ServiceStack ServerEvents authentication configuration

Question

I\'m trying to use JWT authentication with ServiceStack ServerEvents to ensure that all users are authenticated but I can\'t find how to configure server events to do this.

Answer 1

The ServerEventsClient.ServiceClient isn't used for establishing the Server Events connection, only its CookieContainer is shared which will allow you to Authenticate with the ServiceClient to establish an Authenticated Session.

If you're using a JWT AuthProvider you can send it inside a Cookie so it gets sent with client Web Requests. Otherwise you can try adding the JWT Token using the EventStreamRequestFilter which gets executed before establishing the Server Events connection, e.g:

new ServerEventsClient(...) {
    EventStreamRequestFilter = req => req.AddBearerToken(jwt)
}

Alternatively I just added support for ResolveStreamUrl which will let you modify the URL used to establish the Server Events connection which will also allow you to add the JWT Token to the QueryString as seen in the JWT TypeScript ServerEventsClient example:

var sseClient = new ServerEventsClient(BaseUrl, ["*"], {
    resolveStreamUrl: url => appendQueryString(url, { "ss-tok": JWT }),
    handlers: {
        onConnect: e => { 
            console.log(e.isAuthenticated /*true*/, e.userId, e.displayName);
        }
    }
}).start();

The change also lets you modify the EventStreamPath independently from the BaseUri which was previously assumed to be {BaseUrl}/event-stream.

ResolveStreamUrl + EventStreamPath is available from v5.0.3 that's now available on MyGet.

This requires that your JWT AuthProvider to accept JWT Tokens via the QueryString which you can enable in ServiceStack's JWT AuthProvider with:

new JwtAuthProvider {
    AllowInQueryString = true
}