问题
- ServiceStack Version 5.0
- ServiceStack Typescript Client Version 0.0.40
The following code calls my Auth microservice and successfully authenticates a user and returned there bearer token:
var request = new Authenticate();
request.provider = "credentials";
request.userName = userName;
request.password = password;
request.useTokenCookie = true;
this.client.post(request)
.then(res => {
if (res.bearerToken != null) {
console.log('auth success', res);
console.log('auth refresh token', res.refreshToken);
resolve(true);
}
resolve(false);
}, msg => {
console.log('log in failed');
reject(msg);
})
The problem is there is no refresh token return from my Auth microservice:
My configuration for my Auth Microservice:
Plugins.Add(new AuthFeature(() => new CustomUserSession(),
new IAuthProvider[] {
new JwtAuthProvider
{
HashAlgorithm = AuthSettings.HashAlgorithm,
RequireSecureConnection = requireSecureConnection,
AuthKeyBase64 = AuthSettings.JwtAuthKeyBase64,
ExpireTokensIn = TimeSpan.FromHours(_configuration["AuthSettings:ExpireTokensIn"].ToDouble()),
ExpireRefreshTokensIn = TimeSpan.FromHours(_configuration["AuthSettings:ExpireRefreshTokensIn"].ToDouble()),
CreatePayloadFilter = (payload,session) => {
payload["zipCode"] = ((CustomUserSession)session).ZipCode;
},
PopulateSessionFilter = AuthSettings.PopulateSessionFilterImplementation
},
new CustomCredentialsAuthProvider((ITsoContext)_serviceProvider.GetService(typeof(ITsoContext))) //HTML Form post of User/Pass
}));
回答1:
If you're overriding CredentialsAuthProvider with a Custom AuthProvider make sure you're also setting Authentication was performed with:
authService.Request.Items[Keywords.DidAuthenticate] = true;
Support for JWT RefreshTokens also requires a registered AuthRepository.
If you're using a Custom AuthProvider without an IAuthRepository I've just added support for implementing IUserSessionSource as an alternative source to populating Sessions in new JWT Tokens, which you can utilize by registering it in your IOC or having your Custom AuthProvider implement:
public interface IUserSessionSource
{
IAuthSession GetUserSession(string userAuthId);
}
The implementation should only return a populated IAuthSession if they're allowed to sign-in, i.e. if their account is suspended it should throw an Exception like:
throw HttpError.Forbidden("User is suspended");
Support for IUserSessionSource is available from ServiceStack v5 that's now available on MyGet. Please review v5 changes before upgrading.
来源:https://stackoverflow.com/questions/47403428/refreshtoken-undefined-after-successful-authentication-servicestack