Not getting BearerToken in Ajax response

Hi, I am trying implement JWT. And I can get successful BearerToken in Swagger-UI but while trying with Ajax query I am not getting them.

Here is my request - response
For Swagger
request

{
  "provider": "credentials",
  "State": "string",
  "oauth_token": "string",
  "oauth_verifier": "string",
  "UserName": "Kunjan",
  "Password": "password",
  "RememberMe": false,
  "Continue": "string",
  "nonce": "string",
  "uri": "string",
  "response": "string",
  "qop": "string",
  "nc": "string",
  "cnonce": "string",
  "UseTokenCookie": true,
  "AccessToken": "string",
  "AccessTokenSecret": "string",
  "Meta": {}
}

and response

{
  "UserId": "1",
  "SessionId": "uF4RkNMH793wBeMOifdb",
  "UserName": "Kunjan",
  "DisplayName": "Kunjan",
  "ReferrerUrl": "string",
  "BearerToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6ImQ2NiJ9.eyJzdWIiOjEsImlhdCI6MTQ5NTUwODkxMywiZXhwIjoxNDk2NzE4NTEzLCJnaXZlbl9uYW1lIjoiS3VuamFuIiwiZmFtaWx5X25hbWUiOiJEYWxhbCIsIm5hbWUiOiJLdW5qYW4iLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJLdW5qYW4iLCJyb2xlcyI6WyJBZG1pbiJdfQ.YniGmrf7F2SYhm0tBZW-4vHzjuem-pk7PKmWC-hLswI",
  "RefreshToken": "eyJ0eXAiOiJKV1RSIiwiYWxnIjoiSFMyNTYiLCJraWQiOiJkNjYifQ.eyJzdWIiOjEsImlhdCI6MTQ5NTUwODkxMywiZXhwIjoxNTI3MDQ0OTEzfQ.Sqq9o9oHL4zSycsvCTwVZ4hFubxCUOo3DFSjXM-Ntbg",
  "ResponseStatus": {}
}

Now for Ajax
similar request

{
  "provider@": "credentials",
  "State@": null,
  "oauth_token@": null,
  "oauth_verifier@": null,
  "UserName@": "Kunjan",
  "Password@": "password",
  "RememberMe@": false,
  "Continue@": null,
  "nonce@": null,
  "uri@": null,
  "response@": null,
  "qop@": null,
  "nc@": null,
  "cnonce@": null,
  "UseTokenCookie@": true,
  "AccessToken@": null,
  "AccessTokenSecret@": null,
  "Meta@": null
}

I m getting response as below

{
  "UserId": "1",
  "SessionId": "V8wCKxOooCwLsQ1cn2jp",
  "DisplayName": "Kunjan",
  "ReferrerUrl": "http://localhost:8080/",
  "ResponseStatus": {}
}

So, here are two questions

  1. As I am getting sessionId in both response does that mean that session is cached on server ?
  2. While doing Ajax query why I am not getting token as I am getting it while using swagger-ui?

Server and client (webpack-dev) are on different domain. I have allowed CORS for that domain so all other requests (GET, POST, PUT, DELETE) are working with server.

You should check that you post exactly the same data (headers/cookies/post data) with Swagger UI and from Ajax request. To see the data you are sending to the server you can use Wireshark or Fiddler. For example I noticed that in your Ajax request you add the @ sign at the end of each property and this can be the cause of the issue, but you also should check other fields that they are the same in the both cases.

provider@” : “credentials”

thanks @xplicit I ll have a look. Basically I am using Servicestack-client so all magic happens there. Btw ajax call is returning success with correct display name and userId. So, query is going through correctly. But you seems to be pointing in right direction. I ll check the headers.

Update1

Here here is request header that is going in while doing ajax request

POST /json/reply/Authenticate HTTP/1.1
Host: bar.foo
Connection: keep-alive
Content-Length: 328
Origin: http://localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
content-type: application/json
Accept: */*
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: ss-id=uF4RkNMH793wBeMOifdb; ss-pid=D2OkeDnJax0jjF30uTts; ss-opt=temp; X-UAId=1; ss-tok=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6ImQ2NiJ9.eyJzdWIiOjEsImlhdCI6MTQ5NTUwODkxMywiZXhwIjoxNDk2NzE4NTEzLCJnaXZlbl9uYW1lIjoiS3VuamFuIiwiZmFtaWx5X25hbWUiOiJEYWxhbCIsIm5hbWUiOiJLdW5qYW4iLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJLdW5qYW4iLCJyb2xlcyI6WyJBZG1pbiJdfQ.YniGmrf7F2SYhm0tBZW-4vHzjuem-pk7PKmWC-hLswI

There is long cookie going in. While for Swagger it is curl request as below

curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' -d '{ \ 
   "provider": "credentials", \ 
   "State": "string", \ 
   "oauth_token": "string", \ 
   "oauth_verifier": "string", \ 
   "UserName": "Kunjan", \ 
   "Password": "password", \ 
   "RememberMe": false, \ 
   "Continue": "string", \ 
   "nonce": "string", \ 
   "uri": "string", \ 
   "response": "string", \ 
   "qop": "string", \ 
   "nc": "string", \ 
   "cnonce": "string", \ 
   "UseTokenCookie": true, \ 
   "AccessToken": "string", \ 
   "AccessTokenSecret": "string", \ 
   "Meta": {} \ 
 }' 'http://bar.foo/authenticate'

@xplicit hey, I have also updated the data that is getting post but sadly same result. No token.

Now here is the request json that is going over the wire

{
    "provider": null,
    "State": null,
    "oauth_token": null,
    "oauth_verifier": null,
    "UserName": "Kunjan",
    "Password": "password",
    "RememberMe": false,
    "Continue": null,
    "nonce": null,
    "uri": null,
    "response": null,
    "qop": null,
    "nc": null,
    "cnonce": null,
    "UseTokenCookie": true,
    "AccessToken": null,
    "AccessTokenSecret": null,
    "Meta": null
 }

Please have a look. Because I can’t find it that which part is giving issue. It has to be some silly small but I am unable to figuring it out.

provider should be “credentials”.

Hey @mythz . It worked. It was not working with @ thingy. but It is pretty much working now. Thanks a lot. Please don’t mind me asking what’s that sessionId for ? Is it still saving session on server or all moved to JWT - (session less) ?

If the Request is sent with UseTokenCookie the Users Session is removed from the Caching Provider and the Users Authenticated Session is contained solely in the JWT Cookie.

Thanks @mythz. Btw I successfully tried Servicestack Client with http://fable.io/ and https://fable-elmish.github.io/ . Not only it works like charm but it also right fit into it. Blog post coming soon. :smile:

1 Like

Great! looking forward to it :slight_smile: