'ServiceStack v6 JWTAuthProvider doesn't return bearer and resfresh tokens

I downloaded the .NET6 project template from ServiceStack web, fiddling around and successfully setup the authentication using CredentialAuthProvider. However when adding the JwtAuthProvider, it won't return the expected tokens (bearer and refresh) ~ both tested in PostMan and ServiceStack API Explorer. It always return the same response as the CredentialAuthProvider's response as follow:

{
    "userId": "1",
    "sessionId": "MLheS29QdaaynocpNYLN",
    "userName": "[email protected]",
    "displayName": "Admin User",
    "profileUrl": "...",
    "roles": ["Admin"],
    "permissions": []
}

Here is my AuthFeature setup:

var privateKey = RsaUtils.CreatePrivateKeyParams(RsaKeyLengths.Bit2048);
appHost.Plugins.Add(new AuthFeature(() => new CustomUserSession(),
    new IAuthProvider[] {
        new JwtAuthProvider(appSettings)
        {
            HashAlgorithm = "RS256",
            PrivateKeyXml = privateKey.ToPrivateKeyXml(),
            RequireSecureConnection = false,
            SetBearerTokenOnAuthenticateResponse = true, 
        },
        new CredentialsAuthProvider(appSettings),     /* Sign In with Username / Password credentials */
}));

For testing the population of tokens I use the DummyAuthProvider below and add it to the IAuthProvider array:

public class DummyAuthProvider : AuthProvider, IAuthResponseFilter
{
    public DummyAuthProvider() => Provider = "dummy";

    public Task ExecuteAsync(AuthFilterContext authContext)
    {
        //throw new NotImplementedException();
        var jwt = (JwtAuthProvider)AuthenticateService.GetJwtAuthProvider();

        var session = authContext.Session;
        var authService = authContext.AuthService;
        
        var shouldReturnTokens = authContext.DidAuthenticate;
        if (shouldReturnTokens && jwt.SetBearerTokenOnAuthenticateResponse && session.IsAuthenticated)
        {
            if (!jwt.RequireSecureConnection || authService.Request.IsSecureConnection)
            {
                //... will populate jwt tokens
            }
        }
       
        //.. wont populate jwt tokens
    
        return Task.CompletedTask;
    }
}

The result is it actually populated jwt tokens. However the API response NOT include the populated tokens.

Any insight on this is much appreciated.

authenticationjwtservicestack


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions