CODEWITHSUNDEEP
c#servicestack
Steve Coleman
Steve Coleman

Reputation: 2027

Servicestack JWT UserAuth null

When using JWT from postman. I get a bearer token. But all the requests when calling UserAuth from a service are null. Also In my custom AuthUSerSession session is null.

I removed basicauth from the auth setup. pasted below. and it still authenticated with basic and the session is still null. I think I am missing something. Can someone help me out?

    public class CustomUserSession : AuthUserSession
        {
               public override bool IsAuthorized(string provider)
                {
                    string sessionKey = SessionFeature.GetSessionKey(this.Id);
                    var cacheClient = HostContext.TryResolve<ICacheClient>();

                    CustomUserSession session = cacheClient.Get<CustomUserSession>(sessionKey);
 if (session == null)
            {
                return false;
            }

            return session.IsAuthenticated;
        }
    }

//My auth setup

Plugins.Add(new AuthFeature(() => new CustomUserSession(),
                new IAuthProvider[]
                {

                    new JwtAuthProvider(AppSettings) {
                        CreatePayloadFilter = (payload,session) =>
                            payload["CreatedAt"] = session.CreatedAt.ToUnixTime().ToString(),

                        InvalidateTokensIssuedBefore = DateTime.Now,
                         SetBearerTokenOnAuthenticateResponse = true,
                        AuthKeyBase64 = AppSettings.GetString("jwt.auth.key"),
                        RequireSecureConnection = false,
                        }, //JWT TOKENS
                    new CredentialsAuthProvider(AppSettings)
                })
            {
                HtmlRedirect = "/",
            });

Upvotes: 1

Views: 101

Answers (1)

mythz
mythz

Reputation: 143369

JWT's enables stateless authentication where instead of the User Session being persisted on the server (and referenced by cookies), it's encapsulated entirely within the JWT Bearer Token.

When you're using JWT Auth, you're not using Server Sessions, the session is created from the snapshot of the User Session at the time when the JWT Bearer Token was created, i.e. typically at Authentication, or when a new Bearer Token is retrieved from the Refresh Token.

I'm not sure why you're trying to retrieve a Session from within a Session instance? The instance itself should contain the Session which is retrieved by SessionAs<T> or GetSession() APIs from an IRequest or within a Service, e.g: 

public object Any(MyRequest request)
{
   var session = SessionAs<CustomUserSession>();
}

Sessions created from JWT's only contain a partial session, the JWT docs show how you can include additional info within a JWT payload.

Upvotes: 1

Related Questions