OnAuthenticated for custom auth not getting hit

We’re using a completely custom authentication in SS. The user can authenticate fine but the OnAuthenticated method in the custom auth provider never gets hit. Just trying to get session management into SS so I can access the user making the request. Unsure what I’m missing:

// CustomCredentialsAuthProvider.cs
 public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
                var authRepo = authService.TryResolve<IAuthRepository>().AsUserAuthRepository(authService.GetResolver());

            IUserAuth user;
            if (authRepo.TryAuthenticate(userName, password, out user))
                return true;

            return false;

public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
            //Call base method to Save Session and fire Auth/Session callbacks:
            return base.OnAuthenticated(authService, session, tokens, authInfo);

            //Alternatively avoid built-in behavior and explicitly save session with
            //authService.SaveSession(session, SessionExpiry);
            //return null;

If you’re inheriting from CredentialsAuthProvider then OnAuthenticated() should be called when TryAuthenticate() returns true. Is TryAuthenticate returning true?

yes TryAuthenticate is returning true. The actual authentication works fine - a session is generated, credentials are validated, and the user is logged in. But OnAuthenticated never gets called.

In the link above you’ll see where the CredentialsAuthProvider calls OnAuthenticated() right after calling TryAuthenticate():

    protected object Authenticate(IServiceBase authService, IAuthSession session, string userName, string password, string referrerUrl)
        if (!LoginMatchesSession(session, userName))
            session = authService.GetSession();

        if (TryAuthenticate(authService, userName, password))
            session.IsAuthenticated = true;

            if (session.UserAuthName == null)
                session.UserAuthName = userName;

            var response = OnAuthenticated(authService, session, null, null);
            if (response != null)
                return response;

            return new AuthenticateResponse
                UserId = session.UserAuthId,
                UserName = userName,
                SessionId = session.Id,
                ReferrerUrl = referrerUrl

        throw HttpError.Unauthorized(ErrorMessages.InvalidUsernameOrPassword);

If you haven’t overridden Authenticate() as well then it should be called immediately after TryAuthenticate(), if you have overridden it then you’ll need to call it explicitly as seen above.