The ServiceStack JwtAuthProvider creates a Refresh token whose subject claim ("sub") is set to a session identifier rather than a user auth identifier, when using an OAuth provider because of this line in JwtAuthProvider.cs:
var refreshToken = CreateJwtRefreshToken(authContext.Request, authContext.Session.Id, ExpireRefreshTokensIn);
Is there a way to map from the session identifier to the user auth identifier, as this is the identifier which is passed to our implementation of IUserSessionSourceAsync.GetUserSessionAsync where we need to rehydrate the user's session?
This looks like a bug that's now fixed in this commit.
This change is available from v8.3.1 that's now available in ServiceStack's Pre Release Packages