{"id":11496,"date":"2021-07-06T02:59:06","date_gmt":"2021-07-06T09:59:06","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=11496"},"modified":"2025-06-13T23:14:56","modified_gmt":"2025-06-14T06:14:56","slug":"oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/pt\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/","title":{"rendered":"Fluxo de c\u00f3digo de autoriza\u00e7\u00e3o OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 3 de 3]"},"content":{"rendered":"<p><strong>O Couchbase Sync Gateway oferece suporte a<\/strong> <a href=\"https:\/\/openid.net\/connect\/\" rel=\"noopener\" target=\"_blank\">Autentica\u00e7\u00e3o de cliente baseada em OpenID Connect ou OIDC<\/a>. <\/p>\n<p>Nesse contexto, <em>clientes<\/em> podem ser clientes do Couchbase Lite que sincronizam dados com o Sync Gateway pela Internet usando <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/sync-using-app.html?ref=blog\" rel=\"noopener\" target=\"_blank\">o protocolo de replica\u00e7\u00e3o baseado em websockets<\/a> ou podem ser front-end da Web ou aplicativos m\u00f3veis que acessam o Sync Gateway por meio do <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/sync-using-app.html?ref=blog\" rel=\"noopener\" target=\"_blank\">Ponto de extremidade REST p\u00fablico<\/a>.<\/p>\n<p>Na primeira postagem do blog desta s\u00e9rie, discutimos <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" rel=\"noopener\" target=\"_blank\">os fundamentos dos fluxos de autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o do OIDC e do OAuth2<\/a> E na postagem do blog da semana passada, aprendemos mais detalhadamente sobre <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Autentica\u00e7\u00e3o de cliente Sync Gateway baseada em fluxo impl\u00edcito OIDC<\/a>.<\/p>\n<p>Nesta postagem, apresentarei a voc\u00ea <a href=\"https:\/\/openid.net\/specs\/openid-connect-core-1_0.html#CodeFlowAuth\" rel=\"noopener\" target=\"_blank\">C\u00f3digo de autoriza\u00e7\u00e3o OIDC baseado em fluxo<\/a> autentica\u00e7\u00e3o de cliente no contexto da replica\u00e7\u00e3o do Couchbase Sync Gateway. <\/p>\n<p>Esta postagem pressup\u00f5e familiaridade com os fluxos OIDC e OAuth2 para autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o. Se voc\u00ea n\u00e3o estiver familiarizado com os fluxos ou precisar de uma atualiza\u00e7\u00e3o, consulte as postagens anteriores do blog relacionadas acima.<\/p>\n<h2>Configura\u00e7\u00e3o do OIDC do gateway de sincroniza\u00e7\u00e3o do Couchbase<\/h2>\n<p>O <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/products\/sync-gateway\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Gateway de sincroniza\u00e7\u00e3o do Couchbase<\/a> deve ser configurado para autentica\u00e7\u00e3o OIDC <em>por banco de dados<\/em>.<\/p>\n<p>Abaixo est\u00e1 uma configura\u00e7\u00e3o b\u00e1sica do OIDC para o C\u00f3digo de Autoriza\u00e7\u00e3o. Consulte a documenta\u00e7\u00e3o oficial do Couchbase para obter informa\u00e7\u00f5es sobre <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/configuration-properties.html?ref=blog#databases-this_db-oidc\" rel=\"noopener\" target=\"_blank\">uma listagem completa de todas as op\u00e7\u00f5es de configura\u00e7\u00e3o do OIDC<\/a>.<\/p>\n<pre>\r\n\"oidc\": {\r\n          \"default_provider\":\"google\",\r\n          \"providers\": {\r\n            \"google\": {\r\n                \"issuer\":\"https:\/\/accounts.google.com\",\r\n                \"client_id\":\"YOUR_CLIENT_ID\",\r\n                \"validation_key\":\"YOUR_CLIENT_SECRET\",\r\n                \"callback_url\":\"https:\/\/SYNC_GATEWAY_ADDRESS:4984\/default\/_oidc_callback\",\r\n                \"register\":true,\r\n                \"username_claim\":\"email\",\r\n                \"disable_session\":false\r\n            }\r\n          }\r\n        }\r\n<\/pre>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<ul>\n<ul>\n<li><code>emissor<\/code> \u00e9 o URL de autentica\u00e7\u00e3o correspondente ao provedor de identidade OIDC<\/li>\n<li><code>id_cliente<\/code> \u00e9 gerado como parte do processo de registro do aplicativo com o provedor OIDC. O cliente aqui se refere ao <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/products\/lite\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Couchbase Lite<\/a> aplicativo ou aplicativo Web. Observe que o <code>id_cliente<\/code> n\u00e3o corresponde ao usu\u00e1rio final do aplicativo, que \u00e9 tecnicamente o propriet\u00e1rio do recurso.<\/li>\n<li><code>chave_de_valida\u00e7\u00e3o<\/code> corresponde ao <code>segredo_do_cliente<\/code> e deve ser gerado como parte do processo de registro do aplicativo com o provedor de OIDC.<\/li>\n<li><code>callback_url<\/code> \u00e9 a URL a ser redirecionada para o Sync Gateway depois que o cliente obtiver o token de identidade (token de ID).<\/li>\n<li><code>registro<\/code> se definido como <code>verdadeiro<\/code>O usu\u00e1rio ser\u00e1 criado automaticamente no Sync Gateway ap\u00f3s a valida\u00e7\u00e3o bem-sucedida do token de ID.<\/li>\n<li><code>nome de usu\u00e1rio_reclama\u00e7\u00e3o<\/code> corresponde \u00e0 reivindica\u00e7\u00e3o JWT a ser usada como o nome de usu\u00e1rio do Sync Gateway. Por padr\u00e3o, o nome de usu\u00e1rio do Sync Gateway assumiria o formato <code>emissor+sujeito<\/code> onde <code>emissor<\/code> refere-se ao nome de usu\u00e1rio <code>prefixo<\/code>. O valor do prefixo tem como padr\u00e3o a reivindica\u00e7\u00e3o do emissor e pode ser configurado para usar um valor de reivindica\u00e7\u00e3o diferente por meio do <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/configuration-properties.html?ref=blog#databases-this_db-oidc-providers-this_provider-user_prefix\" rel=\"noopener\" target=\"_blank\"><code>prefixo_do_usu\u00e1rio<\/code><\/a> op\u00e7\u00e3o de configura\u00e7\u00e3o.<\/li>\n<li><code>desativar_sess\u00e3o<\/code>se definido como <code>verdadeiro<\/code>pode ser usado para substituir a cria\u00e7\u00e3o autom\u00e1tica de sess\u00e3o pelo Sync Gateway ap\u00f3s a autentica\u00e7\u00e3o bem-sucedida.<\/li>\n<\/ul>\n<\/ul>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<h2>Descoberta de OIDC do gateway de sincroniza\u00e7\u00e3o do Couchbase<\/h2>\n<p>Na inicializa\u00e7\u00e3o, o Sync Gateway se conecta a <a href=\"https:\/\/openid.net\/specs\/openid-connect-discovery-1_0.html#IssuerDiscovery\" rel=\"noopener\" target=\"_blank\">o ponto de extremidade de descoberta associado ao provedor\/emissor de OIDC configurado<\/a> para buscar metadados relevantes do provedor. O <a href=\"https:\/\/openid.net\/specs\/openid-connect-discovery-1_0.html#ProviderConfigurationResponse\" rel=\"noopener\" target=\"_blank\">Os metadados incluem informa\u00e7\u00f5es relevantes necess\u00e1rias para a valida\u00e7\u00e3o do token<\/a> como chaves p\u00fablicas do emissor, algoritmos de criptografia compat\u00edveis usados para codificar as reivindica\u00e7\u00f5es no token de ID etc.<\/p>\n<p>O ponto de extremidade de descoberta corresponde a um URL de descoberta bem conhecido associado ao emissor. Se necess\u00e1rio, voc\u00ea pode substituir a URL por meio de <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/configuration-properties.html?ref=blog#databases-this_db-oidc-providers-this_provider-discovery_url\" rel=\"noopener\" target=\"_blank\">Op\u00e7\u00e3o de configura\u00e7\u00e3o discovery_url do Sync Gateway<\/a>.<\/p>\n<h2>Fluxo do c\u00f3digo de autoriza\u00e7\u00e3o OIDC para autentica\u00e7\u00e3o de cliente<\/h2>\n<p>Esse fluxo \u00e9 baseado no fluxo de c\u00f3digo de autoriza\u00e7\u00e3o OIDC padr\u00e3o discutido em <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" rel=\"noopener\" target=\"_blank\">O blog b\u00e1sico do OIDC (parte um da s\u00e9rie)<\/a>. <\/p>\n<h3>Autentica\u00e7\u00e3o<\/h3>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/07\/user-authentication-oidc-couchbase-sync-gateway.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/07\/user-authentication-oidc-couchbase-sync-gateway.png\" alt=\"An example of user authentication using OIDC and Couchbase Sync Gateway\" width=\"800\" height=\"449\" class=\"aligncenter size-full wp-image-11498\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-authentication-oidc-couchbase-sync-gateway.png 800w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-authentication-oidc-couchbase-sync-gateway-300x168.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-authentication-oidc-couchbase-sync-gateway-768x431.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-authentication-oidc-couchbase-sync-gateway-20x11.png 20w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<ol>\n<li>Quando um usu\u00e1rio faz login no aplicativo cliente Couchbase Lite, o cliente invoca a fun\u00e7\u00e3o <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/rest-api-admin.html?ref=blog#\/auth\/get__db___oidc\" rel=\"noopener\" target=\"_blank\">Ponto de extremidade REST do _oidc<\/a> no Sync Gateway para iniciar o fluxo do c\u00f3digo de autentica\u00e7\u00e3o OIDC.<\/li>\n<li>O Sync Gateway redireciona o aplicativo cliente para o URL do provedor OIDC.<\/li>\n<li>O cliente inicia o fluxo do c\u00f3digo de autoriza\u00e7\u00e3o com o provedor do OIDC para recuperar o c\u00f3digo de autoriza\u00e7\u00e3o. Isso est\u00e1 de acordo com os procedimentos de fluxo padr\u00e3o do OIDC descritos em <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" rel=\"noopener\" target=\"_blank\">O blog b\u00e1sico do OIDC<\/a>.<\/li>\n<li>O cliente \u00e9 redirecionado para o Sync Gateway com o c\u00f3digo de autoriza\u00e7\u00e3o. O URL de redirecionamento corresponde a <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/rest-api-admin.html?ref=blog#\/auth\/get__db___oidc_callback\" rel=\"noopener\" target=\"_blank\">o ponto de extremidade REST de retorno de chamada do OIDC<\/a>.<\/li>\n<li>O aplicativo cliente invoca o endpoint REST de retorno de chamada do OIDC com o c\u00f3digo de autoriza\u00e7\u00e3o.<\/li>\n<li>O Sync Gateway troca o c\u00f3digo do token de ID, do token de atualiza\u00e7\u00e3o e do token de acesso enviando uma solicita\u00e7\u00e3o adequada ao provedor do OIDC. A solicita\u00e7\u00e3o inclui o <code>id_cliente<\/code> e <code>segredo_do_cliente<\/code> que foram configurados no Sync Gateway. Isso permite que o provedor de OIDC valide que somente clientes confi\u00e1veis podem recuperar os tokens.<\/li>\n<li>O Sync Gateway valida o token de ID localmente. Ap\u00f3s a valida\u00e7\u00e3o bem-sucedida do token, um <code>UserCtx<\/code> \u00e9 criado.\n<ul>\n<li>Os metadados recuperados do URL de descoberta do provedor OIDC durante a inicializa\u00e7\u00e3o s\u00e3o usados para validar o token no \"modo off-line\".<\/li>\n<li>Se esta for a primeira vez que o usu\u00e1rio estiver se autenticando no Sync Gateway e se n\u00e3o existir um usu\u00e1rio correspondente no servidor, o Sync Gateway criar\u00e1 automaticamente um usu\u00e1rio se o <code>registro<\/code> A op\u00e7\u00e3o de configura\u00e7\u00e3o \u00e9 definida como <code>verdadeiro<\/code>.\n<ul>\n<li><strong>Observa\u00e7\u00e3o:<\/strong> O usu\u00e1rio que \u00e9 criado n\u00e3o est\u00e1 associado a nenhuma concess\u00e3o de acesso, como <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/channels.html?ref=blog\" rel=\"noopener\" target=\"_blank\">canais<\/a> ou <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/roles.html?ref=blog\" rel=\"noopener\" target=\"_blank\">fun\u00e7\u00f5es<\/a>Portanto, esse registro autom\u00e1tico funcionaria para usu\u00e1rios p\u00fablicos sem concess\u00f5es de acesso espec\u00edficas do usu\u00e1rio. Discutiremos um fluxo mais adiante neste post que descreve como criar usu\u00e1rios com concess\u00f5es de acesso espec\u00edficas do usu\u00e1rio.<\/li>\n<\/ul>\n<\/li>\n<li>Uma sess\u00e3o \u00e9 criada para o usu\u00e1rio com um tempo limite de sess\u00e3o inativa de 24 horas. A sess\u00e3o \u00e9 criada <strong>SOMENTE SE<\/strong> o <code>desativar_sess\u00e3o<\/code> \u00e9 definido como falso.<\/li>\n<\/ul>\n<\/li>\n<li>O ID da sess\u00e3o e os tokens de atualiza\u00e7\u00e3o s\u00e3o enviados de volta ao aplicativo cliente.<\/li>\n<li>O aplicativo cliente inicia uma replica\u00e7\u00e3o ao <a href=\"https:\/\/docs.couchbase.com\/couchbase-lite\/2.8\/swift\/replication.html?ref=blog#lbl-init-repl\" rel=\"noopener\" target=\"_blank\">definindo o ID da sess\u00e3o como o cookie da sess\u00e3o usando o <code>SessionAuthenticator<\/code><\/a>.<\/li>\n<li>O Sync Gateway verifica a validade da sess\u00e3o para determinar se ela foi exclu\u00edda ou expirou.\n<ul>\n<li>Se a sess\u00e3o estiver ativa, ela ser\u00e1 estendida automaticamente para 24 horas se o tempo limite da sess\u00e3o ociosa for de 10%.<\/li>\n<\/ul>\n<\/li>\n<li>Ap\u00f3s a inicializa\u00e7\u00e3o bem-sucedida, a replica\u00e7\u00e3o prossegue como de costume e as altera\u00e7\u00f5es de documentos no aplicativo cliente e no Sync Gateway s\u00e3o sincronizadas.\n<ul>\n<li>Se o usu\u00e1rio for exclu\u00eddo durante uma replica\u00e7\u00e3o ativa, a replica\u00e7\u00e3o ser\u00e1 encerrada.<\/li>\n<li>Se as concess\u00f5es de acesso associadas ao usu\u00e1rio tiverem sido alteradas, os documentos que forem afetados pelas concess\u00f5es de acesso atualizadas n\u00e3o ser\u00e3o replicados. Assim, por exemplo, se um usu\u00e1rio perder o acesso a um canal, os documentos desse canal n\u00e3o ser\u00e3o extra\u00eddos.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<h3>Atualiza\u00e7\u00e3o de token<\/h3>\n<p>Uma das vantagens do fluxo do c\u00f3digo de autoriza\u00e7\u00e3o \u00e9 que, al\u00e9m do token de ID, um token de atualiza\u00e7\u00e3o tamb\u00e9m \u00e9 retornado ao aplicativo cliente. O aplicativo cliente pode usar o token de atualiza\u00e7\u00e3o para solicitar automaticamente um novo c\u00f3digo de autoriza\u00e7\u00e3o sem exigir que o usu\u00e1rio final se autentique novamente com suas credenciais de login.<\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/07\/user-token-refresh-openid-connect-authorization-couchbase.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/07\/user-token-refresh-openid-connect-authorization-couchbase.png\" alt=\"An example of user token refresh using OpenID Connect authorization and Couchbase\" width=\"800\" height=\"447\" class=\"aligncenter size-full wp-image-11500\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-token-refresh-openid-connect-authorization-couchbase.png 800w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-token-refresh-openid-connect-authorization-couchbase-300x168.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-token-refresh-openid-connect-authorization-couchbase-768x429.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-token-refresh-openid-connect-authorization-couchbase-20x11.png 20w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<ol>\n<li>Quando o aplicativo cliente deseja atualizar o token, ele faz uma solicita\u00e7\u00e3o ao endpoint REST de atualiza\u00e7\u00e3o do OIDC com o token de atualiza\u00e7\u00e3o.<\/li>\n<li>O Sync Gateway troca o token de atualiza\u00e7\u00e3o pelo token de ID e pelo token de acesso atualizados, enviando uma solicita\u00e7\u00e3o adequada ao provedor de OIDC. A solicita\u00e7\u00e3o inclui o <code>id_cliente<\/code> e <code>segredo_do_cliente<\/code> que foram configurados no Sync Gateway. Isso permite que o provedor OIDC valide que somente clientes confi\u00e1veis podem recuperar os tokens.<\/li>\n<li>O Sync Gateway valida o token de ID localmente. Ap\u00f3s a valida\u00e7\u00e3o bem-sucedida do token, um <code>UserCtx<\/code> \u00e9 criado.\n<ul>\n<li>Os metadados recuperados do URL de descoberta do provedor OIDC durante a inicializa\u00e7\u00e3o s\u00e3o usados para validar o token no \"modo off-line\".\n<li>Uma nova sess\u00e3o \u00e9 criada para o usu\u00e1rio com um tempo limite de sess\u00e3o inativa de 24 horas. A sess\u00e3o \u00e9 criada <strong>SOMENTE SE<\/strong> o <code>desativar_sess\u00e3o<\/code> \u00e9 definido como falso.\n<\/ul>\n<\/li>\n<li>O ID da sess\u00e3o e os tokens de ID s\u00e3o enviados de volta ao aplicativo cliente.<\/li>\n<li>O aplicativo cliente inicia uma replica\u00e7\u00e3o usando o ID da sess\u00e3o como o cookie da sess\u00e3o, seguindo as mesmas etapas do fluxo anterior.<\/li>\n<\/ol>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<h2>Associa\u00e7\u00e3o de concess\u00f5es de acesso a usu\u00e1rios autenticados<\/h2>\n<p>Gateway de sincroniza\u00e7\u00e3o <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/channels.html?ref=blog\" rel=\"noopener\" target=\"_blank\">canais<\/a> e <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/roles.html\" rel=\"noopener\" target=\"_blank\">fun\u00e7\u00f5es<\/a> s\u00e3o dois elementos-chave do mecanismo de controle de acesso do Sync Gateway. Eles definem o <em>concess\u00f5es de acesso<\/em> associado a um usu\u00e1rio, determinando o conjunto de documentos aos quais o usu\u00e1rio tem acesso de leitura e grava\u00e7\u00e3o.<\/p>\n<p>H\u00e1 algumas op\u00e7\u00f5es para atribuir concess\u00f5es de acesso a um usu\u00e1rio:<\/p>\n<ul>\n<ul>\n<li>Atribui\u00e7\u00e3o din\u00e2mica de usu\u00e1rios a canais ou fun\u00e7\u00f5es pela fun\u00e7\u00e3o de sincroniza\u00e7\u00e3o com o <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/sync-function.html?ref=blog#accessusername-channelname\" rel=\"noopener\" target=\"_blank\">acesso()<\/a> ou <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/sync-function.html?ref=blog#roleusername-rolename\" rel=\"noopener\" target=\"_blank\">fun\u00e7\u00e3o()<\/a> APIs usando um <em>documento de concess\u00e3o de acesso<\/em> que especifica os canais ou fun\u00e7\u00f5es aos quais um usu\u00e1rio deve ser atribu\u00eddo.<\/li>\n<li>Atribui\u00e7\u00e3o est\u00e1tica de concess\u00f5es a usu\u00e1rios por meio do administrador <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/rest-api-admin.html?ref=blog#\/user\/put__db___user__name_\" rel=\"noopener\" target=\"_blank\">API REST do usu\u00e1rio<\/a>.<\/li>\n<\/ul>\n<\/ul>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<p>Como voc\u00ea viu nos fluxos anteriores, o Couchbase Sync Gateway pode ser configurado para criar automaticamente o usu\u00e1rio autenticado no Sync Gateway ap\u00f3s a autentica\u00e7\u00e3o bem-sucedida. No entanto, o usu\u00e1rio criado n\u00e3o est\u00e1 associado a nenhuma concess\u00e3o de acesso. Isso funciona para um usu\u00e1rio p\u00fablico com acesso ao canal p\u00fablico.<\/p>\n<p>Mas e se voc\u00ea quisesse atribuir concess\u00f5es de acesso espec\u00edficas ao usu\u00e1rio? Normalmente, essa tarefa \u00e9 realizada por meio de um servidor de aplicativos back-end que seria respons\u00e1vel pela cria\u00e7\u00e3o ou atualiza\u00e7\u00e3o do usu\u00e1rio. O Sync Gateway \u00e9 respons\u00e1vel apenas pela autentica\u00e7\u00e3o OIDC.<\/p>\n<p>Aqui est\u00e1 um fluxo t\u00edpico:<\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/07\/user-specific-access-grants-oidc-authorization-couchbase-sync-gateway.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/07\/user-specific-access-grants-oidc-authorization-couchbase-sync-gateway.png\" alt=\"User-specific access grants using OIDC authorization and Couchbase Sync Gateway\" width=\"800\" height=\"435\" class=\"aligncenter size-full wp-image-11499\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-specific-access-grants-oidc-authorization-couchbase-sync-gateway.png 800w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-specific-access-grants-oidc-authorization-couchbase-sync-gateway-300x163.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-specific-access-grants-oidc-authorization-couchbase-sync-gateway-768x418.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/user-specific-access-grants-oidc-authorization-couchbase-sync-gateway-20x11.png 20w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<ol>\n<li>Um processo de backend ou servidor de aplicativos \u00e9 respons\u00e1vel pelo registro de usu\u00e1rios no provedor OIDC.<\/li>\n<li>Ap\u00f3s o registro, o servidor de aplicativos cria um usu\u00e1rio correspondente no Sync Gateway por meio do <code>API REST do usu\u00e1rio<\/code> ou adicionando um documento de concess\u00e3o de acesso adequado.<\/li>\n<li>Na pr\u00f3xima vez que o usu\u00e1rio fizer login no aplicativo, a autentica\u00e7\u00e3o OIDC continuar\u00e1 usando os procedimentos de fluxo de c\u00f3digo de autoriza\u00e7\u00e3o descritos anteriormente.<\/li>\n<li>Independentemente do tipo de fluxo OIDC, uma vez que o token de ID \u00e9 validado pelo Sync Gateway, o Sync Gateway n\u00e3o cria um usu\u00e1rio porque ele j\u00e1 existe.<\/li>\n<li>A replica\u00e7\u00e3o prossegue normalmente usando o usu\u00e1rio autenticado.<\/li>\n<li>Se um usu\u00e1rio for atualizado no provedor OIDC, o servidor de aplicativos atualizar\u00e1 o usu\u00e1rio correspondente no Sync Gateway por meio do <code>API REST do usu\u00e1rio<\/code> ou atualizando o documento de concess\u00e3o de acesso.\n<ul>\n<li>Se um usu\u00e1rio for exclu\u00eddo durante uma replica\u00e7\u00e3o ativa, a replica\u00e7\u00e3o ser\u00e1 encerrada.<\/li>\n<li>Se as concess\u00f5es de acesso associadas ao usu\u00e1rio tiverem sido alteradas, os documentos que forem afetados pelas concess\u00f5es de acesso atualizadas n\u00e3o ser\u00e3o replicados. Por exemplo, se um usu\u00e1rio perder o acesso a um canal, os documentos desse canal n\u00e3o ser\u00e3o extra\u00eddos.\n<\/ul>\n<\/li>\n<\/ol>\n<div class=\"wp-block-spacer\" style=\"height: 15px;\" aria-hidden=\"true\"> <\/div>\n<h2>Perguntas frequentes (FAQ)<\/h2>\n<p><em>O que \u00e9 melhor: fluxo impl\u00edcito ou fluxo de c\u00f3digo de autoriza\u00e7\u00e3o?<\/em><\/p>\n<p>Do meu ponto de vista, n\u00e3o h\u00e1 um fluxo preferido. O fluxo impl\u00edcito \u00e9 simples e geralmente \u00e9 o preferido pela maioria dos nossos usu\u00e1rios. Como os aplicativos m\u00f3veis t\u00eam um armazenamento seguro, a ID e os tokens de acesso podem ser armazenados com seguran\u00e7a no reposit\u00f3rio de chaves local do dispositivo. Voc\u00ea pode saber mais nesta postagem do blog sobre <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Como aproveitar o fluxo impl\u00edcito do OIDC para autentica\u00e7\u00e3o do Sync Gateway<\/a>.<\/p>\n<p>A vantagem do fluxo do c\u00f3digo de autoriza\u00e7\u00e3o \u00e9 que ele oferece uma seguran\u00e7a um pouco melhor. Isso ocorre porque os tokens s\u00e3o concedidos ao Sync Gateway em troca do c\u00f3digo de autoriza\u00e7\u00e3o somente quando o provedor OIDC recebe um c\u00f3digo de autoriza\u00e7\u00e3o v\u00e1lido. <code>id_cliente<\/code> e <code>segredo_do_cliente<\/code>. Isso garante que somente os clientes autenticados recebam os tokens. Al\u00e9m disso, os tokens de atualiza\u00e7\u00e3o permitem a atualiza\u00e7\u00e3o das sess\u00f5es de autentica\u00e7\u00e3o sem exigir que o usu\u00e1rio final insira suas credenciais todas as vezes.<\/p>\n<h2>Mais recursos<\/h2>\n<p>Nesta postagem, descrevemos o suporte \u00e0 autentica\u00e7\u00e3o OIDC no Sync Gateway. Aqui est\u00e3o alguns recursos adicionais que voc\u00ea pode querer conferir:<\/p>\n<ul>\n<ul>\n<li><a href=\"https:\/\/docs.couchbase.com\/tutorials\/openid-connect-implicit-flow\/index.html?ref=blog\" rel=\"noopener\" target=\"_blank\">Tutorial: Autentica\u00e7\u00e3o OIDC usando o provedor KeyCloak OIDC com Sync Gateway<\/a><\/li>\n<li><a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/configuration-properties.html?ref=blog#databases-this_db-oidc\" rel=\"noopener\" target=\"_blank\">Documenta\u00e7\u00e3o: Configura\u00e7\u00e3o do Sync Gateway OIDC<\/a><\/li>\n<li><a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/authentication-users.html?ref=blog\" rel=\"noopener\" target=\"_blank\">Documenta\u00e7\u00e3o: Autentica\u00e7\u00e3o de cliente do Sync Gateway<\/a><\/li>\n<\/ul>\n<\/ul>\n<p>Se voc\u00ea tiver d\u00favidas ou coment\u00e1rios, deixe um coment\u00e1rio abaixo ou envie um e-mail para <a href=\"mailto:priya.rajagopal@couchbase.com\">priya.rajagopal@couchbase.com<\/a>. O <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/forums\/?ref=blog\" rel=\"noopener\" target=\"_blank\">F\u00f3runs do Couchbase<\/a> s\u00e3o outro bom lugar para entrar em contato com perguntas.<\/p>\n<h2>Agradecimentos<\/h2>\n<p>Gostaria de agradecer ao arquiteto do Sync Gateway <a href=\"https:\/\/github.com\/adamcfraser\" rel=\"noopener\" target=\"_blank\">Adam Fraser<\/a> por sua contribui\u00e7\u00e3o para esta postagem do blog.<br \/>\n&nbsp;<\/p>\n<p><em>Fique por dentro das demais postagens desta s\u00e9rie sobre autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o:<\/p>\n<ul>\n<ul>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Fundamentos do OAuth 2.0 e do OIDC para autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o [Parte 1]<\/a><\/li>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Fluxo impl\u00edcito de OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 2]<\/a><\/li>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/?ref=blog\" rel=\"noopener\" target=\"_blank\">Fluxo de c\u00f3digo de autoriza\u00e7\u00e3o OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 3]<\/a><\/li>\n<\/ul>\n<\/ul>\n<p><\/em><br \/>\n&nbsp;<br \/>\n&nbsp;<br \/>\n&nbsp;<\/p>","protected":false},"excerpt":{"rendered":"<p>Couchbase Sync Gateway supports OpenID Connect or OIDC-based client authentication. In this context, clients may be Couchbase Lite clients that synchronize data with Sync Gateway over the Internet using the websockets-based replication protocol or they could be web frontend or [&hellip;]<\/p>","protected":false},"author":1423,"featured_media":11497,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,7667,1813,2389,9409,2366],"tags":[9266,9267,9250,9234,1713,1962,1909],"ppma_author":[8948],"class_list":["post-11496","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-lite","category-security","category-solutions","category-swift","category-sync-gateway","tag-authorization-code-flow","tag-client-authentication","tag-implicit-flow","tag-oidc","tag-openid-connect","tag-role-based-access-control","tag-swift"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>OIDC Authorization Code Flow for Client Authentication in Couchbase Sync Gateway [Part 3 of 3]<\/title>\n<meta name=\"description\" content=\"Discover how to build and understand OpenID Connect (OIDC) authorization code flow-based client authentication within Couchbase Sync Gateway replication.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OIDC Authorization Code Flow for Client Authentication in Couchbase Sync Gateway [Part 3 of 3]\" \/>\n<meta property=\"og:description\" content=\"Discover how to build and understand OpenID Connect (OIDC) authorization code flow-based client authentication within Couchbase Sync Gateway replication.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/pt\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-06T09:59:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T06:14:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Priya Rajagopal, Senior Director, Product Management\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@rajagp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Priya Rajagopal, Senior Director, Product Management\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/\"},\"author\":{\"name\":\"Priya Rajagopal, Senior Director, Product Management\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c\"},\"headline\":\"OIDC Authorization Code Flow for Client Authentication in Couchbase Sync Gateway [Part 3 of 3]\",\"datePublished\":\"2021-07-06T09:59:06+00:00\",\"dateModified\":\"2025-06-14T06:14:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/\"},\"wordCount\":1843,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg\",\"keywords\":[\"Authorization Code Flow\",\"Client Authentication\",\"Implicit Flow\",\"OIDC\",\"OpenID Connect\",\"Role Based Access Control (RBAC)\",\"swift\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Lite\",\"Security\",\"Solutions\",\"Swift\",\"Sync Gateway\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/\",\"name\":\"OIDC Authorization Code Flow for Client Authentication in Couchbase Sync Gateway [Part 3 of 3]\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg\",\"datePublished\":\"2021-07-06T09:59:06+00:00\",\"dateModified\":\"2025-06-14T06:14:56+00:00\",\"description\":\"Discover how to build and understand OpenID Connect (OIDC) authorization code flow-based client authentication within Couchbase Sync Gateway replication.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg\",\"width\":1200,\"height\":628,\"caption\":\"Learn how OIDC authorization code flow-based client authentication works with Couchbase Sync Gateway\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OIDC Authorization Code Flow for Client Authentication in Couchbase Sync Gateway [Part 3 of 3]\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c\",\"name\":\"Priya Rajagopal, Senior Director, Product Management\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/4b50a54778b979d8c345b036ab138734\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g\",\"caption\":\"Priya Rajagopal, Senior Director, Product Management\"},\"description\":\"Priya Rajagopal is a Senior Director of Product Management at Couchbase responsible for developer platforms for the cloud and the edge. She has been professionally developing software for over 20 years in several technical and product leadership positions, with 10+ years focused on mobile technologies. As a TISPAN IPTV standards delegate, she was a key contributor to the IPTV standards specifications. She has 22 patents in the areas of networking and platform security.\",\"sameAs\":[\"https:\/\/x.com\/rajagp\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/pt\/author\/priya-rajagopalcouchbase-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Fluxo de c\u00f3digo de autoriza\u00e7\u00e3o OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 3 de 3]","description":"Discover how to build and understand OpenID Connect (OIDC) authorization code flow-based client authentication within Couchbase Sync Gateway replication.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/pt\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/","og_locale":"pt_BR","og_type":"article","og_title":"OIDC Authorization Code Flow for Client Authentication in Couchbase Sync Gateway [Part 3 of 3]","og_description":"Discover how to build and understand OpenID Connect (OIDC) authorization code flow-based client authentication within Couchbase Sync Gateway replication.","og_url":"https:\/\/www.couchbase.com\/blog\/pt\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/","og_site_name":"The Couchbase Blog","article_published_time":"2021-07-06T09:59:06+00:00","article_modified_time":"2025-06-14T06:14:56+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg","type":"image\/jpeg"}],"author":"Priya Rajagopal, Senior Director, Product Management","twitter_card":"summary_large_image","twitter_creator":"@rajagp","twitter_misc":{"Written by":"Priya Rajagopal, Senior Director, Product Management","Est. reading time":"9 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/"},"author":{"name":"Priya Rajagopal, Senior Director, Product Management","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c"},"headline":"OIDC Authorization Code Flow for Client Authentication in Couchbase Sync Gateway [Part 3 of 3]","datePublished":"2021-07-06T09:59:06+00:00","dateModified":"2025-06-14T06:14:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/"},"wordCount":1843,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg","keywords":["Authorization Code Flow","Client Authentication","Implicit Flow","OIDC","OpenID Connect","Role Based Access Control (RBAC)","swift"],"articleSection":["Best Practices and Tutorials","Couchbase Lite","Security","Solutions","Swift","Sync Gateway"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/","url":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/","name":"Fluxo de c\u00f3digo de autoriza\u00e7\u00e3o OIDC para autentica\u00e7\u00e3o de cliente no Couchbase Sync Gateway [Parte 3 de 3]","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg","datePublished":"2021-07-06T09:59:06+00:00","dateModified":"2025-06-14T06:14:56+00:00","description":"Discover how to build and understand OpenID Connect (OIDC) authorization code flow-based client authentication within Couchbase Sync Gateway replication.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/07\/openid-connect-authorization-code-flow-client-authentication-couchbase-sync-gateway.jpg","width":1200,"height":628,"caption":"Learn how OIDC authorization code flow-based client authentication works with Couchbase Sync Gateway"},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"OIDC Authorization Code Flow for Client Authentication in Couchbase Sync Gateway [Part 3 of 3]"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"Blog do Couchbase","description":"Couchbase, o banco de dados NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"Blog do Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c","name":"Priya Rajagopal, Diretora S\u00eanior, Gerenciamento de Produtos","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/4b50a54778b979d8c345b036ab138734","url":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g","caption":"Priya Rajagopal, Senior Director, Product Management"},"description":"Priya Rajagopal \u00e9 diretora s\u00eanior de gerenciamento de produtos da Couchbase, respons\u00e1vel pelas plataformas de desenvolvedor para a nuvem e a borda. Ela desenvolve software profissionalmente h\u00e1 mais de 20 anos em v\u00e1rios cargos t\u00e9cnicos e de lideran\u00e7a de produtos, com mais de 10 anos de foco em tecnologias m\u00f3veis. Como delegada de padr\u00f5es de IPTV da TISPAN, ela foi uma das principais colaboradoras das especifica\u00e7\u00f5es de padr\u00f5es de IPTV. Ela tem 22 patentes nas \u00e1reas de rede e seguran\u00e7a de plataforma.","sameAs":["https:\/\/x.com\/rajagp"],"url":"https:\/\/www.couchbase.com\/blog\/pt\/author\/priya-rajagopalcouchbase-com\/"}]}},"authors":[{"term_id":8948,"user_id":1423,"is_guest":0,"slug":"priya-rajagopalcouchbase-com","display_name":"Priya Rajagopal, Senior Director, Product Management","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g","first_name":"Priya","last_name":"Rajagopal, Senior Director, Product Management","user_url":"","author_category":"","description":"Priya Rajagopal \u00e9 diretora s\u00eanior de gerenciamento de produtos da Couchbase, respons\u00e1vel pelas plataformas de desenvolvedor para a nuvem e a borda. Ela desenvolve software profissionalmente h\u00e1 mais de 20 anos em v\u00e1rios cargos t\u00e9cnicos e de lideran\u00e7a de produtos, com mais de 10 anos de foco em tecnologias m\u00f3veis. Como delegada de padr\u00f5es de IPTV da TISPAN, ela foi uma das principais colaboradoras das especifica\u00e7\u00f5es de padr\u00f5es de IPTV. Ela tem 22 patentes nas \u00e1reas de rede e seguran\u00e7a de plataforma."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/11496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/users\/1423"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/comments?post=11496"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/11496\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media\/11497"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media?parent=11496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/categories?post=11496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/tags?post=11496"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/ppma_author?post=11496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}