如何确保隐式 OpenId 隐式流在 Couchbase Sync Gateway 中正常工作
how to make sure implicit OpenId implicit flow works In Couchbase Sync Gateway
嗨,我在后端使用 identityserver4 在我的应用程序中获取 jwt 令牌我想将我的令牌发送到 syncgateway 并获取一个 sessionid 我阅读了这篇文章 https://docs.couchbase.com/sync-gateway/current/authentication.html#implicit-flow 并且我正在使用 OpenID Connect implisit 流但是我每当我发送 POST http://localhost:4984/todo/_session by Athurazation Breare
时都会收到此回复
{
"error": "Unauthorized",
"reason": "Invalid login"
}
我的 SG 配置与此相同
{
"log":["*"],
"logging": {
"log_file_path": "c://var/tmp/sglogs",
"console": {
"log_level": "debug",
"log_keys": ["*"]
},
"error": {
"enabled": true,
"rotation": {
"max_size": 20,
"max_age": 180
}
},
"warn": {
"enabled": true,
"rotation": {
"max_size": 20,
"max_age": 90
}
},
"info": {
"enabled": true,
"rotation": {
"max_size": 100,
"max_age": 6,
"localtime": false
}
},
"debug": {
"enabled": false,
"rotation": {
"max_size": 100,
"max_age": 2,
"localtime": false
}
}
},
"adminInterface": "127.0.0.1:4985",
"interface": "0.0.0.0:4984",
"databases": {
"todo": {
"server": "http://127.0.0.1:8091",
"username": "Administrator",
"password": "@2588854424@",
"bucket": "todo",
"users":{
"zkhahmadi": {"password": "123456", "admin_channels": ["*"]}
},
"roles": {
"Admin": {
"admin_channels": [ "*" ]
},
"_TestAdmin": {
"admin_channels": [ "*" ]
}
},
"oidc": {
"default_provider":"providertodo",
"providers": {
"providertodo": {
"issuer":"https://staging.org/ids",
"validation_key":"MIIDNjCCAh6gAwIBAgIQT0Bt5EJjiNTYWoJeV/8yMzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlOZXBocm9haWQwHhcNMjAwODMwMDcxNzQyWhcNMjAwOTI5MDgxNzQyWjAbMRkwFwYDVQQDDBBbVEVTVF0gTmVwaHJvYWlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqz85sqnkhTJYDhw40Tp+7GKucgQ254IYyzX1II8JtwFm2q3iVIGLhZeewDOvPgZ/oQIJ7/D4husV7twK+WTTGfSoBOnfWPdFyozx826Y5M48/YeBXGRFhKwQbVgeF7On1Wr/o8Nrgk8GlpKlEN2Ir1T+RNoCcZcunOnouHma1BsYiYY3OQFpTQ0A3a+qD7TYnqJ5652dnNlLCSaJtGbfg7cGe7hjiCTEQKT/6nAZ5BznW59Gqldtrzm1cztydKYUDtfDGGJCvWwi2r1NwOXD6CuI6yti8PXwsxsWYVy7Em5o8oalq2BEa+5ljysvmCGSGmAya+vseOrCi53XaNfQIDAQABo30wezALBgNVHQ8EBAMCBPAwLAYDVR0lAQH/BCIwIAYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3CgMMMB0GA1UdDgQWBBTrOGbtwpB5vZJKMva9yaUE6SB2+jAfBgNVHSMEGDAWgBTznnnsIZL8ItV1yObizdwjnN08QTANBgkqhkiG9w0BAQsFAAOCAQEAWRprTDx696N8uS4yfKsIRhGJrgbKnfabhd+nsZq3v4nSXsNh39Whz3TwhiyzjDw9nk+IFyerHdPlW1G6IIx2GxqOcfSaega6tt4TzPBnX7AM7sEjmDN+z7gk3fvjCSoSlYwp2jgLypUX5LkdPQV4lLu+RWrOwBTP9Z2AuHAaF+K9heIncsPpG/jRnTQN/aO+hHGjE6WAyU+Kx8KP5Y+I2u9Srt9tRqCTAuXEsoiTgl4PivKowxl7xporMxYSh1pZFlkoJZsiHDkLvTAtEiie96w0yhbrP7Fi//GYUq0/wIzVBvn/ySX9qbKWuxFFv7bnpY0CRqmSXxmdIWoejQ==","register":true,"client_id":"native.code","callback_url":"http://localhost:4984/bucketname/_oidc_callback"}
}
},
"sync":
`function(doc,oldDoc){
if (doc.Status){
channel("Done");
} else {
channel("Doing");
}
}`
,
"allow_conflicts": true,
"import_docs": true,
"enable_shared_bucket_access":true,
"num_index_replicas":0
}
}
,"CORS": {
"Origin":["*"],
"LoginOrigin":["*"],
"Headers":["Content-Type"],
"MaxAge": 1728000
}
}
header 我的代币是
{
"alg": "RS256",
"kid": "5279CF8BB69C2037B7C89299DE62D17C9738C6A7",
"typ": "JWT",
"x5t": "UnnPi7acIDe3yJKZ3mLRfJc4xqc"
}
中成功验证它
我发送了访问令牌,当我发送 id 令牌时,syncgateway 无法使用它,它运行正常并给我一个 sessionId
嗨,我在后端使用 identityserver4 在我的应用程序中获取 jwt 令牌我想将我的令牌发送到 syncgateway 并获取一个 sessionid 我阅读了这篇文章 https://docs.couchbase.com/sync-gateway/current/authentication.html#implicit-flow 并且我正在使用 OpenID Connect implisit 流但是我每当我发送 POST http://localhost:4984/todo/_session by Athurazation Breare
{
"error": "Unauthorized",
"reason": "Invalid login"
}
我的 SG 配置与此相同
{
"log":["*"],
"logging": {
"log_file_path": "c://var/tmp/sglogs",
"console": {
"log_level": "debug",
"log_keys": ["*"]
},
"error": {
"enabled": true,
"rotation": {
"max_size": 20,
"max_age": 180
}
},
"warn": {
"enabled": true,
"rotation": {
"max_size": 20,
"max_age": 90
}
},
"info": {
"enabled": true,
"rotation": {
"max_size": 100,
"max_age": 6,
"localtime": false
}
},
"debug": {
"enabled": false,
"rotation": {
"max_size": 100,
"max_age": 2,
"localtime": false
}
}
},
"adminInterface": "127.0.0.1:4985",
"interface": "0.0.0.0:4984",
"databases": {
"todo": {
"server": "http://127.0.0.1:8091",
"username": "Administrator",
"password": "@2588854424@",
"bucket": "todo",
"users":{
"zkhahmadi": {"password": "123456", "admin_channels": ["*"]}
},
"roles": {
"Admin": {
"admin_channels": [ "*" ]
},
"_TestAdmin": {
"admin_channels": [ "*" ]
}
},
"oidc": {
"default_provider":"providertodo",
"providers": {
"providertodo": {
"issuer":"https://staging.org/ids",
"validation_key":"MIIDNjCCAh6gAwIBAgIQT0Bt5EJjiNTYWoJeV/8yMzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlOZXBocm9haWQwHhcNMjAwODMwMDcxNzQyWhcNMjAwOTI5MDgxNzQyWjAbMRkwFwYDVQQDDBBbVEVTVF0gTmVwaHJvYWlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqz85sqnkhTJYDhw40Tp+7GKucgQ254IYyzX1II8JtwFm2q3iVIGLhZeewDOvPgZ/oQIJ7/D4husV7twK+WTTGfSoBOnfWPdFyozx826Y5M48/YeBXGRFhKwQbVgeF7On1Wr/o8Nrgk8GlpKlEN2Ir1T+RNoCcZcunOnouHma1BsYiYY3OQFpTQ0A3a+qD7TYnqJ5652dnNlLCSaJtGbfg7cGe7hjiCTEQKT/6nAZ5BznW59Gqldtrzm1cztydKYUDtfDGGJCvWwi2r1NwOXD6CuI6yti8PXwsxsWYVy7Em5o8oalq2BEa+5ljysvmCGSGmAya+vseOrCi53XaNfQIDAQABo30wezALBgNVHQ8EBAMCBPAwLAYDVR0lAQH/BCIwIAYIKwYBBQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3CgMMMB0GA1UdDgQWBBTrOGbtwpB5vZJKMva9yaUE6SB2+jAfBgNVHSMEGDAWgBTznnnsIZL8ItV1yObizdwjnN08QTANBgkqhkiG9w0BAQsFAAOCAQEAWRprTDx696N8uS4yfKsIRhGJrgbKnfabhd+nsZq3v4nSXsNh39Whz3TwhiyzjDw9nk+IFyerHdPlW1G6IIx2GxqOcfSaega6tt4TzPBnX7AM7sEjmDN+z7gk3fvjCSoSlYwp2jgLypUX5LkdPQV4lLu+RWrOwBTP9Z2AuHAaF+K9heIncsPpG/jRnTQN/aO+hHGjE6WAyU+Kx8KP5Y+I2u9Srt9tRqCTAuXEsoiTgl4PivKowxl7xporMxYSh1pZFlkoJZsiHDkLvTAtEiie96w0yhbrP7Fi//GYUq0/wIzVBvn/ySX9qbKWuxFFv7bnpY0CRqmSXxmdIWoejQ==","register":true,"client_id":"native.code","callback_url":"http://localhost:4984/bucketname/_oidc_callback"}
}
},
"sync":
`function(doc,oldDoc){
if (doc.Status){
channel("Done");
} else {
channel("Doing");
}
}`
,
"allow_conflicts": true,
"import_docs": true,
"enable_shared_bucket_access":true,
"num_index_replicas":0
}
}
,"CORS": {
"Origin":["*"],
"LoginOrigin":["*"],
"Headers":["Content-Type"],
"MaxAge": 1728000
}
}
header 我的代币是
{
"alg": "RS256",
"kid": "5279CF8BB69C2037B7C89299DE62D17C9738C6A7",
"typ": "JWT",
"x5t": "UnnPi7acIDe3yJKZ3mLRfJc4xqc"
}
中成功验证它
我发送了访问令牌,当我发送 id 令牌时,syncgateway 无法使用它,它运行正常并给我一个 sessionId