{"id":11463,"date":"2021-06-29T03:47:44","date_gmt":"2021-06-29T10:47:44","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=11463"},"modified":"2025-06-13T20:08:46","modified_gmt":"2025-06-14T03:08:46","slug":"oidc-implicit-flow-client-authentication-couchbase-sync-gateway","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/pt\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","title":{"rendered":"Fluxo impl\u00edcito do OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 2 de 3]"},"content":{"rendered":"<p><strong>O OpenID Connect (OIDC) \u00e9 um mecanismo popular de autentica\u00e7\u00e3o de clientes<\/strong> suportado pelo Couchbase Sync Gateway.<\/p>\n<p>Nesse contexto, <em>clientes<\/em> podem ser clientes do Couchbase Lite que sincronizam dados com o Sync Gateway pela Internet usando <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/sync-using-app.html?ref=blog\" target=\"_blank\" rel=\"noopener\">o protocolo de replica\u00e7\u00e3o baseado em websockets<\/a> ou podem ser front-end da Web ou aplicativos m\u00f3veis <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/rest-api.html?ref=blog\" target=\"_blank\" rel=\"noopener\">acessar o Sync Gateway por meio do ponto de extremidade REST p\u00fablico<\/a>.<\/p>\n<p>Na semana passada, <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">discutimos os fundamentos dos fluxos OIDC e OAuth2<\/a>. Na postagem do blog desta semana, apresentarei a autentica\u00e7\u00e3o de cliente baseada em fluxo impl\u00edcito do OIDC no contexto de <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/products\/sync-gateway\/?ref=blog\" target=\"_blank\" rel=\"noopener\">Gateway de sincroniza\u00e7\u00e3o do Couchbase<\/a> replica\u00e7\u00e3o. Esta postagem pressup\u00f5e familiaridade com <a href=\"https:\/\/openid.net\/connect\/\" target=\"_blank\" rel=\"noopener\">OIDC<\/a> e OAuth2 para autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o. Portanto, se voc\u00ea n\u00e3o estiver familiarizado com os fluxos ou precisar de uma atualiza\u00e7\u00e3o, leia a postagem do blog da semana passada.<\/p>\n<h2>Configura\u00e7\u00e3o do OIDC do gateway de sincroniza\u00e7\u00e3o do Couchbase<\/h2>\n<p>&nbsp;<\/p>\n<p>Por banco de dados, <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/configuration-properties.html?ref=blog#databases-this_db-oidc\" target=\"_blank\" rel=\"noopener\">O Couchbase Sync Gateway deve ser configurado para autentica\u00e7\u00e3o OIDC<\/a>.<\/p>\n<p>Aqui est\u00e1 um exemplo b\u00e1sico <code>configura\u00e7\u00e3o<\/code> para Implicit Flow. (Consulte as p\u00e1ginas da documenta\u00e7\u00e3o oficial do <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/configuration-properties.html?ref=blog#databases-this_db-oidc\" target=\"_blank\" rel=\"noopener\">uma listagem completa de todas as op\u00e7\u00f5es de configura\u00e7\u00e3o<\/a>.)<\/p>\n<pre>\"oidc\": {\r\n          \"default_provider\": \"google\",\r\n          \"providers\": {\r\n            \"google\": {\r\n                \"issuer\": \"https:\/\/accounts.google.com\",\r\n                \"client_id\": \"YOUR_CLIENT_ID\"\r\n                \"register\":true,\r\n                \"username_claim\": \"email\"\r\n            }\r\n          }\r\n        }\r\n<\/pre>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li><code>emissor<\/code> \u00e9 o URL de autentica\u00e7\u00e3o correspondente ao provedor de identidade OIDC<\/li>\n<li><code>id_cliente<\/code> \u00e9 gerado como parte do processo de registro do aplicativo com o provedor OIDC. O cliente aqui se refere ao <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/products\/lite\/?ref=blog\" target=\"_blank\" rel=\"noopener\">Couchbase Lite<\/a> aplicativo ou aplicativo da Web. Observe que <code>id_cliente<\/code> n\u00e3o corresponde ao usu\u00e1rio final do aplicativo, que \u00e9 tecnicamente o \"Propriet\u00e1rio do recurso\".<\/li>\n<li>O <code>registro<\/code> se definido como <code>verdadeiro<\/code>O usu\u00e1rio ser\u00e1 criado automaticamente no Sync Gateway ap\u00f3s a valida\u00e7\u00e3o bem-sucedida do token de ID.<\/li>\n<li><code>nome de usu\u00e1rio_reclama\u00e7\u00e3o<\/code> corresponde ao <a href=\"https:\/\/jwt.io\/\" target=\"_blank\" rel=\"noopener\">Reivindica\u00e7\u00e3o da JWT<\/a> a ser usado como o nome de usu\u00e1rio do Sync Gateway. Por padr\u00e3o, o nome de usu\u00e1rio do Sync Gateway assumiria o formato <code>emissor+sujeito<\/code> onde <code>emissor<\/code> refere-se ao nome de usu\u00e1rio <code>prefixo<\/code>. O <code>prefixo<\/code> o valor padr\u00e3o \u00e9 o <code>emissor<\/code> e pode ser <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/configuration-properties.html?ref=blog#databases-this_db-oidc-providers-this_provider-user_prefix\" target=\"_blank\" rel=\"noopener\">configurado para usar um valor de reivindica\u00e7\u00e3o diferente por meio da op\u00e7\u00e3o de configura\u00e7\u00e3o user_prefix<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Descoberta de OIDC do gateway de sincroniza\u00e7\u00e3o do Couchbase<\/h2>\n<p>&nbsp;<\/p>\n<p>Na inicializa\u00e7\u00e3o, o Sync Gateway se conecta ao <a href=\"https:\/\/openid.net\/specs\/openid-connect-discovery-1_0.html#IssuerDiscovery\" target=\"_blank\" rel=\"noopener\">ponto de extremidade de descoberta<\/a> associado ao provedor\/emissor OIDC configurado para obter metadados relevantes do provedor. O <a href=\"https:\/\/openid.net\/specs\/openid-connect-discovery-1_0.html#ProviderConfigurationResponse\" target=\"_blank\" rel=\"noopener\">metadados<\/a> inclui informa\u00e7\u00f5es relevantes necess\u00e1rias para a valida\u00e7\u00e3o do token, como chaves p\u00fablicas do emissor, algoritmos de criptografia compat\u00edveis usados para codificar as reivindica\u00e7\u00f5es no token de ID etc.<\/p>\n<p>O ponto de extremidade de descoberta corresponde a um URL de descoberta bem conhecido associado ao emissor. Se necess\u00e1rio, \u00e9 poss\u00edvel substituir isso por meio do par\u00e2metro <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/configuration-properties.html?ref=blog#databases-this_db-oidc-providers-this_provider-discovery_url\" target=\"_blank\" rel=\"noopener\">Op\u00e7\u00e3o de configura\u00e7\u00e3o discovery_url do Sync Gateway<\/a>.<\/p>\n<h2>Fluxo impl\u00edcito do OIDC para autentica\u00e7\u00e3o de cliente<\/h2>\n<p>&nbsp;<\/p>\n<p>Esse fluxo \u00e9 baseado no fluxo impl\u00edcito padr\u00e3o do OIDC <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">discutido no blog b\u00e1sico do OIDC<\/a>. \u00c9 mais simples do que a abordagem alternativa baseada em fluxo do C\u00f3digo de Autoriza\u00e7\u00e3o e geralmente \u00e9 a abordagem preferida para a autentica\u00e7\u00e3o do cliente OIDC do Sync Gateway.<\/p>\n<h3>Fluxo impl\u00edcito usando token de portador<\/h3>\n<p>&nbsp;<\/p>\n<p>Nesse fluxo, os clientes do Couchbase Lite incorporam o token de ID recuperado do provedor OIDC (OP) como <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc6750#section-6.1.1\" target=\"_blank\" rel=\"noopener\">o token do portador<\/a> no cabe\u00e7alho Authorization durante a inicializa\u00e7\u00e3o da replica\u00e7\u00e3o.<\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-bearer-token.png\"><br \/>\n<\/a><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-sessionid.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11467\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-sessionid.png\" alt=\"OpenID Connect Implicit Flow using session ID\" width=\"800\" height=\"449\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-sessionid.png 800w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-sessionid-300x168.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-sessionid-768x431.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-sessionid-20x11.png 20w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<ol>\n<li>Quando um usu\u00e1rio faz login no aplicativo cliente Couchbase Lite, o cliente inicia o fluxo impl\u00edcito do OIDC com o provedor OIDC para recuperar o token de ID. Isso est\u00e1 de acordo com os procedimentos de fluxo padr\u00e3o do OIDC <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">descrito no blog b\u00e1sico do OIDC<\/a>.<\/li>\n<li>O aplicativo cliente inicia uma replica\u00e7\u00e3o usando o token de ID como o token do portador no cabe\u00e7alho de autoriza\u00e7\u00e3o HTTP.<\/li>\n<li>O Sync Gateway valida o token de ID localmente. Ap\u00f3s a valida\u00e7\u00e3o bem-sucedida do token, um <code>UserCtx<\/code> \u00e9 criado.\n<ul>\n<li>Os metadados recuperados do URL de descoberta do provedor OIDC durante a inicializa\u00e7\u00e3o s\u00e3o usados para validar o token no \"modo off-line\".<\/li>\n<li>Se esta for a primeira vez que o usu\u00e1rio est\u00e1 se autenticando no Sync Gateway e se n\u00e3o existir um usu\u00e1rio correspondente no servidor, o Sync Gateway criar\u00e1 automaticamente um usu\u00e1rio se a op\u00e7\u00e3o de configura\u00e7\u00e3o \"register\" estiver definida como true.\n<ul>\n<li><strong>Observa\u00e7\u00e3o:<\/strong> O usu\u00e1rio que \u00e9 criado n\u00e3o est\u00e1 associado a nenhuma concess\u00e3o de acesso, como <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/channels.html?ref=blog\" target=\"_blank\" rel=\"noopener\">canais<\/a> ou <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/roles.html?ref=blog\" target=\"_blank\" rel=\"noopener\">fun\u00e7\u00f5es<\/a>. Esse registro autom\u00e1tico s\u00f3 funcionaria para usu\u00e1rios p\u00fablicos sem concess\u00f5es de acesso espec\u00edficas do usu\u00e1rio. Discutiremos um fluxo mais adiante neste post que descreve como criar usu\u00e1rios com concess\u00f5es de acesso espec\u00edficas do usu\u00e1rio.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Ap\u00f3s a inicializa\u00e7\u00e3o bem-sucedida, a replica\u00e7\u00e3o prossegue como de costume e as altera\u00e7\u00f5es de documentos no aplicativo cliente e no Sync Gateway s\u00e3o sincronizadas.\n<ul>\n<li>Se o usu\u00e1rio for exclu\u00eddo durante uma replica\u00e7\u00e3o ativa, a replica\u00e7\u00e3o ser\u00e1 encerrada.<\/li>\n<li>Se as concess\u00f5es de acesso associadas ao usu\u00e1rio tiverem sido alteradas, os documentos que forem afetados pelas concess\u00f5es de acesso atualizadas n\u00e3o ser\u00e3o replicados. Por exemplo, se um usu\u00e1rio perder o acesso a um canal, os documentos desse canal n\u00e3o ser\u00e3o extra\u00eddos.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h3>Fluxo impl\u00edcito usando o ID da sess\u00e3o<\/h3>\n<p>&nbsp;<\/p>\n<p>Nesse fluxo, os clientes do Couchbase Lite incorporam o ID da sess\u00e3o gerado pelo Sync Gateway ap\u00f3s a valida\u00e7\u00e3o bem-sucedida do token de ID como um cookie de sess\u00e3o durante a inicializa\u00e7\u00e3o da replica\u00e7\u00e3o.<\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-bearer-token.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11466\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-bearer-token.png\" alt=\"OpenID Connect Implicit Flow using a bearer token\" width=\"800\" height=\"446\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-bearer-token.png 800w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-bearer-token-300x167.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-bearer-token-768x428.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-bearer-token-20x11.png 20w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-sessionid.png\"><br \/>\n<\/a><\/p>\n<ol>\n<li>Quando um usu\u00e1rio faz login no aplicativo cliente Couchbase Lite, o cliente inicia o fluxo OIDC Implicit com o provedor OIDC para recuperar o token de ID. Isso est\u00e1 de acordo com o padr\u00e3o <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">Procedimentos de fluxo do OIDC descritos no blog b\u00e1sico do OIDC<\/a>.<\/li>\n<li>O aplicativo cliente cria uma sess\u00e3o <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/rest-api-admin.html?ref=blog#\/session\/post__db___session\" target=\"_blank\" rel=\"noopener\">usando o ponto de extremidade REST da sess\u00e3o<\/a>. O token de ID \u00e9 definido como o token do portador no cabe\u00e7alho de autoriza\u00e7\u00e3o HTTP.<\/li>\n<li>O Sync Gateway valida o token de ID localmente. Ap\u00f3s a valida\u00e7\u00e3o bem-sucedida do token, um <code>UserCtx<\/code> \u00e9 criado.\n<ul>\n<li>Os metadados recuperados do URL de descoberta do provedor OIDC durante a inicializa\u00e7\u00e3o s\u00e3o usados para validar o token no \"modo off-line\".<\/li>\n<li>Se esta for a primeira vez que o usu\u00e1rio estiver se autenticando no Sync Gateway e se n\u00e3o existir um usu\u00e1rio correspondente no servidor, o Sync Gateway criar\u00e1 automaticamente um usu\u00e1rio se o <code>registro<\/code> A op\u00e7\u00e3o de configura\u00e7\u00e3o \u00e9 definida como <code>verdadeiro<\/code>.\n<ul>\n<li><strong>Observa\u00e7\u00e3o:<\/strong> O usu\u00e1rio que \u00e9 criado n\u00e3o est\u00e1 associado a nenhuma concess\u00e3o de acesso, como <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/channels.html?ref=blog\" target=\"_blank\" rel=\"noopener\">canais<\/a> ou <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/roles.html?ref=blog\" target=\"_blank\" rel=\"noopener\">fun\u00e7\u00f5es<\/a>. Esse registro autom\u00e1tico funcionaria para usu\u00e1rios p\u00fablicos sem concess\u00f5es de acesso espec\u00edficas do usu\u00e1rio. Discutiremos um fluxo mais adiante neste post que descreve como criar usu\u00e1rios com concess\u00f5es de acesso espec\u00edficas do usu\u00e1rio.<\/li>\n<\/ul>\n<\/li>\n<li>Uma sess\u00e3o \u00e9 criada para o usu\u00e1rio com um tempo limite de sess\u00e3o inativa de 24 horas.\n<ul>\n<li><strong>Observa\u00e7\u00e3o:<\/strong> A expira\u00e7\u00e3o da sess\u00e3o n\u00e3o est\u00e1 relacionada \u00e0 expira\u00e7\u00e3o do token de ID. Mais informa\u00e7\u00f5es sobre expira\u00e7\u00f5es de sess\u00e3o na se\u00e7\u00e3o de perguntas frequentes abaixo.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>O ID da sess\u00e3o \u00e9 retornado ao cliente.<\/li>\n<li>O aplicativo cliente inicia uma replica\u00e7\u00e3o definindo o ID da sess\u00e3o como o cookie da sess\u00e3o usando o <code>SessionAuthenticator<\/code> como <a href=\"https:\/\/docs.couchbase.com\/couchbase-lite\/2.8\/swift\/replication.html?ref=blog#lbl-init-repl\" target=\"_blank\" rel=\"noopener\">discutido nos documentos<\/a>.<\/li>\n<li>O Sync Gateway verifica a validade da sess\u00e3o para determinar se ela foi exclu\u00edda ou expirou.\n<ul>\n<li>Se a sess\u00e3o estiver ativa, ela ser\u00e1 estendida automaticamente para 24 horas se o tempo limite da sess\u00e3o ociosa for de 10%.<\/li>\n<\/ul>\n<\/li>\n<li>Ap\u00f3s a inicializa\u00e7\u00e3o bem-sucedida, a replica\u00e7\u00e3o prossegue como de costume e as altera\u00e7\u00f5es de documentos no aplicativo cliente e no Sync Gateway s\u00e3o sincronizadas.\n<ul>\n<li>Se o usu\u00e1rio for exclu\u00eddo durante uma replica\u00e7\u00e3o ativa, a replica\u00e7\u00e3o ser\u00e1 encerrada.<\/li>\n<li>Se as concess\u00f5es de acesso associadas ao usu\u00e1rio tiverem sido alteradas, os documentos que forem afetados pelas concess\u00f5es de acesso atualizadas n\u00e3o ser\u00e3o replicados. Por exemplo, se um usu\u00e1rio perder o acesso a um canal, os documentos desse canal n\u00e3o ser\u00e3o extra\u00eddos.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h2>Associa\u00e7\u00e3o de concess\u00f5es de acesso a usu\u00e1rios autenticados<\/h2>\n<p>&nbsp;<\/p>\n<p>Gateway de sincroniza\u00e7\u00e3o <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/channels.html?ref=blog\" target=\"_blank\" rel=\"noopener\">canais<\/a> e <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/roles.html?ref=blog\" target=\"_blank\" rel=\"noopener\">fun\u00e7\u00f5es<\/a> s\u00e3o dois elementos-chave do mecanismo de controle de acesso do Sync Gateway. Eles definem o <em>concess\u00f5es de acesso<\/em> associado a um usu\u00e1rio, determinando o conjunto de documentos aos quais o usu\u00e1rio tem acesso de leitura\/grava\u00e7\u00e3o.<\/p>\n<p>H\u00e1 algumas op\u00e7\u00f5es para atribuir concess\u00f5es de acesso a um usu\u00e1rio:<\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li>Atribui\u00e7\u00e3o din\u00e2mica de usu\u00e1rios a canais ou fun\u00e7\u00f5es pela fun\u00e7\u00e3o de sincroniza\u00e7\u00e3o com o <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/sync-function.html?ref=blog#accessusername-channelname\" target=\"_blank\" rel=\"noopener\">acesso()<\/a> ou <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/sync-function.html?ref=blog#roleusername-rolename\" target=\"_blank\" rel=\"noopener\">APIs de role()<\/a> usando um <em>documento de concess\u00e3o de acesso<\/em>. Um documento de concess\u00e3o de acesso especifica os canais ou fun\u00e7\u00f5es aos quais um usu\u00e1rio deve ser atribu\u00eddo.<\/li>\n<li>Atribui\u00e7\u00e3o est\u00e1tica de concess\u00f5es a usu\u00e1rios por meio do administrador <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/rest-api-admin.html?ref=blog#\/user\/put__db___user__name_\" target=\"_blank\" rel=\"noopener\">API REST do usu\u00e1rio<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Como voc\u00ea viu nos fluxos de autentica\u00e7\u00e3o do OIDC anteriores, o Sync Gateway pode ser configurado para criar automaticamente o usu\u00e1rio autenticado no Sync Gateway ap\u00f3s a autentica\u00e7\u00e3o bem-sucedida. No entanto, o usu\u00e1rio criado n\u00e3o est\u00e1 associado a nenhuma concess\u00e3o de acesso. Isso funciona para um usu\u00e1rio p\u00fablico com acesso ao canal p\u00fablico.<\/p>\n<p>Mas e se voc\u00ea quisesse atribuir concess\u00f5es de acesso espec\u00edficas ao usu\u00e1rio?<\/p>\n<p>Normalmente, essa tarefa \u00e9 realizada por meio de um servidor de aplicativos back-end que seria respons\u00e1vel pela cria\u00e7\u00e3o ou atualiza\u00e7\u00e3o do usu\u00e1rio. O Sync Gateway \u00e9 respons\u00e1vel apenas pela autentica\u00e7\u00e3o OIDC.<\/p>\n<p>Aqui est\u00e1 um fluxo t\u00edpico:<\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/associating-access-grants-to-authenticated-users.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11465\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/associating-access-grants-to-authenticated-users.png\" alt=\"Associating access grants to authenticated users in Couchbase Sync Gateway\" width=\"800\" height=\"435\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/associating-access-grants-to-authenticated-users.png 800w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/associating-access-grants-to-authenticated-users-300x163.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/associating-access-grants-to-authenticated-users-768x418.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/associating-access-grants-to-authenticated-users-20x11.png 20w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<ol>\n<li>Um processo de backend ou servidor de aplicativos \u00e9 respons\u00e1vel pelo registro de usu\u00e1rios no provedor OIDC.<\/li>\n<li>Ap\u00f3s o registro, o servidor de aplicativos cria o usu\u00e1rio correspondente no Sync Gateway por meio do <code>_usu\u00e1rio<\/code> REST API ou adicionando um documento de concess\u00e3o de acesso adequado.<\/li>\n<li>Na pr\u00f3xima vez que o usu\u00e1rio fizer login no aplicativo, a autentica\u00e7\u00e3o OIDC continuar\u00e1 usando os procedimentos de fluxo impl\u00edcito descritos anteriormente.<\/li>\n<li>Independentemente do tipo de fluxo OIDC, depois que o token de ID \u00e9 validado, o Sync Gateway n\u00e3o cria um usu\u00e1rio porque ele j\u00e1 existe.<\/li>\n<li>A replica\u00e7\u00e3o prossegue normalmente usando o usu\u00e1rio autenticado.<\/li>\n<li>Se um usu\u00e1rio for atualizado no provedor OIDC, o servidor de aplicativos atualizar\u00e1 o usu\u00e1rio correspondente no Sync Gateway por meio do <code>_usu\u00e1rio<\/code> REST API ou atualizando o documento de concess\u00e3o de acesso.\n<ul>\n<li>Se um usu\u00e1rio for exclu\u00eddo durante uma replica\u00e7\u00e3o ativa, a replica\u00e7\u00e3o ser\u00e1 encerrada.<\/li>\n<li>Se as concess\u00f5es de acesso associadas ao usu\u00e1rio tiverem sido alteradas, os documentos que forem afetados pelas concess\u00f5es de acesso atualizadas n\u00e3o ser\u00e3o replicados. Por exemplo, se um usu\u00e1rio perder o acesso a um canal, os documentos desse canal n\u00e3o ser\u00e3o extra\u00eddos.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h2>Perguntas frequentes (FAQ)<\/h2>\n<p>&nbsp;<\/p>\n<p><em>Como a expira\u00e7\u00e3o do token de ID \u00e9 tratada com a replica\u00e7\u00e3o?<\/em><\/p>\n<p>A valida\u00e7\u00e3o do token de ID \u00e9 feita no momento da autentica\u00e7\u00e3o, quando uma replica\u00e7\u00e3o \u00e9 iniciada. Um token que expira durante uma replica\u00e7\u00e3o ativa n\u00e3o afetar\u00e1 a replica\u00e7\u00e3o em andamento. No entanto, se o usu\u00e1rio associado \u00e0 replica\u00e7\u00e3o for exclu\u00eddo, a replica\u00e7\u00e3o ser\u00e1 encerrada. Da mesma forma, se houver altera\u00e7\u00f5es nas concess\u00f5es de acesso associadas ao usu\u00e1rio, elas entrar\u00e3o em vigor imediatamente na replica\u00e7\u00e3o em andamento.<\/p>\n<p><em>A expira\u00e7\u00e3o da sess\u00e3o encerraria uma replica\u00e7\u00e3o cont\u00ednua?<\/em><\/p>\n<p>N\u00e3o. A valida\u00e7\u00e3o da sess\u00e3o \u00e9 feita no momento da autentica\u00e7\u00e3o, quando uma replica\u00e7\u00e3o \u00e9 iniciada. Se uma sess\u00e3o expirar durante uma replica\u00e7\u00e3o ativa, isso n\u00e3o afetar\u00e1 a replica\u00e7\u00e3o em andamento. No entanto, se o usu\u00e1rio associado \u00e0 replica\u00e7\u00e3o for exclu\u00eddo, a replica\u00e7\u00e3o ser\u00e1 encerrada. Da mesma forma, se houver altera\u00e7\u00f5es nas concess\u00f5es de acesso associadas ao usu\u00e1rio, elas entrar\u00e3o em vigor imediatamente na replica\u00e7\u00e3o em andamento.<\/p>\n<p><em>A exclus\u00e3o das sess\u00f5es antes de sua expira\u00e7\u00e3o encerraria a replica\u00e7\u00e3o?<\/em><\/p>\n<p>N\u00e3o. A valida\u00e7\u00e3o da sess\u00e3o \u00e9 feita somente no momento da autentica\u00e7\u00e3o, quando uma replica\u00e7\u00e3o \u00e9 iniciada. Portanto, se uma sess\u00e3o expirar durante uma replica\u00e7\u00e3o ativa, isso n\u00e3o afetar\u00e1 a replica\u00e7\u00e3o em andamento. No entanto, se o usu\u00e1rio associado \u00e0 replica\u00e7\u00e3o for exclu\u00eddo, a replica\u00e7\u00e3o ser\u00e1 encerrada. Da mesma forma, se houver altera\u00e7\u00f5es nas concess\u00f5es de acesso associadas ao usu\u00e1rio, elas entrar\u00e3o em vigor imediatamente na replica\u00e7\u00e3o em andamento.<\/p>\n<p><em>\u00c9 poss\u00edvel usar declara\u00e7\u00f5es JWT para atribuir concess\u00f5es de canal?<\/em><\/p>\n<p>Isso n\u00e3o \u00e9 poss\u00edvel no momento.<\/p>\n<p><em>Quais provedores de OIDC voc\u00eas apoiam?<\/em><\/p>\n<p>Apoiamos qualquer provedor que esteja em conformidade com <a href=\"https:\/\/openid.net\/connect\/\" target=\"_blank\" rel=\"noopener\">OIDC<\/a> e <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7519\" target=\"_blank\" rel=\"noopener\">Token da web JSON (JWT)<\/a> padr\u00f5es.<\/p>\n<h2>Mais recursos<\/h2>\n<p>&nbsp;<\/p>\n<p>Nesta postagem, descrevemos o suporte \u00e0 autentica\u00e7\u00e3o do OpenID Connect (OIDC) no Couchbase Sync Gateway. Em uma pr\u00f3xima publica\u00e7\u00e3o, discutiremos a implementa\u00e7\u00e3o do fluxo de c\u00f3digo de autoriza\u00e7\u00e3o com o Sync Gateway.<\/p>\n<p>Aqui est\u00e3o alguns recursos adicionais:<\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li><a href=\"https:\/\/docs.couchbase.com\/tutorials\/openid-connect-implicit-flow\/index.html?ref=blog\" target=\"_blank\" rel=\"noopener\">Tutorial: Autentica\u00e7\u00e3o OIDC usando o provedor KeyCloak OIDC com Sync Gateway<\/a><\/li>\n<li><a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/configuration-properties.html?ref=blog#databases-this_db-oidc\" target=\"_blank\" rel=\"noopener\">Configura\u00e7\u00e3o do Sync Gateway OIDC<\/a><\/li>\n<li><a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/authentication-users.html?ref=blog\" target=\"_blank\" rel=\"noopener\">Documenta\u00e7\u00e3o: Autentica\u00e7\u00e3o de cliente do Sync Gateway<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Se voc\u00ea tiver d\u00favidas ou coment\u00e1rios, deixe um coment\u00e1rio abaixo ou envie um e-mail para <a href=\"mailto:priya.rajagopal@couchbase.com\">priya.rajagopal@couchbase.com<\/a>. O <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/forums\/?ref=blog\" target=\"_blank\" rel=\"noopener\">F\u00f3runs do Couchbase<\/a> s\u00e3o outro bom lugar para entrar em contato com perguntas.<\/p>\n<p>&nbsp;<\/p>\n<p><em>Fique por dentro das demais postagens desta s\u00e9rie sobre autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o:<\/em><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">Fundamentos do OAuth 2.0 e do OIDC para autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o [Parte 1]<\/a><\/li>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/?ref=blog\" target=\"_blank\" rel=\"noopener\">Fluxo impl\u00edcito de OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 2]<\/a><\/li>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/?ref=blog\" target=\"_blank\" rel=\"noopener\">Fluxo de c\u00f3digo de autoriza\u00e7\u00e3o OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 3]<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>","protected":false},"excerpt":{"rendered":"<p>O OpenID Connect (OIDC) \u00e9 um mecanismo popular de autentica\u00e7\u00e3o de cliente suportado pelo Couchbase Sync Gateway. Nesse contexto, os clientes podem ser clientes do Couchbase Lite que sincronizam dados com o Sync Gateway pela Internet usando o protocolo de replica\u00e7\u00e3o baseado em websockets ou podem [...]<\/p>","protected":false},"author":1423,"featured_media":11464,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,7667,1810,9409,2366],"tags":[9266,9267,9250,1261,9234,1713,1909],"ppma_author":[8948],"class_list":["post-11463","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-lite","category-couchbase-mobile","category-swift","category-sync-gateway","tag-authorization-code-flow","tag-client-authentication","tag-implicit-flow","tag-json","tag-oidc","tag-openid-connect","tag-swift"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.0 (Yoast SEO v26.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]<\/title>\n<meta name=\"description\" content=\"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]\" \/>\n<meta property=\"og:description\" content=\"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-29T10:47:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T03:08:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Priya Rajagopal, Senior Director, Product Management\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@rajagp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Priya Rajagopal, Senior Director, Product Management\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/\"},\"author\":{\"name\":\"Priya Rajagopal, Senior Director, Product Management\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c\"},\"headline\":\"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]\",\"datePublished\":\"2021-06-29T10:47:44+00:00\",\"dateModified\":\"2025-06-14T03:08:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/\"},\"wordCount\":1914,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\",\"keywords\":[\"Authorization Code Flow\",\"Client Authentication\",\"Implicit Flow\",\"JSON\",\"OIDC\",\"OpenID Connect\",\"swift\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Lite\",\"Couchbase Mobile\",\"Swift\",\"Sync Gateway\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/\",\"name\":\"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\",\"datePublished\":\"2021-06-29T10:47:44+00:00\",\"dateModified\":\"2025-06-14T03:08:46+00:00\",\"description\":\"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\",\"width\":1200,\"height\":628,\"caption\":\"Learn how OIDC implicit flow-based client authentication works within Sync Gateway replication\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c\",\"name\":\"Priya Rajagopal, Senior Director, Product Management\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/4b50a54778b979d8c345b036ab138734\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g\",\"caption\":\"Priya Rajagopal, Senior Director, Product Management\"},\"description\":\"Priya Rajagopal is a Senior Director of Product Management at Couchbase responsible for developer platforms for the cloud and the edge. She has been professionally developing software for over 20 years in several technical and product leadership positions, with 10+ years focused on mobile technologies. As a TISPAN IPTV standards delegate, she was a key contributor to the IPTV standards specifications. She has 22 patents in the areas of networking and platform security.\",\"sameAs\":[\"https:\/\/x.com\/rajagp\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/pt\/author\/priya-rajagopalcouchbase-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Fluxo impl\u00edcito do OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 2 de 3]","description":"Descubra como criar e entender a autentica\u00e7\u00e3o de cliente baseada em fluxo impl\u00edcito do OpenID Connect (OIDC) no contexto da replica\u00e7\u00e3o do Couchbase Sync Gateway.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/pt\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","og_locale":"pt_BR","og_type":"article","og_title":"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]","og_description":"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.","og_url":"https:\/\/www.couchbase.com\/blog\/pt\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","og_site_name":"The Couchbase Blog","article_published_time":"2021-06-29T10:47:44+00:00","article_modified_time":"2025-06-14T03:08:46+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","type":"image\/jpeg"}],"author":"Priya Rajagopal, Senior Director, Product Management","twitter_card":"summary_large_image","twitter_creator":"@rajagp","twitter_misc":{"Written by":"Priya Rajagopal, Senior Director, Product Management","Est. reading time":"9 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/"},"author":{"name":"Priya Rajagopal, Senior Director, Product Management","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c"},"headline":"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]","datePublished":"2021-06-29T10:47:44+00:00","dateModified":"2025-06-14T03:08:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/"},"wordCount":1914,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","keywords":["Authorization Code Flow","Client Authentication","Implicit Flow","JSON","OIDC","OpenID Connect","swift"],"articleSection":["Best Practices and Tutorials","Couchbase Lite","Couchbase Mobile","Swift","Sync Gateway"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","url":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","name":"Fluxo impl\u00edcito do OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 2 de 3]","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","datePublished":"2021-06-29T10:47:44+00:00","dateModified":"2025-06-14T03:08:46+00:00","description":"Descubra como criar e entender a autentica\u00e7\u00e3o de cliente baseada em fluxo impl\u00edcito do OpenID Connect (OIDC) no contexto da replica\u00e7\u00e3o do Couchbase Sync Gateway.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","width":1200,"height":628,"caption":"Learn how OIDC implicit flow-based client authentication works within Sync Gateway replication"},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"Blog do Couchbase","description":"Couchbase, o banco de dados NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"Blog do Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c","name":"Priya Rajagopal, Diretora S\u00eanior, Gerenciamento de Produtos","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/4b50a54778b979d8c345b036ab138734","url":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g","caption":"Priya Rajagopal, Senior Director, Product Management"},"description":"Priya Rajagopal \u00e9 diretora s\u00eanior de gerenciamento de produtos da Couchbase, respons\u00e1vel pelas plataformas de desenvolvedor para a nuvem e a borda. Ela desenvolve software profissionalmente h\u00e1 mais de 20 anos em v\u00e1rios cargos t\u00e9cnicos e de lideran\u00e7a de produtos, com mais de 10 anos de foco em tecnologias m\u00f3veis. Como delegada de padr\u00f5es de IPTV da TISPAN, ela foi uma das principais colaboradoras das especifica\u00e7\u00f5es de padr\u00f5es de IPTV. Ela tem 22 patentes nas \u00e1reas de rede e seguran\u00e7a de plataforma.","sameAs":["https:\/\/x.com\/rajagp"],"url":"https:\/\/www.couchbase.com\/blog\/pt\/author\/priya-rajagopalcouchbase-com\/"}]}},"authors":[{"term_id":8948,"user_id":1423,"is_guest":0,"slug":"priya-rajagopalcouchbase-com","display_name":"Priya Rajagopal, Senior Director, Product Management","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g","author_category":"","last_name":"Rajagopal, Senior Director, Product Management","first_name":"Priya","job_title":"","user_url":"","description":"Priya Rajagopal \u00e9 diretora s\u00eanior de gerenciamento de produtos da Couchbase, respons\u00e1vel pelas plataformas de desenvolvedor para a nuvem e a borda. Ela desenvolve software profissionalmente h\u00e1 mais de 20 anos em v\u00e1rios cargos t\u00e9cnicos e de lideran\u00e7a de produtos, com mais de 10 anos de foco em tecnologias m\u00f3veis. Como delegada de padr\u00f5es de IPTV da TISPAN, ela foi uma das principais colaboradoras das especifica\u00e7\u00f5es de padr\u00f5es de IPTV. Ela tem 22 patentes nas \u00e1reas de rede e seguran\u00e7a de plataforma."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/11463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/users\/1423"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/comments?post=11463"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/11463\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media\/11464"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media?parent=11463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/categories?post=11463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/tags?post=11463"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/ppma_author?post=11463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}