A newer version of this documentation is available.

View Latest

How to Create a User

      +

      How to create a Sync Gateway user for secure access control in cloud-to-edge enterprise data synchronization.
      Sync Gateway users are a key part of a flexible approach to data routing and access control.

      Related topics: Create Role | Create User | Add Role to User | Allow Access | Verify Access | Write Access

      Process

      A user must be created on Sync Gateway before it can be granted access to documents.

      You create and-or manage users using the following options — as shown in Example 1:

      • Admin REST API
        Users are created via the Sync Gateway Admin REST API.

      • OIDC
        Configure OIDC authentication to auto-register a user following successful validation of an ID Token — User Authentication.

      • Static Configuration (Pre 3.0):
        Users can be statically configured within the Sync Gateway Configuration File — see: Legacy Pre-3.0 Configuration.
        Note, to use this option in version 3.x users must run Sync Gateway with the disable_persistent_config flag set to true.

      Example 1. How to Create Users
      Admin REST API
      This is the default recommended option starting 3.0.

      Create a new user by sending a POST request to the Admin Rest Api _user endpoint ({db}/_user/{name}). Update existing users by sending a PUT instead; in this case include the user name at the end of the url.

      The user credentials (username/password) are passed in the request body.

      $ curl -vX POST "http://localhost:4985/mydatabase/_user/" -H
      "accept: application/json" -H "Content-Type: application/json" -d
      '{"name": "Edge1User", "password": "pass"}' (1)
      
      $ curl -vX PUT "http://localhost:4985/mydatabase/_user/Edge1User" -H
      "accept: application/json" -H "Content-Type: application/json" -d
      '{"name": "Edge1User", "admin_channels": ["RandomChannel"]}' (2)
      1 Add new user "Edge1User", no admin_channels or role is specified here.
      2 Update existing user "Edge1User" and add admin_channels data
      OIDC
      curl --location --request PUT 'http://localhost:4985/ourdb/_config' \
      --header 'accept: application/json' \
      --header 'Content-Type: application/json' \
      --data-raw '{
        oidc: {
          providers: {
            google_implicit: {
              issuer:https://accounts.google.com,
              client_id:yourclientid-uso.apps.googleusercontent.com,
              register:true (1)
            },
          },
        }
      }'
      1 Use register=true to automatically create a Sync Gateway user on successful completion of validation.
      File-based Configuration Properties File

      Persistent Configuration is enabled by default from 3.0.

      To continue using legacy Pre-3.0 configuration you should start Sync Gateway with disable-persistent-config set true either in the configuration file or in Command Line Options.

      Create users by hardcoding their credentials in the Configuration Properties file. This method is convenient for testing and to get started.
      Use the Admin REST API for production system changes.

      {
        "databases": {
          "mydatabase": {
            "users": { (1)
              "GUEST": {"disabled": true},
              "Edge1User": {"password": "pass", (2)
                            "admin_channels": ["RandomChannel"]},
            }
          }
        }
      }
      1 databases.$db.users
      2 Here we add the Edge1 user