How to Create a User
How to create a Sync Gateway user for secure access control in cloud-to-edge enterprise data synchronization.
Sync Gateway users are a key part of a flexible approach to data routing and access control.
Related topics: Create Role | Create User | Add Role to User | Allow Access | Verify Access | Write Access
Process
A user must be created on Sync Gateway before it can be granted access to documents.
You create and-or manage users using the following options — as shown in Example 1:
-
Admin REST API
Users are created via the Sync Gateway Admin REST API. -
OIDC
Configure OIDC authentication to auto-register a user following successful validation of an ID Token — User Authentication. -
Static Configuration (Pre 3.0):
Users can be statically configured within the Sync Gateway Configuration File — see: Legacy Pre-3.0 Configuration.
Note, to use this option in version 3.x users must run Sync Gateway with thedisable_persistent_config
flag set totrue
.
- Admin REST API
-
This is the default recommended option starting 3.0. Create a new user by sending a POST request to the Admin Rest Api
_user
endpoint ({db}/_user/{name}). Update existing users by sending a PUT instead; in this case include the user name at the end of the url.The user credentials (username/password) are passed in the request body.
$ curl -vX POST "http://localhost:4985/mydatabase/_user/" -H "accept: application/json" -H "Content-Type: application/json" -d '{"name": "Edge1User", "password": "pass"}' (1) $ curl -vX PUT "http://localhost:4985/mydatabase/_user/Edge1User" -H "accept: application/json" -H "Content-Type: application/json" -d '{"name": "Edge1User", "admin_channels": ["RandomChannel"]}' (2)
1 Add new user "Edge1User", no admin_channels
orrole
is specified here.2 Update existing user "Edge1User" and add admin_channels
data - OIDC
-
curl --location --request PUT 'http://localhost:4985/ourdb/_config' \ --header 'accept: application/json' \ --header 'Content-Type: application/json' \ --data-raw '{ oidc: { providers: { google_implicit: { issuer:https://accounts.google.com, client_id:yourclientid-uso.apps.googleusercontent.com, register:true (1) }, }, } }'
1 Use register=true
to automatically create a Sync Gateway user on successful completion of validation. - File-based Configuration Properties File
-
Persistent Configuration is enabled by default from 3.0.
To continue using legacy Pre-3.0 configuration you should start Sync Gateway with disable-persistent-config set true
either in the configuration file or in Command Line Options.
Create users by hardcoding their credentials in the Configuration Properties file.
This method is convenient for testing and to get started.
Use the Admin REST API for production system changes.
{
"databases": {
"mydatabase": {
"users": { (1)
"GUEST": {"disabled": true},
"Edge1User": {"password": "pass", (2)
"admin_channels": ["RandomChannel"]},
}
}
}
}
1 | databases.$db.users |
2 | Here we add the Edge1 user |