/{db}/_session not working for multiple oidc providers


#1

In our sync_gateway.json, we’ve setup 2 oidc providers. SE1 & SE2. When POST-ing id_token to /{db}/_session endpoint, some requests will have id_token generated by SE1 and other requests will have id_token generated by SE2. It’s working when there is only provider in sync_gateway.json. Meaning, when only SE1 is present, requests with id_token generated by SE1 generates the user session and when only SE2 is present, requests with id_token generated by SE2 generates the user session.

But it’s not working when we setup both SE1 & SE2 in sync_gateway.json. Meaning, only SE2 is working. Requests with id_token generated by SE1 is failing with --> 401 Invalid login.

Here is the configuration.

“oidc”: {
“providers”: {
“SE1”: {
“user_prefix”: “SE”,
“issuer”: “https://example.com/fss”,
“client_id”: “Prod_Dev_Impl”,
“scope”: [“api”, “openid”, “profile”],
“register”: false,
“disable_cfg_validation”: true,
“disable_session”: false
},
“SE2”: {
“user_prefix”: “SE”,
“issuer”: “https://example.com/fss”,
“client_id”: “Prod_Dev_AuthCode”,
“scope”: [“api”, “openid”, “profile”],
“register”: false,
“disable_cfg_validation”: true,
“disable_session”: false
}
}
},

What could be wrong? We’re using sync gateway 2.1