Why does my ServiceStack AuthProvider never call Authenticate (), even if IsAuthorized () returns false?

I am writing AuthProvider for ServiceStack to authenticate with our own OAuth2 server and problems with how ServiceStack interacts with my provider.

According to https://groups.google.com/d/msg/servicestack/e3kkh-qRDYs/DF9Y05ibl-MJ

Typically, there are 2 ways to extend, if you want to provide your own OAuth implementation, you should use a subclass of the AuthProvider class (or implement IAuthProvider) and override the Authenticate () method that contains the entire implementation of your service. AuthService now has no real implementation of its own, it just checks the Auth Provider.IsAuthorized () method to see if the user has already been authenticated if he does not call the Authenticate () method. [my emphasis]

Now my full auth provider is as follows:

using System; using ServiceStack.ServiceInterface; using ServiceStack.ServiceInterface.Auth; namespace SpotAuth.ResourceServer.Services { public class SpotlightOAUthProvider : AuthProvider { public override bool IsAuthorized(IAuthSession session, IOAuthTokens tokens, Auth request = null) { return (false); } public override object Authenticate(IServiceBase authService, IAuthSession session, Auth request) { // A breakpoint on this line is never reached; the service just returns Unauthorized. throw new NotImplementedException(); } } } 

Why is the Authenticate method never called? The post linked above is almost a year ago, but I cannot find anything suggesting that this behavior be obsolete.