CODEWITHSUNDEEP
servicestackrefresh-token
long huynh
long huynh

Reputation: 67

Refresh token with JwtAuthProviderReader

I'm wondering the best pratice to use refresh-token with JwtAuthProviderReader. At the moment when my jwt expires I send a request /access-token to get a new one.

 var jwt = authClient.Send(new GetAccessToken() {RefreshToken = Request.GetCookieValue("ss-refreshtok") }).AccessToken;
            Response.SetCookie(new Cookie()
            {
                Path = "/",
                Name = "ss-tok",
                Value = jwt
            });

My problem is I get "Token has expired" even though I already set the new jwt to the cookie. I have to refresh the page a few time before it's valid...

Here is my Authenticate Service :

   public class AuthenticationHandler: Service
   {
    private readonly JsonServiceClient authClient;
    public AuthenticationHandler()
    {
        authClient = new JsonServiceClient("http://localhost/authentication/");
    }
    [Authenticate]
    public GetAuthenticationContextResponse Get(GetAuthenticationContext request)
    {

        var authSession = this.SessionAs<MyAbaxAuthSession>();
        return new GetAuthenticationContextResponse
        {
            CustomerId = authSession.CustomerId,
            UserId = int.Parse(authSession.UserAuthId)
        };
    }

    public UserAuthenticateResponse Post(UserAuthenticate request)
    {

        var response = authClient.Send(new Authenticate
        {
            provider = "credentials",
            UserName = request.UserName,
            Password = request.Password,
            UseTokenCookie = true
        });
        Response.SetCookie(new Cookie()
        {
            Path = "/",
            Name = "ss-tok",
            Value = response.BearerToken
        });

        Response.SetCookie(new Cookie()
        {
            Path = "/",
            Name = "ss-refreshtok",
            Value = response.RefreshToken
        });
        return new UserAuthenticateResponse();
    }
}

Upvotes: 1

Views: 237

Answers (1)

mythz
mythz

Reputation: 143339

Please refer to the JWT docs on how to access your JWT RefreshToken, i.e. It's returned in RefreshToken property after a successful Authentication:

var response = client.Post(new Authenticate {
    provider = "credentials",
    UserName = userName,
    Password = password,
});

var jwtToken = response.BearerToken;
var refreshToken = response.RefreshToken;

Upvotes: 1

Related Questions