Testing JWToken

Stefan · July 10, 2017, 9:38pm

Hi,
I am testing a service (a demo) with basic and jwt provider

           this.Plugins.Add(new AuthFeature(() => new APIAuthUserSession(), new 
          IAuthProvider[]
          {
             new BasicAuthProvider(),
             new APICredentialsAuthProvider(),
               new JwtAuthProvider(AppSettings) {RequireSecureConnection = false, 
                AuthKey = AesUtils.CreateKey(), }

         }));

In service

                public object Any(Hello request)
                 {
                               var session = base.SessionAs<AuthUserSession>();
                               if (session.AuthProvider != JwtAuthProvider.Name)
                            throw HttpError.Unauthorized("Requires JWT Authentication");
                }

I want to exclude access with session from other provider.
I am testing it in ARC client, (chrome extension) . I am calling first the /Auth with Basic auth or credentials, and then I copy paste in the Hello service’s headers in Authorization the Bearer [jwtoken] . But the service’s condition it does not find the the JwtAuthProvider.Name.
The weird is that in morning it worked flawless with the same code. I can’t understand what it changed, I think nothing. Can you give me a direction?
The service during morning and now, it is authenticated but it does not return (now )the jwt auth provider’s name.

mythz · July 10, 2017, 9:57pm

I don’t know what I’m expected to do with this snippet. Have you looked at the HTTP Headers to see if they contain the expected Headers? Where’s the [Authenticate] attribute being called? Does the Session contain what you expect?

I’m also not clear on exactly what the issue is, what state was it before and what is it now?

Stefan · July 10, 2017, 10:31pm

The [Authenticate] is in the service

 [Authenticate]
public class MyServices : Service
{
    public object Any(Hello request)

the headers

         Content-Type: application/json
        Accept: application/json
       Authorization: Bearer  eyJ0eX.....

the response from Auth is

     {
       "UserId": "2",
       "SessionId": "hEOCSoNRoKlo3vBe8anG",
      "UserName": "testuser",
       "DisplayName": "Credentials",
     "BearerToken":      eyJ0eXAiOiJK..",
    "RefreshToken": "eyJ0eXA..",
  "ResponseStatus": {}
  }

in service where I check

         var session = base.SessionAs<AuthUserSession>();
        if (session.AuthProvider != JwtAuthProvider.Name)

the provider is “basic”
But I have tested it in the morning and it returned “jwt”
Is there any way to force the “jwt” ?
otherwise I think it is something with cache…
maybe you can’t help me.

mythz · July 10, 2017, 10:52pm

You can clear the session cookies to force retrieving the token from the JWT token.