Uploaded image for project: 'Couchbase Gateway'
  1. Couchbase Gateway
  2. CBG-3885

[3.1.5 backport] OIDC-auth causes admin_channels/admin_roles loss

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 3.1.5
    • 3.1.4
    • SyncGateway
    • Security Level: Public
    • None

    Description

      When authenticating Sync Gateway users with OIDC, any channel or role grants previously set by the Admin API will be lost.

      There is no workaround for this issue. Must upgrade to 3.1.5 and manually restore channels/roles via the Admin API. The set of channels and roles previously assigned can be determined from channel and role history entries in the sync metadata as a means of recovery.

        "channel_history": {
      		 
          "my_channel_name": {
      		 
            "updated_at": 1712935794,
      		 
            "entries": [
      		 
              "19-20"
      		 
            ]
      		 
          }
      		 
        },

       

       

      The updatePrincipal call that happens via the callback results in users losing their admin_channels and admin_role assignments.

      This appears to be caused by the removal of the nil checks inside UpdatePrincipal via CBG-3610 

      Attachments

        1. Screenshot 2024-04-12 at 16.08.07.png
          48 kB
          Ben Brooks
        2. Screenshot 2024-04-12 at 16.07.45.png
          367 kB
          Ben Brooks
        3. Screenshot 2024-04-12 at 16.10.14.png
          469 kB
          Ben Brooks
        4. Screenshot 2024-04-12 at 16.09.55.png
          287 kB
          Ben Brooks
        5. Screenshot 2024-04-12 at 16.11.42.png
          474 kB
          Ben Brooks
        6. Screenshot 2024-04-12 at 16.11.44.png
          228 kB
          Ben Brooks
        7. Screenshot 2024-04-12 at 16.09.03.png
          459 kB
          Ben Brooks
        8. Screenshot 2024-04-12 at 16.15.26.png
          136 kB
          Ben Brooks
        9. Screenshot 2024-04-12 at 16.16.01.png
          462 kB
          Ben Brooks
        10. Screenshot 2024-04-12 at 16.18.46.png
          70 kB
          Ben Brooks
        11. Screenshot 2024-04-12 at 16.18.55.png
          129 kB
          Ben Brooks
        12. Screenshot 2024-04-12 at 16.19.01.png
          273 kB
          Ben Brooks
        13. Screenshot 2024-04-12 at 16.26.39.png
          503 kB
          Ben Brooks
        14. Screenshot 2024-04-12 at 16.27.01.png
          358 kB
          Ben Brooks
        15. Screenshot 2024-04-12 at 16.29.26.png
          121 kB
          Ben Brooks
        16. Screenshot 2024-04-12 at 16.30.04.png
          543 kB
          Ben Brooks
        17. Screenshot 2024-04-12 at 16.30.22.png
          122 kB
          Ben Brooks
        18. Screenshot 2024-04-12 at 16.32.22.png
          353 kB
          Ben Brooks
        19. Screenshot 2024-04-12 at 16.32.48.png
          371 kB
          Ben Brooks
        20. Screenshot 2024-04-12 at 16.33.06.png
          123 kB
          Ben Brooks
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            ben.brooks Ben Brooks
            adamf Adam Fraser
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty