I intend to use 2 ServiceStack's auth providers: one custom provider based on CredentialsAuthProvider called remotecreds and the built-in JwtAuthProvider. My AppHost registration code looks like this

appHost.Plugins.Add(new AuthFeature(() => new UserSession(),
                new IAuthProvider[]
                    new JwtAuthProvider(AppSettings)
                        RequireSecureConnection = false,
                        HashAlgorithm = "RS256",
                        PublicKeyXml = publicKeyXml,
                        Audiences = new List<string> { $"{AppSettings.GetDictionary("Auth")["Url"]}/resources" },
                        PopulateSessionFilter = PopulateSessionFilter
                    new RemoteCredentialsAuthProvider(AppSettings)
                        PopulateSessionFilter = PopulateSessionFilter                  


When I authenticate with the custom auth provider (POST /auth/remotecreds), ServiceStack returns the following error although the auth provider's code has been executed correctly

    "responseStatus": {
        "errorCode": "NotSupportedException",
        "message": "PrivateKey required to use: RS256",
        "stackTrace": "[Authenticate: 25/04/2019 9:59:25 AM]:\n[REQUEST: {provider:remotecreds,userName:admin,password:Pa$$word123}]\nSystem.NotSupportedException: PrivateKey required to use: RS256\r\n   at ServiceStack.Auth.JwtAuthProvider.GetHashAlgorithm(IRequest req) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\JwtAuthProvider.cs:line 87\r\n   at ServiceStack.Auth.JwtAuthProvider.CreateJwtBearerToken(IRequest req, IAuthSession session, IEnumerable`1 roles, IEnumerable`1 perms) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\JwtAuthProvider.cs:line 118\r\n   at ServiceStack.Auth.JwtAuthProvider.Execute(AuthFilterContext authContext) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\JwtAuthProvider.cs:line 57\r\n   at ServiceStack.Auth.AuthenticateService.Post(Authenticate request) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Auth\\AuthenticateService.cs:line 253\r\n   at ServiceStack.Host.ServiceRunner`1.ExecuteAsync(IRequest req, Object instance, TRequest requestDto) in C:\\BuildAgent\\work\\3481147c480f4a2f\\src\\ServiceStack\\Host\\ServiceRunner.cs:line 133",
        "errors": []

If I comment out the JwtAuthProvider registration in AppHost, the same call above succeeds.

So here I'm confused why ServiceStack invokes JwtAuthProvider while I clearly authenticated against my custom auth provider.

1 Answers

mythz On Best Solutions

The issue is that your JwtAuthProvider is misconfigured, if you want to use an RSA* hash algorithm it needs to be configured with the private key:

new JwtAuthProvider(AppSettings) { 
    HashAlgorithm = "RS256",
    PrivateKeyXml = AppSettings.GetString("PrivateKeyXml") 

It would still be trying to authenticate with your Custom AuthProvider but if you have the JwtAuthProvider registered it will be trying to populate the AuthenticateResponse with the JWT token in BearerToken, so when users authenticate against your Auth Provider, e.g:

var clientnew JsonServiceClient(baseUrl);

var authResponse = client.Post(new Authenticate {
    provider = "remotecreds",
    UserName = username,
    Password = password,
    RememberMe = true,

They will have access to the JWT Token populated in:

var jwt = authResponse.BearerToken;

So if it's properly configured it will return a populated JWT Token in BearerToken or if you remove your JwtAuthProvider it wont attempt to populate it.