I have an endpoint that does not require authentication but if the user has “logged in” (using a bearer token) I want to still get the user id.
Doing:
public object Post(FooRequest request)
{
var session = Request.GetSession();
var id = session.UserAuthId.ConvertTo<int>();
....
}
Doesn’t return back the UserId.
Can you confirm that a JWT Bearer Token sent with the request? How is it sent? e.g. via Cookie / HTTP Header?
and does the IRequest.GetJwtToken() API return the token?
var jwt = Request.GetJwtToken();
Can you paste the JWT in https://jwt.io and check that the “sub” is populated with the Users Id?
mythz - thanks so much for the response. This was total pilot error on my part as I was testing through Swagger / OpenAPI.
For completeness, if anyone runs into the same issue whilst testing with OpenApi, read the docs
In short, you have to prefix the jwt with "Bearer " when setting authorization:
Bearer ey........
or setup the OpenApi plugin as follows:
Plugins.Add(new OpenApiFeature
{
UseBearerSecurity = true,
});
which will add the “Bearer” prefix for you.