JWT Renewal SignalR WebSocket
suedama1756 opened this issue · 2 comments
Is your feature request related to a problem? Please describe.
I'm trying to to integration JWT Renewal into SignalR over websockets. I know how to perform the initial authentication and this is working great, however, I need access to renewed tokens to invoke downstream services that provide authorization data used to filter data being streamed to the client.
Describe the solution you'd like
Although I can send a new token to the hub using a separate method call, the principal will still be set based on the original token and will expire. It's not clear from the documentation whether this expiration will cause the connection to be dropped or whether it will continue with the expired principal. What I need is a way to update the principal in the ConnectionContext associated with the hub. If this is possible with current functionality can the documentation be updated please.
Additional context
I have tried calling context.authenticateAsync in a separate call on the hub to renew my token however this is ignored as AuthenticationHandler caches the previous response.
We don't currently automatically terminate the connection when the token expires. #5283 is a discussion on that, including a workaround you can use.
As for renewing the token mid-connection. This is something we're investigating but it's challenging right now due to the layering since SignalR doesn't know anything about the token, it's at the HTTP layer. All SignalR knows about is the principal and the only operation it can perform is to terminate the connection.
#5297 is also tracking work on renewal of auth tokens. I think closing this in lieu of that one makes sense.