身份验证成功后刷新令牌未定义 ServiceStack [英] RefreshToken undefined after successful Authentication ServiceStack

问题描述

• ServiceStack 5.0 版
• ServiceStack Typescript 客户端版本 0.0.40

以下代码调用我的 Auth 微服务并成功验证用户并返回不记名令牌:

The following code calls my Auth microservice and successfully authenticates a user and returned there bearer token:

var request = new Authenticate();
request.provider = "credentials";
request.userName = userName;
request.password = password;
request.useTokenCookie = true;

this.client.post(request)
.then(res => {
    if (res.bearerToken != null) {
    console.log('auth success', res);
    console.log('auth refresh token', res.refreshToken);
    resolve(true);
    }
    resolve(false);
}, msg => {
    console.log('log in failed');
    reject(msg);
})

问题是我的 Auth 微服务没有返回刷新令牌:

The problem is there is no refresh token return from my Auth microservice:

我的 Auth 微服务配置:

My configuration for my Auth Microservice:

Plugins.Add(new AuthFeature(() => new CustomUserSession(),
    new IAuthProvider[] {
        new JwtAuthProvider
        {
            HashAlgorithm = AuthSettings.HashAlgorithm,
            RequireSecureConnection = requireSecureConnection,
            AuthKeyBase64 = AuthSettings.JwtAuthKeyBase64,
            ExpireTokensIn        = TimeSpan.FromHours(_configuration["AuthSettings:ExpireTokensIn"].ToDouble()),
            ExpireRefreshTokensIn = TimeSpan.FromHours(_configuration["AuthSettings:ExpireRefreshTokensIn"].ToDouble()),
            CreatePayloadFilter = (payload,session) => {
                    payload["zipCode"] = ((CustomUserSession)session).ZipCode;
            },
            PopulateSessionFilter = AuthSettings.PopulateSessionFilterImplementation
        },
        new CustomCredentialsAuthProvider((ITsoContext)_serviceProvider.GetService(typeof(ITsoContext))) //HTML Form post of User/Pass
    }));

推荐答案

如果您使用自定义 AuthProvider 覆盖 CredentialsAuthProvider，请确保您也是 设置身份验证执行:

If you're overriding CredentialsAuthProvider with a Custom AuthProvider make sure you're also setting Authentication was performed with:

authService.Request.Items[Keywords.DidAuthenticate] = true;

对 JWT RefreshToken 的支持也需要注册的 AuthRepository.

Support for JWT RefreshTokens also requires a registered AuthRepository.

如果您使用的是没有 IAuthRepository 的自定义 AuthProvider，我刚刚添加了对实现 IUserSessionSource 的支持，作为在新的 JWT 令牌中填充会话的替代来源，它您可以通过在您的 IOC 中注册它或让您的自定义 AuthProvider 实现来使用:

If you're using a Custom AuthProvider without an IAuthRepository I've just added support for implementing IUserSessionSource as an alternative source to populating Sessions in new JWT Tokens, which you can utilize by registering it in your IOC or having your Custom AuthProvider implement:

public interface IUserSessionSource
{
    IAuthSession GetUserSession(string userAuthId);
}

如果他们被允许登录，实现应该只返回一个填充的 IAuthSession，即如果他们的帐户被暂停，它应该抛出一个异常，如:

The implementation should only return a populated IAuthSession if they're allowed to sign-in, i.e. if their account is suspended it should throw an Exception like:

throw HttpError.Forbidden("User is suspended");

ServiceStack v5 提供对 IUserSessionSource 的支持，现在 MyGet 上提供.请查看 v5 更改升级前.

Support for IUserSessionSource is available from ServiceStack v5 that's now available on MyGet. Please review v5 changes before upgrading.

这篇关于身份验证成功后刷新令牌未定义 ServiceStack的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！