jwtcouchbaseopenidcouchbase-litecouchbase-sync-gateway

openid implicit flow authorized user cant pull from syncgateway couchbase


Hi everybody I use openid implisit flow in this document https://docs.couchbase.com/sync-gateway/current/authentication.html#implicit-flow for authorization of my user and syncgateway get me this response

 {
    "authentication_handlers": [
        "default",
        "cookie"
    ],
    "ok": true,
    "userCtx": {
        "channels": {
            "!": 1
        },
        "name": "staging-dialysiscloud.icdgroup.org%2Fids_00000000-0000-0000-0000-100000000000"
    }
}

what does "1" means in front of "!" and how can i access to other channels I dont want my user limit to using from public channel .what should I add to jwt token or sync config file ? I can push to my bucket but I cant pull data from it by this sessionId too


Solution

  • The value 1 represents the sequence mapped to the public channel (i.e., the sequence value when the channel was added). The public channel is automatically created when Sync Gateway starts. OpenID Connect authentication is successful in your case, but the user has access only to the public channel. You can grant the user/role access to a specific set of channels or the * channel through the admin REST API, the configuration file or via the Sync Function when a document is updated.

    To grant the user access to a specific set of channels via Admin REST API, issue something the like below command from your terminal where Sync Gateway is running:

    http --verbose PUT http://localhost:4985/default/_user/alice admin_channels:='["channel-1", "channel-2"]'
    

    This will grant user alice access to channel-1 and channel-2.

    If you want the user to access all documents in the database, you can grant user access to the * channel. For instance, the below command will grant the user bob access to the * channel and he will be able to access all documents in the database.

    http --verbose PUT http://localhost:4985/default/_user/bob admin_channels:='["*"]'
    

    You might want to change the username bob with your username, i.e., staging-dialysiscloud.icdgroup.org%2Fids_00000000-0000-0000-0000-100000000000.

    Note: You need to have httpie installed to run http commands from terminal. If you don’t have it already and you're using Mac OS X, just issue brew install httpie.

    If you would like to read more about Access Control and Sync Gateway Channels here is a nice documentation.