It looks like ServiceStack only accepts session-based authentication. I was reading through https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization and I couldn't find anything describing how to do what I want.
I also looked at http://enehana.nohea.com/general/customizing-iauthprovider-for-servicestack-net-step-by-step/ but that also is session-based.
What I would like to do, is very similar to how WebAPI works with Individual User Accounts.
I want to send this to the API:
POST http://localhost:49436/Token HTTP/1.1
User-Agent: Fiddler
Host: localhost:49436
Content-Type: application/x-www-form-urlencoded
Content-Length: 55
grant_type=password&username=Alice&password=password123
Then, if the user is found in my custom authentication method, it returns this:
{
"access_token":"boQtj0SCGz2GFGz[...]",
"token_type":"bearer",
"expires_in":1209599,
"userName":"Alice",
".issued":"Mon, 14 Oct 2013 06:53:32 GMT",
".expires":"Mon, 28 Oct 2013 06:53:32 GMT"
}
Then, the client app can just send the access_token on subsequent requests by appending a value like this to the HTTP request:
Authorization: Bearer boQtj0SCGz2GFGz[...]
Is this possible in ServiceStack?
Edit: Implementation using .NET's WebAPI: http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
