We just started seeing this exception trace in our production code. (v.5.4.0)
nSystem.ArgumentOutOfRangeException: Index and length must refer to a location within the string.\r\nParameter name: length\r\n at System.String.Substring(Int32 startIndex, Int32 length)\r\n at ServiceStack.Auth.JwtAuthProviderReader.GetKeyId(IRequest req)\r\n at ServiceStack.Auth.JwtAuthProvider.CreateJwtBearerToken(IRequest req, IAuthSession session, IEnumerable`1 roles, IEnumerable`1 perms)\r\n at ServiceStack.Auth.JwtAuthProvider.Execute(AuthFilterContext authContext)\r\n at ServiceStack.Auth.AuthenticateService.Post(Authenticate request)\r\n
which is the top of the stack trace of code that calls
AuthenticateService.Post(), something like this:
var authenticateService = this.Container.Resolve<AuthenticateService>();
authenticateService.Request = request;
var response = authenticateService.Post(new Authenticate()
provider = "credentials",
UserName = username,
Password = password,
RememberMe = new bool?(rememberMe),
UseTokenCookie = new bool?(true)
}) as HttpResult;
// extract value of the 'ss-tok' cookie from response
Which we use to create a session for the user, and get the session cookie.
The line of code that actually throws the error (we think) is: https://github.com/ServiceStack/ServiceStack/blob/c97248d56144b745da798e9690cdd3afd10947df/src/ServiceStack/Auth/JwtAuthProviderReader.cs#L372 or maybe line 377.
Do you know what could be causing this exception for us at this point in time?
Clearly something has changed in time, but we are not sure what this code indicates may have changed? Any ideas?
It's trying to fetch the first 3 Base64 chars from your AuthKey if it exists, it gets the AuthKey from your AppHost's
GetRuntimeConfig(IRequest, nameof(AuthKey), AuthKey) which if you don't want to override it at runtime should return the
AuthKey passed in.
To get that exception you would have to return an Invalid AuthKey that's not
null but less than 3 chars when base64 serialized - which would be an invalid key.
We just found out a merge had lost that key in config.
sorry. Ill delete this post
Don't delete posts, if others run into this issue it will help provide pointers on what things to look at to resolve it.