Details
-
Bug
-
Resolution: Fixed
-
Critical
-
3.1.4
-
Security Level: Public
-
None
Description
When authenticating Sync Gateway users with OIDC, any channel or role grants previously set by the Admin API will be lost.
There is no workaround for this issue. Must upgrade to 3.1.5 and manually restore channels/roles via the Admin API. The set of channels and roles previously assigned can be determined from channel and role history entries in the sync metadata as a means of recovery.
"channel_history": {
|
"my_channel_name": {
|
"updated_at": 1712935794,
|
"entries": [
|
"19-20"
|
]
|
}
|
},
|
The updatePrincipal call that happens via the callback results in users losing their admin_channels and admin_role assignments.
This appears to be caused by the removal of the nil checks inside UpdatePrincipal via CBG-3610