Uploaded image for project: 'Couchbase Gateway'
  1. Couchbase Gateway
  2. CBG-3885

[3.1.5 backport] OIDC-auth causes admin_channels/admin_roles loss

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 3.1.5
    • 3.1.4
    • SyncGateway
    • Security Level: Public
    • None

    Description

      When authenticating Sync Gateway users with OIDC, any channel or role grants previously set by the Admin API will be lost.

      There is no workaround for this issue. Must upgrade to 3.1.5 and manually restore channels/roles via the Admin API. The set of channels and roles previously assigned can be determined from channel and role history entries in the sync metadata as a means of recovery.

        "channel_history": {
      		 
          "my_channel_name": {
      		 
            "updated_at": 1712935794,
      		 
            "entries": [
      		 
              "19-20"
      		 
            ]
      		 
          }
      		 
        },

       

       

      The updatePrincipal call that happens via the callback results in users losing their admin_channels and admin_role assignments.

      This appears to be caused by the removal of the nil checks inside UpdatePrincipal via CBG-3610 

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            ben.brooks Ben Brooks
            adamf Adam Fraser
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty