成功验证ServiceStack后,RefreshToken未定义

时间:2017-11-21 00:35:54

标签: typescript servicestack

  • ServiceStack 5.0版
  • ServiceStack Typescript客户端版本0.0.40

以下代码调用我的Auth微服务并成功验证用户并返回持有者令牌:

var request = new Authenticate();
request.provider = "credentials";
request.userName = userName;
request.password = password;
request.useTokenCookie = true;

this.client.post(request)
.then(res => {
    if (res.bearerToken != null) {
    console.log('auth success', res);
    console.log('auth refresh token', res.refreshToken);
    resolve(true);
    }
    resolve(false);
}, msg => {
    console.log('log in failed');
    reject(msg);
})

问题是我的Auth微服务没有刷新令牌返回:

enter image description here

我的Auth微服务配置:

Plugins.Add(new AuthFeature(() => new CustomUserSession(),
    new IAuthProvider[] {
        new JwtAuthProvider
        {
            HashAlgorithm = AuthSettings.HashAlgorithm,
            RequireSecureConnection = requireSecureConnection,
            AuthKeyBase64 = AuthSettings.JwtAuthKeyBase64,
            ExpireTokensIn        = TimeSpan.FromHours(_configuration["AuthSettings:ExpireTokensIn"].ToDouble()),
            ExpireRefreshTokensIn = TimeSpan.FromHours(_configuration["AuthSettings:ExpireRefreshTokensIn"].ToDouble()),
            CreatePayloadFilter = (payload,session) => {
                    payload["zipCode"] = ((CustomUserSession)session).ZipCode;
            },
            PopulateSessionFilter = AuthSettings.PopulateSessionFilterImplementation
        },
        new CustomCredentialsAuthProvider((ITsoContext)_serviceProvider.GetService(typeof(ITsoContext))) //HTML Form post of User/Pass
    }));

1 个答案:

答案 0 :(得分:0)

如果您使用自定义AuthProvider覆盖CredentialsAuthProvider,请确保您还setting Authentication was performed

authService.Request.Items[Keywords.DidAuthenticate] = true;

支持JWT RefreshTokens requires a registered AuthRepository

如果您使用的是不带IAuthRepository的自定义AuthProvider,我刚刚添加了对实现IUserSessionSource的支持,作为在新JWT令牌中填充Sessions的替代来源,您可以通过注册来使用它在您的IOC中或让您的Custom AuthProvider实现:

public interface IUserSessionSource
{
    IAuthSession GetUserSession(string userAuthId);
}

如果允许登录,则实施应该仅返回已填充的IAuthSession,即如果他们的帐户被暂停,则应该抛出以下异常:

throw HttpError.Forbidden("User is suspended");

现在available on MyGet可以从ServiceStack v5获得对IUserSessionSource的支持。升级前请review v5 changes

相关问题
最新问题