Hi
I have a situation where based upon settings of the AuthUser, I want to return a different JWT Token and NO refresh token.
I already have a custom implementation of CredentialsAuthProvider - do I need a custom JwtAuthProvider as well in the flow, and how to change for a specific user (based upon criteria) to return or not return a refresh token, and another (validity) of a JWT Token?
Thanks.
Likely the easiest solution is to look for the AuthenticateResponse in a Global ResponseFilter then modify the result that’s returned, something like:
GlobalResponseFilters.Add((req, res, apiResponse) => {
if (apiResponse is HttpResult httpRes &&
httpRes.Response is AuthenticateResponse authRes)
{
// Replace the HttpResult E.g.
// httpRes.Cookies.Clear();
}
});
Otherwise preventing the existing behavior is a bit tricky as you’ll need to override the AuthFeature.AuthResponseDecorator with your own impl
Which would look something like:
public class CustomCredentialsAuthProvider : CredentialsAuthProvider
{
public override void Register(IAppHost appHost, AuthFeature feature)
{
base.Register(appHost, feature);
var hold = feature.AuthResponseDecorator;
feature.AuthResponseDecorator = authCtx => {
if (authCtx.Session.UserName == "...")
{
//...
}
return hold?.Invoke(authCtx) ?? authCtx.AuthResponse;
};
}
}
Note: Your custom Auth Provider would need to be registered after JwtAuthProvider to ensure your Register() is run after JWT’s
Thanks for the tip. The GlobalResponseFilters did the job!