1

I'm setting up sync-gateway with Auth0.

My config is: { "interface":":4984", "log": ["*"], "databases": { "graps": { "username": "sync_gateway", "password": "sync_gateway", "num_index_replicas": 0, "server": "http://couchbase_server:8091", "bucket": "test_bucket", "enable_shared_bucket_access": true, "import_docs": "continuous", "oidc": { "providers": { "Auth0": { "issuer": "https://my_tenant.eu.auth0.com", "client_id": "secret_client_id", "validation_key": "long_validation_key", "register": true } } }, "import_filter": function(doc) { if (doc.type != "mobile") { return false } return true }, "sync": function (doc, oldDoc) { if (doc.sdk) { channel(doc.sdk); } } } } }

My curl request: curl -vX POST -H 'Content-Type: application/json' http://sync_geteway_server:4984/graps/_session --header 'Authorization: Bearer AUTH0_JWT_TOKEN' -d '{"name": "test","ttl":0}'

And sync logs: 2018-12-24T13:05:12.727Z [INF] HTTP: #001: POST /graps/_session 2018-12-24T13:05:12.727Z [INF] HTTP: #001: --> 401 Invalid login (0.4 ms)

So, my question: what's wrong? Why sync does not perceive JWT token as oauth session?

rastafarra
  • 131
  • 4

1 Answers1

1

For OIDC authentication via Sync Gateway, you'll need to call GET /{db}/_oidc which will redirect you to your OIDC provider (auth0) to authenticate. Auth0 will then use the configured callback to redirect the user back to Sync Gateway. This is generally known as the Open ID Connect implicit flow.

It's tricky to do via CURL, as your OpenID provider likely has a UI to login with. It's recommended to do this through a browser, or to use a web view in a mobile app. Once the callback step is done, the session cookie is set and you can continue to use API calls using that cookie.

bbrks
  • 136
  • 1
  • 2