Authentication with ASP.NET and IdentityServer4


We have a backend STS built with ASP.NET Core Identity and IdentityServer4 (OpenId connect and OAuth2.0 framework) to serve our mobile application.
What is the preffered way to use this authentication method with couchbase mobile?
Is it possible to connect it as described in the “OppenID connect” documentation, or do we have to use the custom authentication method?


This sounds like a good use case for OpenID Connect, however there is a caveat if you are planning to use Couchbase Lite 2.0, since that won’t support OpenID Connect based authentication in the initial release.

There is a workaround where you can manually push the “bearer token” to the Sync Gateway OpenID Connect endpoint, and I will try to chase down some details.

1 Like

To elaborate on what Traun suggested, in Couchbase Lite 2.0, you can add custom Authorization header to the ReplicationConfiguration . Something like this

config.headers = ["Authorization":"Bearer \(myToken)"]

Details here -

1 Like

I did not know about the Couchbase Lite 2.0 limitations with OpenID - Thank you for clarifying that!

So I’ve started to reconstruct my application (which is built in Xamarin.Forms). I was reading in the “OpenID connect” documentation and came across this:
AuthenticatorFactory.CreateOpenIDAuthenticator (Manager.SharedInstance, (Uri loginUrl, Uri
authBaseUrl, OIDCLoginContinuation continuation) => {
// Open the webview in a new controller

I’m not entirely sure how to use this. Before, when I did my authentication directly against my backend server, I had bound a loginUrl in a webview. Can you shed some light on this?

I’ve progressed a bit further; I’ve implemented a webview for my login screen and an OpenID connect callback handler.

The webview doesn’t display anything, though. I have the following exception in the log: HttpResponseException: StatusCode = Unauthorized

This is the error in the SG logfile:
2018-01-31T09:33:28.826Z HTTP: #009: GET /mydatabase/_session
2018-01-31T09:33:28.831Z HTTP+: #009: --> 200 (5.9 ms)
2018-01-31T09:33:29.310Z HTTP: #010: GET /mydatabase/_oidc_challenge?offline=true
2018-01-31T09:33:29.310Z OIDC: Getting provider for name
2018-01-31T09:33:29.310Z HTTP: #010: --> 401 Login Required (0.9 ms)

Do you recognize this and have a clue what’s wrong? Seems I should get this error when I’ve entered wrong credentials, but the login form is never shown, it goes straight to this error.

I Solved it.
My login screen lacked a consent form, which in turn resulted in the unauthorized exception.