Unable to get HTTP Token Cookie with in process authentication

jhf · August 26, 2022, 11:13am

I have an endpoint where the user can confirm the email address.
This endpoint also logs the user in.
After switching to ServiceStack 6.* the new UseTokenCookie = true changes such that BearerToken is no longer returned, when I do a nested call to authenticate:

var authService = ResolveService<AuthenticateService>();
var authRequest = new Authenticate
{
    provider = AuthenticateService.CredentialsProvider,
    UserName = user.MobilePhone,
};
var httpResult = await authService.PostAsync(authRequest);
var authResponse = httpResult.GetResponseDto() as AuthenticateResponse;

However when returning a result, I wish to pass on any cookies set by the internal authentication. When inspecting, there doesn’t appear to be any cookies set by authService.PostAsync(authRequest).
After looking at the source code of AuthenticateService I do notice that the ExecuteAsync method of JwtAuthProvider is called when there is in process authentication.
When there is regular direct authentication the ResultFilterAsync is called.

Is this a bug?
Or is there a way to call SuccessAuthResultAsync from AuthFeature using the httpResult of the authentication to solve this?

mythz · August 26, 2022, 1:06pm

There was a guard against in process requests removing sessions that was preventing cookies from being populated which should be resolved from this commit which is now available in the latest v6.2.1+ that’s now available on MyGet.

Or for your current version you should be able to populate it with something like:

var jwtAuth = AuthenticateService.GetJwtAuthProvider();
var httpResult = authResponse.ToTokenCookiesHttpResult(base.Request,
    Keywords.TokenCookie,
    DateTime.UtcNow.Add(jwtAuth.ExpireTokensIn),
    Keywords.RefreshTokenCookie,
    DateTime.UtcNow.Add(jwtAuth.ExpireRefreshTokensIn),
    null);