{"id":11463,"date":"2021-06-29T03:47:44","date_gmt":"2021-06-29T10:47:44","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=11463"},"modified":"2025-06-13T20:08:46","modified_gmt":"2025-06-14T03:08:46","slug":"oidc-implicit-flow-client-authentication-couchbase-sync-gateway","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","title":{"rendered":"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]"},"content":{"rendered":"<p><strong>OpenID Connect (OIDC) is a popular client authentication mechanism<\/strong> supported by Couchbase Sync Gateway.<\/p>\n<p>In this context, <em>clients<\/em> may be Couchbase Lite clients that synchronize data with Sync Gateway over the Internet using <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/sync-using-app.html?ref=blog\" target=\"_blank\" rel=\"noopener\">the websockets-based replication protocol<\/a> or they could be web frontend or mobile apps <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/rest-api.html?ref=blog\" target=\"_blank\" rel=\"noopener\">accessing Sync Gateway through the public REST endpoint<\/a>.<\/p>\n<p>Last week, <a href=\"https:\/\/www.couchbase.com\/blog\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">we discussed the fundamentals of OIDC and OAuth2 flows<\/a>. In this week&#8217;s blog post, I&#8217;ll introduce you to OIDC Implicit Flow-based client authentication within the context of <a href=\"https:\/\/www.couchbase.com\/products\/sync-gateway\/?ref=blog\" target=\"_blank\" rel=\"noopener\">Couchbase Sync Gateway<\/a> replication. This post assumes familiarity with <a href=\"https:\/\/openid.net\/connect\/\" target=\"_blank\" rel=\"noopener\">OIDC<\/a> and OAuth2 flows for authentication and authorization. So if you are unfamiliar with the flows or need a refresher, definitely catch up with last week&#8217;s blog post.<\/p>\n<h2>Couchbase Sync Gateway OIDC Configuration<\/h2>\n<p>&nbsp;<\/p>\n<p>On a per database basis, <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/configuration-properties.html?ref=blog#databases-this_db-oidc\" target=\"_blank\" rel=\"noopener\">Couchbase Sync Gateway must be configured for OIDC authentication<\/a>.<\/p>\n<p>Here is a basic <code>config<\/code> for Implicit Flow. (Refer to the official documentation pages for <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/configuration-properties.html?ref=blog#databases-this_db-oidc\" target=\"_blank\" rel=\"noopener\">a complete listing of all config options<\/a>.)<\/p>\n<pre>\"oidc\": {\r\n          \"default_provider\":\"google\",\r\n          \"providers\": {\r\n            \"google\": {\r\n                \"issuer\":\"https:\/\/accounts.google.com\",\r\n                \"client_id\":\"YOUR_CLIENT_ID\"\r\n                \"register\":true,\r\n                \"username_claim\":\"email\"\r\n            }\r\n          }\r\n        }\r\n<\/pre>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li><code>issuer<\/code> is the authentication URL corresponding to the OIDC identity provider<\/li>\n<li><code>client_id<\/code> is generated as part of the app registration process with the OIDC provider. The client here refers to the <a href=\"https:\/\/www.couchbase.com\/products\/lite\/?ref=blog\" target=\"_blank\" rel=\"noopener\">Couchbase Lite<\/a> app or web app. Note that <code>client_id<\/code> does not correspond to the end user of the app who is technically the &#8220;Resource Owner&#8221;.<\/li>\n<li>The <code>register<\/code> flag, if set to <code>true<\/code>, will result in the user being automatically created on the Sync Gateway following successful ID token validation.<\/li>\n<li><code>username_claim<\/code> corresponds to the <a href=\"https:\/\/jwt.io\/\" target=\"_blank\" rel=\"noopener\">JWT claim<\/a> to be used as the Sync Gateway username. By default, the Sync Gateway username would take the form <code>issuer+subject<\/code> where <code>issuer<\/code> refers to the username <code>prefix<\/code>. The <code>prefix<\/code> value defaults to the <code>issuer<\/code> claim and can be <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/configuration-properties.html?ref=blog#databases-this_db-oidc-providers-this_provider-user_prefix\" target=\"_blank\" rel=\"noopener\">configured to use a different claim value via the user_prefix config option<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Couchbase Sync Gateway OIDC Discovery<\/h2>\n<p>&nbsp;<\/p>\n<p>On startup, the Sync Gateway connects to the <a href=\"https:\/\/openid.net\/specs\/openid-connect-discovery-1_0.html#IssuerDiscovery\" target=\"_blank\" rel=\"noopener\">discovery endpoint<\/a> associated with the configured OIDC provider\/issuer to fetch relevant provider metadata. The <a href=\"https:\/\/openid.net\/specs\/openid-connect-discovery-1_0.html#ProviderConfigurationResponse\" target=\"_blank\" rel=\"noopener\">metadata<\/a> includes relevant information required for token validation such as issuer public keys, supported encryption algorithms used for encoding the claims in the ID token, etc.<\/p>\n<p>The discovery endpoint corresponds to a well-known discovery URL associated with the issuer. If needed, one can override that via the <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/configuration-properties.html?ref=blog#databases-this_db-oidc-providers-this_provider-discovery_url\" target=\"_blank\" rel=\"noopener\">Sync Gateway discovery_url config option<\/a>.<\/p>\n<h2>OIDC Implicit Flow for Client Authentication<\/h2>\n<p>&nbsp;<\/p>\n<p>This flow is based on the standard OIDC Implicit Flow <a href=\"https:\/\/www.couchbase.com\/blog\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">discussed in the OIDC basics blog<\/a>. It is simpler than the alternate Authorization Code flow-based approach and is generally the preferred approach for Sync Gateway OIDC client authentication.<\/p>\n<h3>Implicit Flow using Bearer Token<\/h3>\n<p>&nbsp;<\/p>\n<p>In this flow, Couchbase Lite clients embed the ID Token retrieved from the OIDC Provider (OP) as <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc6750#section-6.1.1\" target=\"_blank\" rel=\"noopener\">the Bearer token<\/a> within the Authorization header during initialization of replication.<\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-bearer-token.png\"><br \/>\n<\/a><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-sessionid.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11467\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-sessionid.png\" alt=\"OpenID Connect Implicit Flow using session ID\" width=\"800\" height=\"449\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-sessionid.png 800w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-sessionid-300x168.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-sessionid-768x431.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-sessionid-20x11.png 20w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<ol>\n<li>When a user logs into the Couchbase Lite client app, the client initiates OIDC implicit flow with the OIDC Provider to retrieve the ID token. This is per standard OIDC flow procedures <a href=\"https:\/\/www.couchbase.com\/blog\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">outlined in the OIDC basics blog<\/a>.<\/li>\n<li>The client app initiates a replication using the ID token as the Bearer token in the HTTP Authorization Header.<\/li>\n<li>Sync Gateway validates the ID token locally. Following successful token validation, a corresponding <code>UserCtx<\/code> object is created.\n<ul>\n<li>The metadata retrieved from the OIDC Provider Discovery URL during startup is used to validate the token in &#8220;offline mode&#8221;.<\/li>\n<li>If this is the first time that the user is authenticating with the Sync Gateway and if a corresponding user does not exist on the server, the Sync Gateway automatically creates a user if the &#8220;register&#8221; config option is set to true.\n<ul>\n<li><strong>Note:<\/strong> The user that is created is not associated with any access grants such as <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/channels.html?ref=blog\" target=\"_blank\" rel=\"noopener\">channels<\/a> or <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/roles.html?ref=blog\" target=\"_blank\" rel=\"noopener\">roles<\/a>. This auto-registration would only work for public users with no user-specific access grants. We will discuss a flow later in this post that describes how to create users with user-specific access grants.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Following successful initialization, replication proceeds as usual and document changes on the client app and Sync Gateway side are synchronized.\n<ul>\n<li>If the user is deleted during an active replication, the replication is terminated.<\/li>\n<li>If the access grants associated with the user have changed, then documents that get impacted by the updated access grants won\u2019t be replicated. For instance, if a user loses access to a channel, then the documents in that channel won\u2019t be pulled.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h3>Implicit Flow Using Session ID<\/h3>\n<p>&nbsp;<\/p>\n<p>In this flow, Couchbase Lite clients embed the session ID generated by the Sync Gateway following successful ID Token validation as a session cookie during initialization of replication.<\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-bearer-token.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11466\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-bearer-token.png\" alt=\"OpenID Connect Implicit Flow using a bearer token\" width=\"800\" height=\"446\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-bearer-token.png 800w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-bearer-token-300x167.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-bearer-token-768x428.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/OIDC-implicit-flow-using-bearer-token-20x11.png 20w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/OIDC-implicit-flow-using-sessionid.png\"><br \/>\n<\/a><\/p>\n<ol>\n<li>When a user logs into the Couchbase Lite client app, the client initiates OIDC Implicit flow with the OIDC Provider to retrieve the ID token. This is per standard <a href=\"https:\/\/www.couchbase.com\/blog\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">OIDC flow procedures outlined in the OIDC basics blog<\/a>.<\/li>\n<li>The client app creates a session <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/rest-api-admin.html?ref=blog#\/session\/post__db___session\" target=\"_blank\" rel=\"noopener\">using the session REST endpoint<\/a>. The ID token is set as the Bearer token in the HTTP Authorization Header.<\/li>\n<li>Sync Gateway validates the ID token locally. Following successful token validation, a corresponding <code>UserCtx<\/code> object is created.\n<ul>\n<li>The metadata retrieved from the OIDC Provider Discovery URL during startup is used to validate the token in &#8220;offline mode&#8221;.<\/li>\n<li>If this is the first time that the user is authenticating with the Sync Gateway and if a corresponding user does not exist on the server, the Sync Gateway automatically creates a user if the <code>register<\/code> config option is set to <code>true<\/code>.\n<ul>\n<li><strong>Note:<\/strong> The user that is created is not associated with any access grants such as <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/channels.html?ref=blog\" target=\"_blank\" rel=\"noopener\">channels<\/a> or <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/roles.html?ref=blog\" target=\"_blank\" rel=\"noopener\">roles<\/a>. This auto-registration would work for public users with no user-specific access grants. We will discuss a flow later in this post that describes how to create users with user-specific access grants.<\/li>\n<\/ul>\n<\/li>\n<li>A session is created for the user with an idle session timeout of 24 hours.\n<ul>\n<li><strong>Note:<\/strong> The session expiration is not related to the ID token expiry. More on session expirations in the FAQ section below.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Session ID is returned to the client.<\/li>\n<li>Client app initiates a replication by setting the session ID as the session cookie using the <code>SessionAuthenticator<\/code> as <a href=\"https:\/\/docs.couchbase.com\/couchbase-lite\/2.8\/swift\/replication.html?ref=blog#lbl-init-repl\" target=\"_blank\" rel=\"noopener\">discussed in the docs<\/a>.<\/li>\n<li>Sync Gateway checks the validity of the session to determine if the session has been deleted or has expired.\n<ul>\n<li>If the session is active, the session gets auto-extended to 24 hours if 10% of idle session timeout has elapsed.<\/li>\n<\/ul>\n<\/li>\n<li>Following successful initialization, replication proceeds as usual, and document changes on the client app and Sync Gateway side are synchronized.\n<ul>\n<li>If the user is deleted during an active replication, the replication is terminated.<\/li>\n<li>If the access grants associated with the user have changed, then documents that get impacted by the updated access grants won\u2019t be replicated. For instance, if a user loses access to a channel then the documents in that channel won\u2019t be pulled.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h2>Associating Access Grants to Authenticated Users<\/h2>\n<p>&nbsp;<\/p>\n<p>Sync Gateway <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/channels.html?ref=blog\" target=\"_blank\" rel=\"noopener\">channels<\/a> and <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/roles.html?ref=blog\" target=\"_blank\" rel=\"noopener\">roles<\/a> are two key elements of Sync Gateway\u2019s access control mechanism. They define the <em>access grants<\/em> associated with a user, dictating the set of documents that the user has read\/write access to.<\/p>\n<p>There are a couple of options to assign access grants to a user:<\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li>Dynamic assignment of users to channels or roles by the sync function with the <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/current\/sync-function.html?ref=blog#accessusername-channelname\" target=\"_blank\" rel=\"noopener\">access()<\/a> or <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/sync-function.html?ref=blog#roleusername-rolename\" target=\"_blank\" rel=\"noopener\">role() APIs<\/a> using an <em>access grant document<\/em>. An access grant document specifies the channels or roles that a user must be assigned to.<\/li>\n<li>Static assignment of grants to users via the admin <a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/rest-api-admin.html?ref=blog#\/user\/put__db___user__name_\" target=\"_blank\" rel=\"noopener\">_user REST API<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>As you have seen from the previous OIDC authentication flows, Sync Gateway can be configured to automatically create the authenticated user in Sync Gateway following successful authentication. However, the user created is not associated with any access grants. This works for a public user with public channel access.<\/p>\n<p>But what if you wanted to assign user specific access grants?<\/p>\n<p>This task is typically handled via a backend application server that would be responsible for creating or updating the user. Sync Gateway is only responsible for OIDC authentication.<\/p>\n<p>Here is a typical flow:<\/p>\n<p><a href=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/associating-access-grants-to-authenticated-users.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-11465\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2021\/06\/associating-access-grants-to-authenticated-users.png\" alt=\"Associating access grants to authenticated users in Couchbase Sync Gateway\" width=\"800\" height=\"435\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/associating-access-grants-to-authenticated-users.png 800w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/associating-access-grants-to-authenticated-users-300x163.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/associating-access-grants-to-authenticated-users-768x418.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/associating-access-grants-to-authenticated-users-20x11.png 20w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<ol>\n<li>A backend process or app server is responsible for registering users with the OIDC Provider.<\/li>\n<li>Subsequent to the registration, the app server creates corresponding user on Sync Gateway via the <code>_user<\/code> REST API or by adding a suitable access grant document.<\/li>\n<li>The next time the user logs into the app, OIDC authentication proceeds using the Implicit Flow procedures described earlier.<\/li>\n<li>Regardless of the type of OIDC flow, once the ID token is validated, Sync Gateway does not create a user because it already exists.<\/li>\n<li>Replication proceeds as usual using the authenticated user.<\/li>\n<li>If a user is updated on the OIDC Provider, the app server updates the corresponding user on the Sync Gateway via the <code>_user<\/code> REST API or by updating the access grant document.\n<ul>\n<li>If a user is deleted during an active replication, the replication is terminated.<\/li>\n<li>If the access grants associated with the user have changed, then documents that get impacted by the updated access grants won\u2019t be replicated. For instance, if a user loses access to a channel then the documents in that channel won\u2019t be pulled.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h2>Frequently Asked Questions (FAQ)<\/h2>\n<p>&nbsp;<\/p>\n<p><em>How is ID token expiration handled with replication?<\/em><\/p>\n<p>Validation of ID token is done at authentication time when a replication is started. A token that expires during an active replication will not impact the ongoing replication. However, if the user associated with the replication is deleted, then the replication will be terminated. Similarly, if there are changes to access grants associated with the user, then that will immediately take effect in the ongoing replication.<\/p>\n<p><em>Would session expiration terminate a continuous replication?<\/em><\/p>\n<p>No. Session validation is done at authentication time when a replication is started. If a session expires during an active replication, that will not impact the ongoing replication. However, if the user associated with the replication is deleted, then the replication will be terminated. Similarly, if there are changes to access grants associated with the user, then that will immediately take effect in the ongoing replication.<\/p>\n<p><em>Would deleting the sessions prior to their expiration terminate replication?<\/em><\/p>\n<p>No. Session validation is done only at authentication time when a replication is started. So if a session expires during an active replication, that will not impact the ongoing replication. However, if the user associated with the replication is deleted, then the replication will be terminated. Similarly, if there are changes to access grants associated with the user, then that will immediately take effect in the ongoing replication.<\/p>\n<p><em>Is it possible to use JWT claims for assigning channel grants?<\/em><\/p>\n<p>That is not possible at this time.<\/p>\n<p><em>What OIDC providers do you support?<\/em><\/p>\n<p>We support any provider that is compliant with <a href=\"https:\/\/openid.net\/connect\/\" target=\"_blank\" rel=\"noopener\">OIDC<\/a> and <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc7519\" target=\"_blank\" rel=\"noopener\">JSON web token (JWT)<\/a> standards.<\/p>\n<h2>More Resources<\/h2>\n<p>&nbsp;<\/p>\n<p>In this post, we described OpenID Connect (OIDC) authentication support in Couchbase Sync Gateway. In an upcoming post, we will discuss the Authorization Code Flow implementation with Sync Gateway.<\/p>\n<p>Here are some additional resources:<\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li><a href=\"https:\/\/docs.couchbase.com\/tutorials\/openid-connect-implicit-flow\/index.html?ref=blog\" target=\"_blank\" rel=\"noopener\">Tutorial: OIDC Authentication using KeyCloak OIDC provider with Sync Gateway<\/a><\/li>\n<li><a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/configuration-properties.html?ref=blog#databases-this_db-oidc\" target=\"_blank\" rel=\"noopener\">Sync Gateway OIDC Configuration<\/a><\/li>\n<li><a href=\"https:\/\/docs.couchbase.com\/sync-gateway\/2.8\/authentication-users.html?ref=blog\" target=\"_blank\" rel=\"noopener\">Documentation: Sync Gateway Client Authentication<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>If you have questions or feedback, please leave a comment below or email me at <a href=\"mailto:priya.rajagopal@couchbase.com\">priya.rajagopal@couchbase.com<\/a>. The <a href=\"https:\/\/www.couchbase.com\/forums\/?ref=blog\" target=\"_blank\" rel=\"noopener\">Couchbase Forums<\/a> are another good place to reach out with questions.<\/p>\n<p>&nbsp;<\/p>\n<p><em>Catch up with the rest of the posts in this series on authentication and authorization:<\/em><\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/oauth-2-oidc-fundamentals-authentication-authorization\/?ref=blog\" target=\"_blank\" rel=\"noopener\">OAuth 2.0 &amp; OIDC Fundamentals for Authentication &amp; Authorization [Part 1]<\/a><\/li>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/?ref=blog\" target=\"_blank\" rel=\"noopener\">OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2]<\/a><\/li>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/oidc-authorization-code-flow-client-authentication-couchbase-sync-gateway\/?ref=blog\" target=\"_blank\" rel=\"noopener\">OIDC Authorization Code Flow for Client Authentication in Couchbase Sync Gateway [Part 3]<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenID Connect (OIDC) is a popular client authentication mechanism supported by Couchbase Sync Gateway. In this context, clients may be Couchbase Lite clients that synchronize data with Sync Gateway over the Internet using the websockets-based replication protocol or they could [&hellip;]<\/p>\n","protected":false},"author":1423,"featured_media":11464,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,7667,1810,9409,2366],"tags":[9266,9267,9250,1261,9234,1713,1909],"ppma_author":[8948],"class_list":["post-11463","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-lite","category-couchbase-mobile","category-swift","category-sync-gateway","tag-authorization-code-flow","tag-client-authentication","tag-implicit-flow","tag-json","tag-oidc","tag-openid-connect","tag-swift"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]<\/title>\n<meta name=\"description\" content=\"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]\" \/>\n<meta property=\"og:description\" content=\"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-29T10:47:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T03:08:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Priya Rajagopal, Senior Director, Product Management\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@rajagp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Priya Rajagopal, Senior Director, Product Management\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/\"},\"author\":{\"name\":\"Priya Rajagopal, Senior Director, Product Management\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/person\\\/c2da90e57717ee4970c48a87a131ac2c\"},\"headline\":\"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]\",\"datePublished\":\"2021-06-29T10:47:44+00:00\",\"dateModified\":\"2025-06-14T03:08:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/\"},\"wordCount\":1914,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2021\\\/06\\\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\",\"keywords\":[\"Authorization Code Flow\",\"Client Authentication\",\"Implicit Flow\",\"JSON\",\"OIDC\",\"OpenID Connect\",\"swift\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Lite\",\"Couchbase Mobile\",\"Swift\",\"Sync Gateway\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/\",\"name\":\"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2021\\\/06\\\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\",\"datePublished\":\"2021-06-29T10:47:44+00:00\",\"dateModified\":\"2025-06-14T03:08:46+00:00\",\"description\":\"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2021\\\/06\\\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\",\"contentUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2021\\\/06\\\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg\",\"width\":1200,\"height\":628,\"caption\":\"Learn how OIDC implicit flow-based client authentication works within Sync Gateway replication\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/admin-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/person\\\/c2da90e57717ee4970c48a87a131ac2c\",\"name\":\"Priya Rajagopal, Senior Director, Product Management\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g4b50a54778b979d8c345b036ab138734\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g\",\"caption\":\"Priya Rajagopal, Senior Director, Product Management\"},\"description\":\"Priya Rajagopal is a Senior Director of Product Management at Couchbase responsible for developer platforms for the cloud and the edge. She has been professionally developing software for over 20 years in several technical and product leadership positions, with 10+ years focused on mobile technologies. As a TISPAN IPTV standards delegate, she was a key contributor to the IPTV standards specifications. She has 22 patents in the areas of networking and platform security.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/rajagp\"],\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/author\\\/priya-rajagopalcouchbase-com\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]","description":"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","og_locale":"en_US","og_type":"article","og_title":"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]","og_description":"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.","og_url":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","og_site_name":"The Couchbase Blog","article_published_time":"2021-06-29T10:47:44+00:00","article_modified_time":"2025-06-14T03:08:46+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","type":"image\/jpeg"}],"author":"Priya Rajagopal, Senior Director, Product Management","twitter_card":"summary_large_image","twitter_creator":"@rajagp","twitter_misc":{"Written by":"Priya Rajagopal, Senior Director, Product Management","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/"},"author":{"name":"Priya Rajagopal, Senior Director, Product Management","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c"},"headline":"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]","datePublished":"2021-06-29T10:47:44+00:00","dateModified":"2025-06-14T03:08:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/"},"wordCount":1914,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","keywords":["Authorization Code Flow","Client Authentication","Implicit Flow","JSON","OIDC","OpenID Connect","swift"],"articleSection":["Best Practices and Tutorials","Couchbase Lite","Couchbase Mobile","Swift","Sync Gateway"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","url":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/","name":"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","datePublished":"2021-06-29T10:47:44+00:00","dateModified":"2025-06-14T03:08:46+00:00","description":"Discover how to build and understand OpenID Connect (OIDC) implicit flow-based client authentication within the context of Couchbase Sync Gateway replication.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2021\/06\/oidc-implicit-flow-client-authentication-authorization-couchbase-sync-gateway.jpg","width":1200,"height":628,"caption":"Learn how OIDC implicit flow-based client authentication works within Sync Gateway replication"},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/oidc-implicit-flow-client-authentication-couchbase-sync-gateway\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"OIDC Implicit Flow for Client Authentication in Couchbase Sync Gateway [Part 2 of 3]"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/c2da90e57717ee4970c48a87a131ac2c","name":"Priya Rajagopal, Senior Director, Product Management","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g4b50a54778b979d8c345b036ab138734","url":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g","caption":"Priya Rajagopal, Senior Director, Product Management"},"description":"Priya Rajagopal is a Senior Director of Product Management at Couchbase responsible for developer platforms for the cloud and the edge. She has been professionally developing software for over 20 years in several technical and product leadership positions, with 10+ years focused on mobile technologies. As a TISPAN IPTV standards delegate, she was a key contributor to the IPTV standards specifications. She has 22 patents in the areas of networking and platform security.","sameAs":["https:\/\/x.com\/rajagp"],"url":"https:\/\/www.couchbase.com\/blog\/author\/priya-rajagopalcouchbase-com\/"}]}},"acf":[],"authors":[{"term_id":8948,"user_id":1423,"is_guest":0,"slug":"priya-rajagopalcouchbase-com","display_name":"Priya Rajagopal, Senior Director, Product Management","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/acfb2349788955262cd069497a9e7bdb0e97c26326f2e55811e7c1174e9ef1be?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/11463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/1423"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=11463"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/11463\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/11464"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=11463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=11463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=11463"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=11463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}