How to populate refreshtoken?

I’m using Servicestack 5.1.0 with custom authentication. Due to a client request I had to add support for tokens They will be using PHP to access the API).

Configuration is done using the follwing code on the server:
Plugins.Add((new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[]
new MyXPOCredentialsAuthProvider() {Provider = “XAF”},
new JwtAuthProvider(AppSettings) { AuthKey = AesUtils.CreateKey(), RequireSecureConnection = false, ExpireTokensIn = new TimeSpan(0,0,1,0,0) }
){IncludeAssignRoleServices = false,}));

When I authenticate using for example http://localhost:51357/authenticate?username=admin&password=geheim or using a C# client everything works OK except there is no RefreshToken. Example response:

“SessionId”: “0opJo8d67Bpw0yKHswmF”,
“UserName”: “admin”,
“DisplayName”: “”,
“BearerToken”: “eyJ0eXAiOiJKV1…3Pb6bUypLMTyOHE0fSU”,
“ResponseStatus”: {}
I looked everywhere but I couldn’t find a way to force the RefreshToken to be populated. What am I doing wrong?

By the way, I’m somewhat surprised the SessionId is still populated. I would expect either the BearerToken or the SessionId to be filled, not both.


Please see docs on Refresh Tokens, refresh tokens need to use a UserAurh Repository or if you’re not using one you need to implement IUserSessionSource.

Thanks, that solved it.