CustomAuthUserSession and custom UserId

I am using the JwtAuthProvider to create tokens when authenticating users.
I then pass that token to backend services to verify and use, but I want the Subject to be a custom generated App ID, not a incremental number.
(I also need to save registered users into a custom database (custom schema)).

It looks like I will need to create my own IAuthRepository to get storing data the data in the form we need in our database.

However, how best to handle the custom UserId?

It is best to generate the custom ID in the CustomAuthUserSession.OnRegister and save it as the AuthUserId in the session? OR is there another way to change the Session.AuthUserId to be what I need it to be, rather than it use the integer of the IAuthUser coming from the IAuthRepository?

What APIs are you using to create the token? It uses IAuthSession.UserAuthId for its sub so you can populate that property with the session you’re creating a JWT of.

I’m using just the standard stuff:

appHost.Plugins.Add(new AuthFeature(() => new CustomAuthUserSession(),
    new IAuthProvider[]
        new JwtAuthProvider
            HashAlgorithm = @"RS256",
            PrivateKeyXml = appHost.AppSettings.GetString(@"JwtPrivateKeyXml"),
            EncryptPayload = false,
            ExpireTokensIn = JwtTokenExpiry,
            ExpireRefreshTokensIn = JwtRefreshTokenExpiry,
            UseTokenCookie = true,
        new CredentialsAuthProvider(appHost.AppSettings)
    IncludeRegistrationService = true

What’s the actual API you’re using to create the JWT?

I’m not using any API, I just let the Authenticate service do it .

Then you should be able to populate the Sessions UserAuthId in your Custom Auth Provider.

OK, cool, so this ought to be the way to make it work then?

    public class CustomAuthUserSession : AuthUserSession
        public override void OnRegistered(IRequest httpReq, IAuthSession session, IServiceBase service)
            base.OnRegistered(httpReq, session, service);

            session.UserAuthId = GenerateMyOwnId();

            var authRepo = service.TryResolve<IAuthRepository>();
            var authUser = authRepo.GetUserAuthByUserName(session.UserName);

            authRepo.AssignRoles(authUser, new List<string>
            }, new List<string>());

Oh! or do you mean make the change in my CustomAuthRepository ?

Yeah it just needs to populate UserAuthId which is what’s used for the JWT’s sub.

OK, I can do that by saving the custom ID in session.Meta and use it in the JWT using CreatePayloadFilter, but what if I want my custom ID to really be the session.UserAuthId for the current service?

Seems that changing it in the CustomAuthUserSession.OnRegistered does work, but does not make it stick! (by the time the user logs in at CustomAuthUserSession.OnAuthenticated the session.UserAuthId is back being an integer again!!

Are you saving the Session after you update it?

Oh! no I wasnt.
(What should I be calling there?)

Calling base.OnAuthenticated* method or SaveSession* APIs see Custom Auth Provider docs.

But I’m not in a custom AuthProvider I’m in a CustomAuthUserSession : AuthUserSession

What, what Auth Provider is populating the User Session?

I simply want to define my own Session.UserAuthId and not use the built in integer value that comes from IAuthUser (it seems). Is it possible? If so, where do I need to extend?

The place to do it would be wherever the session is being populated & saved, which I still don’t know.

Is your CredentialsAuthProvider doing it? So you’re using an Auth Repository? Why would you want to change the sub which is expected to be the UserAuthId? But you can modify the JWT Payload in the CreatePayloadFilter.