ServiceStack JWT Refresh token uses Session identifier when used with OAuth AuthProvider

The ServiceStack ‎JwtAuthProvider creates a Refresh token whose subject claim ("sub") is set to a session identifier rather than a user auth identifier, when using an OAuth provider because of this line in JwtAuthProvider.cs:

var refreshToken = CreateJwtRefreshToken(authContext.Request, authContext.Session.Id, ExpireRefreshTokensIn);

Is there a way to map from the session identifier to the user auth identifier, as this is the identifier which is passed to our implementation of IUserSessionSourceAsync.GetUserSessionAsync where we need to rehydrate the user's session?

Solution

This looks like a bug that's now fixed in this commit.

This change is available from v8.3.1 that's now available in ServiceStack's Pre Release Packages

Unable to login to GitHub account even with correct credentials
10 second delay between login and shell prompt.
django after submit login info, does not lead to intended detail view page
Cypress can't find the password field in the Microsoft Login
Where is correct place to authenticate users from multiple places?
symfony - getting logged out at form->handleRequest
Laravel auth vs Passport vs Sanctum
Hit web endpoints behind Devise authentication with non-browser request in a Rails app
HERE Geocoder API: authentication problem
Cookie LoginPath not redirecting to path
why my postman basic auth not working correctly?
Cypress test starts from the begining for every test case
Auth.js v5 Database Session Strategy for Credential Provider Returning Null
NET MAUI unable to implement social login for Android and iOS
Proper design for th Keycloak auth with APIs and UI
AuthenticationFailed while calling azure api
Django OAuth2 Authentication Failing in Unit Tests - 401 'invalid_client' Error
ServiceStack JWT Refresh token uses Session identifier when used with OAuth AuthProvider
No route matches [GET] "/users/sign_out"
Sourcing R files in a private github folder
Credentials do not work for "docker login"
Google Authenticator available as a public service?
How to handle client card/pfx authentication certificate popup in Playwright
Logging into SAML/Shibboleth authenticated server using python
Where do you store your salt strings?
How can I prevent the accessibility of a react component once the user has been logged out of the private route in react?
How to configure Angular 18 Zone.js accepting Supabase promise?
NextJS14 Static Site Generation (SSG) and Authentication using Clerk
Get Current User ID from Mysql in php
Exchanging azure AD token with Identity server token