Roles/Permissions not returned from Authenticate but included in JWT

I’m using the basic CredentialsAuthProvider:

            appHost.Plugins.Add(new AuthFeature(() => new CustomUserSession(),
                new IAuthProvider[] {
                    new CredentialsAuthProvider(appSettings),     
                    new JwtAuthProvider(appSettings) {
                        AuthKey = AesUtils.CreateKey(),
                        UseTokenCookie = false     
                IncludeDefaultLogin = false, IncludeRolesInAuthenticateResponse = true

The CustomUserSession is for future:

public class CustomUserSession : AuthUserSession

However I have a custom auth repo:

public class ArangoDbAuthRepository : IUserAuthRepositoryAsync, IClearable, IManageRolesAsync, IManageRoles

for which I have implemented the interfaces.
The IManageRoles was added later as a part of debugging, but haven’t changed anything (for better or worse),

This is setup like normal in the Configure.AuthRepository file:

services.AddSingleton<IManageRolesAsync>(userRepo);     // for CredentialsAuthProvider to fetch roles from here (inspeced the source)

The strange thing is that in the response from Authenticate, the JWT does contain the roles. So my Auth Repo must be fetching these.

But the session does not have them, and neither does the response body.

The session will only have them if they’re blobbed with the user (i.e. not using IManageRolesAsync), otherwise they can be fetched with:

var roles = await session.GetRolesAsync(AuthRepositoryAsync);

However they should be returned in AuthenticateResponse unless IncludeRolesInAuthenticateResponse=false (it’s enabled by default).

The other requirement is that session.UserAuthId contains the user Id.

Otherwise I’m not sure why it’s not being returned in AuthenticateResponse, I’d recommend debugging AuthenticateService and putting a breakpoint on:

Thanks, I’m 100% sure I’ve got a bug somewhere.

Are you saying that I should only need to implement IAuthRepository, and not IManageRoles?

If the roles are blobbed with the User than you shouldn’t implement IManageRoles/Async in your custom Auth Provider, it’s only required if you want to manage User Roles in a separate table.

1 Like

Thanks, it seems to be working now. I think I had an error with the Id in the UserAuth table. The Id for the first user was 0 which seems to not be allowed.

1 Like