Replication with Custom Auth in CB Lite.net 2.0 DB020


#1

I am successfully using Custom Authentication on Sync Gateway 1.5 with a Keycloak identity server.
Using curl I verified that the SG session cookies grant access to Sync Gateway on the 4984 REST interface.

When I use the same session cookie in a Couchbase Lite replication, the Sync Gateway rejects the replication with this log:
2017-12-06T18:10:28.047+01:00 OIDC+: OIDCUsername: XXXXX_46f7b166-9050-4540-b3b3-b1a3a7030ca8
2017-12-06T18:10:28.048+01:00 HTTP: #215: POST /XXX-integration-test/_session (as XXXXX_46f7b166-9050-4540-b3b3-b1a3a7030ca8)
2017-12-06T18:10:28.048+01:00 WARNING: Couldn’t parse JSON in HTTP request: EOF – db.ReadJSONFromMIME() at attachment.go:224
2017-12-06T18:10:28.049+01:00 HTTP+: #215: --> 200 (2.2 ms)
2017-12-06T18:10:28.469+01:00 HTTP: #216: GET /XXX-integration-test/_blipsync
2017-12-06T18:10:28.469+01:00 HTTP: #216: --> 401 Login required (0.7 ms)


Problems using authentication with OpenID connect
#2

On the mobile device (Windows 10 running UWP app) Couchbase Lite.net logs the 401:Unauthorized error. See attached log file.CBForum15070.zip (1.8 KB)


#3

I’m pretty sure this is an issue that I found a week or two ago in which the serialized cookies are not deserialized again. The fix for the issue will be in DB021 (related to another replication bug that was fixed, but the fix for this one was not included so that disruptions could be kept to a minimum.

FYI: DB021 is currently set to freeze on the 15th.


#4

Thank you. I’ll shelve it until then.


#5

FYI, I have set up a test for this. It is not fully automated yet, but it is “scriptable” so that I can quickly fire off scenarios. This scenario failed with DB20, but passes with the latest internal builds (that will later become DB021).