Couchbase Lite OpenID Connect .NET

I am having trouble trying to setup authentication using OpenID Connect with Couchbase Lite for .NET.

I have read the guide (https://developer.couchbase.com/documentation/mobile/1.4/guides/authentication/openid/index.html), but this explanation is confusing:

So this callback should open a modal web view starting at the given loginURL, then return.

Wait for the web view to redirect to a URL whose host and path are the same as the given redirectURL (the query string after the path will be different, though). Instead of following the redirect, close the web view and call the given continuation block with the redirected URL (and a nil error). Your modal web view UI should provide a way for the user to cancel, probably by adding a Cancel button outside the web view. If the user cancels, call the continuation block with a nil URL and a nil error. If something else goes wrong, like an error loading the login page in the web view, call the continuation block with that error and a nil URL. Usually, the callback would execute some code to open a UIViewController for iOS and AppCompatActivity for Android. be called when the OpenID Connect login flow requires the user to authenticate with the Originating Party (OP), the site at which they have an account.

Note: Just make sure you hold onto the CBLOIDCLoginContinuation block, because you must call it later, or the replicator will never finish logging in.

I can’t find any examples on the internet that uses the OpenIDAuthenticator. I have been able to open the login web view for my identity provider, but am a bit lost as to what to do next.

Are there any examples, or a better explanation of what to do? I would like to use the built in functionality rather than implementing authentication and then setting up a session with sync gateway as is the other option.

I made one a while back for Xamarin iOS and Android, but what platform are you thinking of?

This is the folder that the two helper classes are in, and the logic (although it is somewhat hard to follow since there are several callbacks between the server, the library code, and the app code). The logic begins here though.

Yes I did see that one, and I did find it somewhat hard to follow. I’ll have another look and try and digest it. Is there no standard/straight forward way to implement this for Xamarin Android in .NET?

@borrrden I have tried running your SimpleAndroidSync app with open id connect login. When I click the red button “sign in with auth code flow”, nothing happens. And when I sign in with google it says "google sign in failed : (12501).

There is no such thing as straightfoward when it comes to OpenID Connect. All I can tell you is that I’ve verified that it works. Sync Gateway needs to be setup correctly with a provider in order for the process to function correctly, so that might be the reason for “nothing happens.” (I can’t say anything more specific than that without something more than that though e.g. any network traffic and which methods are getting called). The Google sign in button is attempting to use Google’s official SDK and I’ve found it very hard to use in the past but everything it does is outside the realm of Couchbase.

Ok, so I have set up a server and am able to log into my identity provider with your sample app. However, I am getting an error on the redirection after login. What should the redirect uri be set as in my identity provider? Should it go back to the app?

The error I’m getting is:

Webpage not available
The webpage at http://sg.domain.com/sync_gateway/_oidc_callback?state=&code=somebiglongcode could not be loaded because:
net::ERR_CONNECTION_REFUSED

For anyone else having the same issue, I got this to work. I had to put a redirect in my identity provider to http://mysite/mybucket/_oidc_callback even though im using SSL (https). And I had to configure my reverse proxy (nginx) with proxy_redirect http:// https://

Good find! That’s actually probably a legitimate issue with the library, and it might even be cross platform. I filed this issue to further investigate it.