JWT cookie behavior change from 6.5.1 to 6.7

bgiromini · March 16, 2023, 4:56pm

Blazer Server app, dotnet 7, SS 6.7, I have cleared all nuget caches, deleted all obj/bin folders, cleaned and build the solution.

In 6.5.1, I can call the following code to create a session, I made this change based on previous issues with session having issues with Blazor:

var session = (CustomUserSession)JwtAuthProviderReader.CreateSessionFromJwt(base.Request);

However in 6.7, the following error occurs:

  System.ArgumentNullException: Value cannot be null. (Parameter 'jwt')
     at ServiceStack.Auth.JwtAuthProviderReader.ConvertJwtToSession(IRequest req, String jwt) in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Auth/JwtAuthProviderReader.cs:line 832
     at ServiceStack.Auth.JwtAuthProviderReader.CreateSessionFromJwt(IRequest req) in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Auth/JwtAuthProviderReader.cs:line 867
     at CRM.ServiceInterface.GraphServices.<>c__DisplayClass11_0.<<Any>b__0>d.MoveNext() in /***MY CUSTOM CODE***/GraphServices.cs:line 114

I do notice in the base.Request that no cookies are provided. I cleared cookies, relogged in no change.

I tried adding [Authenticate] to the service method, but I just get a 401 error now.

My code is configured to use UseInProcessClient for all requests.

mythz · March 17, 2023, 2:21am

This error is due to trying to create a session from a JWT which doesn’t exist on the IRequest.

Request.GetJwtToken() should return the JWT attached to the request, which the Exception indicates doesn’t exist as it’s returning null instead.

The last significant change made to Blazor Auth was in v6.5 to support Unified Authentication, in which case you may want to compare your project with the blazor-server or blazor-wasm default configuration.

Although if you’ve upgraded from v6.5.1 you would’ve already been using these changes.

bgiromini · March 20, 2023, 2:24pm

I downloaded the Blazor Server zip file from https://blazor-gallery.servicestack.net/.
Opened the solution in Rider, edited the appsettings to include my employer’s microsoft graph settings, run migration and run the program.
Log into the app using my credentials, attempt to save a new booking, and I get this error:

This mimics the error i see with my main solution with 6.7, all my Autoquery CRUD operations fail because the sessions are null, so I get errors with the Createby column that do not happen in 6.5/6.5.1.

layoric · March 21, 2023, 1:29am

Hi @bgiromini,

I’ve tried to reproduce this error without success. Can you show me what you see when you login to your application on the Locode profile page with your MS graph authentication already setup? You should see related roles which come from your application.

Could you confirm you are trying these steps with a clean/in private browser session?

Also, any details on your Azure configuration regarding Enterprise application role assignment and setup vs what you see in your JWT cookie might also be useful. Eg, by using x inspect-jwt to make sure what you are seeing matches what you expect. Let us know what roles you see in there as well. The blazor-server example will require specific roles to create a booking, possibly some kind of role inconsistency might be happening, info above will help isolate specific error you are seeing and how we might be able to replicate the problem to find the root cause.

mythz · March 21, 2023, 11:29am

Thanks, I was able to repro an issue from an empty project template which should hopefully be resolved from the latest v6.7.1+ that’s now available on MyGet.