如何确保隐式 OpenId 隐式流在 Couchbase Sync Gateway 中正常工作

how to make sure implicit OpenId implicit flow works In Couchbase Sync Gateway

嗨,我在后端使用 identityserver4 在我的应用程序中获取 jwt 令牌我想将我的令牌发送到 syncgateway 并获取一个 sessionid 我阅读了这篇文章 https://docs.couchbase.com/sync-gateway/current/authentication.html#implicit-flow 并且我正在使用 OpenID Connect implisit 流但是我每当我发送 POST http://localhost:4984/todo/_session by Athurazation Breare

时都会收到此回复
{
    "error": "Unauthorized",
    "reason": "Invalid login"
}

我的 SG 配置与此相同

{
  "log":["*"],
  "logging": { 
    "log_file_path": "c://var/tmp/sglogs",
    "console": {
      "log_level": "debug",
      "log_keys": ["*"]
    },
    "error": {
      "enabled": true,
      "rotation": {
        "max_size": 20,
        "max_age": 180
      }
    },
    "warn": {
      "enabled": true,
      "rotation": {
        "max_size": 20,
        "max_age": 90
      }
    },
    "info": {
        "enabled": true,
        "rotation": {
            "max_size": 100,
            "max_age": 6,
            "localtime": false
        }
    },
    "debug": {
        "enabled": false,
        "rotation": {
            "max_size": 100,
            "max_age": 2,
            "localtime": false
        }
    }
  },
  "adminInterface": "127.0.0.1:4985",
  "interface": "0.0.0.0:4984",
  "databases": {
    "todo": {
      "server": "http://127.0.0.1:8091",
      "username": "Administrator",
      "password": "@2588854424@",
      "bucket": "todo",
      "users":{ 
          "zkhahmadi": {"password": "123456", "admin_channels": ["*"]}
      },
      "roles": { 
        "Admin": {
          "admin_channels": [ "*" ]
        },
        "_TestAdmin": {
          "admin_channels": [ "*" ]
        }
      },
      "oidc": {
          "default_provider":"providertodo",
          "providers": {
            "providertodo": {
                "issuer":"https://staging.org/ids",
"validation_key":"MIIDNjCCAh6gAwIBAgIQT0Bt5EJjiNTYWoJeV/8yMzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlOZXBocm9haWQwHhcNMjAwODMwMDcxNzQyWhcNMjAwOTI5MDgxNzQyWjAbMRkwFwYDVQQDDBBbVEVTVF0gTmVwaHJvYWlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqz85sqnkhTJYDhw40Tp+7GKucgQ254IYyzX1II8JtwFm2q3iVIGLhZeewDOvPgZ/oQIJ7/D4husV7twK+WTTGfSoBOnfWPdFyozx826Y5M48/YeBXGRFhKwQbVgeF7On1Wr/o8Nrgk8GlpKlEN2Ir1T+RNoCcZcunOnouHma1BsYiYY3OQFpTQ0A3a+qD7TYnqJ5652dnNlLCSaJtGbfg7cGe7hjiCTEQKT/6nAZ5BznW59Gqldtrzm1cztydKYUDtfDGGJCvWwi2r1NwOXD6CuI6yti8PXwsxsWYVy7Em5o8oalq2BEa+5ljysvmCGSGmAya+vseOrCi53XaNfQIDAQABo30wezALBgNVHQ8EBAMCBPAwLAYDVR0lAQH/BCIwIAYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3CgMMMB0GA1UdDgQWBBTrOGbtwpB5vZJKMva9yaUE6SB2+jAfBgNVHSMEGDAWgBTznnnsIZL8ItV1yObizdwjnN08QTANBgkqhkiG9w0BAQsFAAOCAQEAWRprTDx696N8uS4yfKsIRhGJrgbKnfabhd+nsZq3v4nSXsNh39Whz3TwhiyzjDw9nk+IFyerHdPlW1G6IIx2GxqOcfSaega6tt4TzPBnX7AM7sEjmDN+z7gk3fvjCSoSlYwp2jgLypUX5LkdPQV4lLu+RWrOwBTP9Z2AuHAaF+K9heIncsPpG/jRnTQN/aO+hHGjE6WAyU+Kx8KP5Y+I2u9Srt9tRqCTAuXEsoiTgl4PivKowxl7xporMxYSh1pZFlkoJZsiHDkLvTAtEiie96w0yhbrP7Fi//GYUq0/wIzVBvn/ySX9qbKWuxFFv7bnpY0CRqmSXxmdIWoejQ==","register":true,"client_id":"native.code","callback_url":"http://localhost:4984/bucketname/_oidc_callback"}
          }
        },
    "sync": 
    `function(doc,oldDoc){
        if (doc.Status){
        channel("Done");
    } else {
        channel("Doing");  
    }
    }`
    ,
      "allow_conflicts": true,     
      "import_docs": true,
      "enable_shared_bucket_access":true,
      "num_index_replicas":0
    }
  }
  ,"CORS": {
        "Origin":["*"],
        "LoginOrigin":["*"],
        "Headers":["Content-Type"],
        "MaxAge": 1728000
    }
}

header 我的代币是

{
  "alg": "RS256",
  "kid": "5279CF8BB69C2037B7C89299DE62D17C9738C6A7",
  "typ": "JWT",
  "x5t": "UnnPi7acIDe3yJKZ3mLRfJc4xqc"
}

我可以在 https://jwt.io/#debugger-io

中成功验证它

我发送了访问令牌,当我发送 id 令牌时,syncgateway 无法使用它,它运行正常并给我一个 sessionId