CredentialsAuthProvider safety

I have a client that sends additional information during authorization, I save it in the object field and save it when authorization is successful. The question is whether CredentialsAuthProvider thread-safe? Will this work correctly? If not the best way to implement the required functionality.
Thanks in advance.

public class FKMCredentialsAuthProvider : CredentialsAuthProvider, IAuthResponseFilter {
        private static readonly ILog Logger = LogManager.GetLogger(typeof(UsersManagementServices));
        private Dictionary<string, string> Meta { get; set; }
        private MongoClient MongoClient { get; set; }

        public FKMCredentialsAuthProvider() {
            MongoClient = DbAccess.Instance.MongoClient;
        }

        public void Execute(AuthFilterContext authContext) {
            //ma//authContext.AuthResponse.ProfileUrl = null;
        }

        public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request) {
            Meta = request.Meta;
            return base.Authenticate(authService, session, request);
        }

        public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo) {
            try {
                var collection = MongoClient
                     .GetDatabase(DbAccess.Instance.DbName)
                     .GetCollection<UserAuthHistory>("UserAuthHistory");

                var androidId = Meta?.ContainsKey("androidId") ?? false ? $"{Meta["androidId"]}" : "";
                var id = Utils.GetDeviceId(session.UserName, androidId);

                collection.UpdateOne(x => x.Id == id,
                    Builders<UserAuthHistory>
                        .Update
                            .Set(x => x.Id, id)
                            .Set(x => x.UserName, session.UserName)
                            .Set(x => x.LastAuthDateUtc, DateTime.UtcNow)
                            .Set(x => x.Meta, Meta),
                    new UpdateOptions { IsUpsert = true });
            }
            catch (System.Exception e) {
                Logger.Error(e.Message, e);
            }

            return base.OnAuthenticated(authService, session, tokens, authInfo);
        }
    }

The AuthProvider is a singleton instance which is ThreadSafe itself as it’s never mutating instance variables or accessing non-ThreadSafe dependencies, but your implementation isn’t.

Don’t store anything in instance variables, store any per-request info in IRequest.Items which you can get from authService.Request, access any instance dependencies in a using statement in your implementation which you can resolve with authService.TryResolve<T>.

Thanks Demis!!! changed the code as follows, looks better :slight_smile:

  public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo) {
            if (authService.Request.Dto is Authenticate) {                
                try {
                    var meta = (authService.Request.Dto as Authenticate).Meta;
                    ...
           }
    ...
   }