From 2c78ed106c8ebb42f65cae3e0ae78c3dda9125a2 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Fri, 29 May 2026 09:01:21 +0200
Subject: [PATCH] Add CookieNames helper for constructing cookie names

Introduce a new static class `CookieNames` in the `DigitalData.Auth.Claims` namespace to centralize and standardize the construction of cookie names for envelope receiver tokens.

- Added `GetEnvelopeReceiverCookieName` methods to generate cookie names with or without a default cookie name.
- Updated `AuthController` to use the `CookieNames` helper for constructing cookie names, replacing direct concatenation logic.
- Improved maintainability and consistency of cookie naming conventions across the application.
---
 DigitalData.Auth.Claims/CookieNames.cs        | 27 +++++++++++++++++++
 .../Controllers/AuthController.cs             |  3 ++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 DigitalData.Auth.Claims/CookieNames.cs

diff --git a/DigitalData.Auth.Claims/CookieNames.cs b/DigitalData.Auth.Claims/CookieNames.cs
new file mode 100644
index 0000000..8efcdce
--- /dev/null
+++ b/DigitalData.Auth.Claims/CookieNames.cs
@@ -0,0 +1,27 @@
+namespace DigitalData.Auth.Claims
+{
+    /// <summary>
+    /// Provides helpers for building cookie names used in the DigitalData.Auth ecosystem.
+    /// </summary>
+    public static class CookieNames
+    {
+        private const string ReceiverSuffix = "SignFLOWReceiver.";
+
+        /// <summary>
+        /// Builds the cookie name for an envelope receiver token.
+        /// </summary>
+        /// <param name="defaultCookieName">The base cookie name configured in <c>AuthApiParams</c>.</param>
+        /// <param name="key">The unique envelope receiver key.</param>
+        /// <returns>A cookie name in the format <c>{defaultCookieName}SignFLOWReceiver.{key}</c>.</returns>
+        public static string GetEnvelopeReceiverCookieName(string defaultCookieName, string key)
+            => defaultCookieName + ReceiverSuffix + key;
+
+        /// <summary>
+        /// Builds the cookie name for an envelope receiver token. This overload assumes a default cookie name of "AuthToken".
+        /// </summary>
+        /// <param name="key">The unique envelope receiver key.</param>
+        /// <returns>A cookie name in the format <c>{defaultCookieName}SignFLOWReceiver.{key}</c>.</returns>
+        public static string GetEnvelopeReceiverCookieName(string key)
+            => "AuthToken" + ReceiverSuffix + key;
+    }
+}
diff --git a/src/DigitalData.Auth.API/Controllers/AuthController.cs b/src/DigitalData.Auth.API/Controllers/AuthController.cs
index 94ecc85..bc898c0 100644
--- a/src/DigitalData.Auth.API/Controllers/AuthController.cs
+++ b/src/DigitalData.Auth.API/Controllers/AuthController.cs
@@ -2,6 +2,7 @@
 using DigitalData.Auth.API.Entities;
 using DigitalData.Auth.API.Models;
 using DigitalData.Auth.API.Services.Contracts;
+using DigitalData.Auth.Claims;
 using DigitalData.Core.Abstraction.Application;
 using DigitalData.Core.Abstraction.Application.DTO;
 using DigitalData.Core.Abstractions.Security.Extensions;
@@ -258,7 +259,7 @@ namespace DigitalData.Auth.API.Controllers
             if (cookie)
             {
                 var cookieOptions = consumer.CookieOptions ?? _apiParams.DefaultCookieOptions;
-                Response.Cookies.Append(_apiParams.DefaultCookieName, token, cookieOptions.Create(lifetime: descriptor.Lifetime));
+                Response.Cookies.Append(CookieNames.GetEnvelopeReceiverCookieName(_apiParams.DefaultCookieName, key), token, cookieOptions.Create(lifetime: descriptor.Lifetime));
                 return Ok();
             }
             else