I have an auth server, and a service along with a client that auths against the auth server, gets a token and a refresh token, and then connects to the service with signalR.
It monitors for the auth token expiry and automatically refreshes the token.
Then on the signalR, we watch for a 401 error, and then reconnect which we have verified sends the new auth token.
In the logs, we see that the introspection request is kicked off and returns a successful response with the token being active.
However, when we intercept the Authorization process the Principle.Identity shows that it isn't authenticated indicating that the introspection didn't inject the identity that it retrieved.
We've copied the OpenIddict example exactly with interospection enabled like this:
var openIddictBuilder = services.AddOpenIddict()
.AddValidation(options => {
options.SetIssuer(authenticationSettings.Issuer);
options.AddAudiences(resourceServerSettings.Name);
var encryptionCert = certificateSettings.IdentityEncryption.GetCertificate();
var signingCert = certificateSettings.IdentitySigning.GetCertificate();
options.AddEncryptionCertificate(encryptionCert);
options.AddEncryptionKey(new X509SecurityKey(signingCert));
options.UseDataProtection();
options.UseIntrospection()
.SetClientId(PltfrmdConstants.API_CLIENT_ID)
.SetClientSecret(PltfrmdConstants.API_CLIENT_SECRET);
options.UseSystemNetHttp();
options.UseAspNetCore();
});
And we have UseAuthorization then UseAuthentication in that order.
On the initial login, all is well with the initial auth token, but then after the token is refreshed, even though we can see the new token is being used and the introspection is successful, we still get a 401 and there is no Authenticated User.
What am I missing?