JwtAuthProviderReader MultiTenancy

jezzsantos · November 11, 2017, 9:23pm

We currently use the JwtAuthProvider as a custom IAuthProvider in the AuthFeature, that we of course register once in the AppHost.

The JwtAuthProvider is currently fed a AuthKeyBase64 value from a setting in IAppSettings on registration.

appHost.Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[]
            {
                new JwtAuthProvider(appSettings)
                {
                    RequireSecureConnection = true,
                    AuthKeyBase64 =  appSettings.GetString("JwtAuthNKeySetting"),
                },
            }));

We now want to make this service multi-tenanted, which means we are going to have a different value of AuthKeyBase64 for each tenant, and therefore different for every request.

Are there any suitable approaches in ServiceStack to re-read the AuthKeyBase64 value from configuration every request that comes in?

mythz · November 12, 2017, 3:15am

I’ve modified JWT AuthProvider to allow overriding of Auth Keys per request by overriding GetRuntimeConfig() in your AppHost in this commit where you can override the AuthKey that’s used for the request with something like:

public override T GetRuntimeConfig<T>(IRequest req, string name, T defaultValue)
{
    if (name == nameof(JwtAuthProvider.AuthKey))
    {
        byte[] tenantAuthKey = ...;
        return (T)(object)tenantAuthKey;
    }

    return defaultValue;
}

This change is available from ServiceStack v5 that’s now available on MyGet, please review the v5 changes before upgrading.