLogin(_tokenResult.InteractiveRequestUrl, _tokenResult.InteractionOptions);
         }
         else
         {
-            _navigation.NavigateTo(_tokenResult.InteractiveRequestUrl!);
+            if (string.IsNullOrEmpty(_tokenResult.InteractiveRequestUrl))
+            {
+                throw new InvalidOperationException("Interactive request URL is required for token provisioning.");
+            }
+            _navigation.NavigateTo(_tokenResult.InteractiveRequestUrl);
         }

🤖 Prompt for AI Agents

In
`@src/Components/WebAssembly/WebAssembly.Authentication/src/Services/AccessTokenNotAvailableException.cs`
around lines 38 - 45, The code currently passes the nullable
_tokenResult.InteractiveRequestUrl directly to _navigation.NavigateToLogin and
uses the null-forgiving operator for _navigation.NavigateTo; update
AccessTokenNotAvailableException handling to first check if
_tokenResult.InteractiveRequestUrl is null and if so throw a clear exception
(e.g., InvalidOperationException/ArgumentNullException) to fail fast, otherwise
call _navigation.NavigateToLogin(_tokenResult.InteractiveRequestUrl) when
_tokenResult.InteractionOptions != null or
_navigation.NavigateTo(_tokenResult.InteractiveRequestUrl) when
InteractionOptions is null; ensure you reference _tokenResult,
InteractionOptions, InteractiveRequestUrl, _navigation.NavigateToLogin and
_navigation.NavigateTo in the fix.