I am building a ServiceStack service that receives request from an Angular SPA.
The ServiceStack service depends on a third-party authenticated service that supports
oAuth2 access token and refresh token when username/password is provided.
I get these tokens by POSTing to https://api.third-party.com/auth/token a JSON payload that contains grant_type=password, userid, password, client_id and client-secret from ServiceStack API.
I would like to hold on to these tokens and automatically get new access token from refresh token when invoking this third-party API.
How can I use this service from my ServiceStack service such that users of my SPA can experience uninterrupted use of my ServiceStack service?
Please advice.
If you want to rely on a 3rd Party OAuth Service for Authentication you would need to implement a Custom OAuth Provider for that 3rd Party OAuth Provider. You can find examples of ServiceStack’s OAuth Provider implementations in ServiceStack/Auth.
How you persist their tokens is up to you, you could store them in your own DB upon successful authentication (in your Custom Auth Provider), if you’re using the default Server Sessions you could save them along with your Custom User Session. If you’re using JWT Auth Provider you could save them in the body of the JWT payload.