Authentication Error using OpenBucket in SDK for Golang


I have a Couchbase 5.0 CE Cluster (4 Nodes) and I am also using Sync Gateway 2. I have a bucket called sync_gateway that was created when the cluster was running CB 4.x. After the upgrade process, one of my apps that uses the GoLang SDK (1.4.2) carried on working as expected (more on this soon). However, recently I had to take my cluster down and bring a new cluster up from a backup, at which point my app stopped working, the call to OpenBucket now returns “authentication failed”.

After some research* I figured that this is because the upgrade process created a user with username sync_gateway (same as the bucket name) but with an empty password. Recreating the cluster means the bucket was created from scratch and then restored into which means the user with the empty password no longer exists and an RBAC user was needed in order for my app to still connect.

With this in mind, I created a user that matched the name of my bucket, set a password and updated my code to call

OpenBucket("sync_gateway", <new password for sync_gateway user>)

I gave the user permissions on my bucket and restarted my app. I got the same error, “authentication failed”.

So, I then tried to create a user with a totally different username, updated my code to use the new authentication methods:

cluster.Authenticate(gocb.PasswordAuthenticator{Username: <username>, Password: <password>,})

and changed the OpenBucket call to

cluster.OpenBucket(<bucket_name>, "")

The cluster.Authenticate does not return an error, so I assume this has worked, but once again the open bucket call returns “authentication failed”. I also tried the above code with the user that has the same name as my bucket name, still the same problem.

I have tried running the OpenBucket(<bucket_name>, <password for user with same name as bucket>) with SDK versions 1.3.6 and 1.2.5 and both of these also return the “authentication failed” error.

I have also tried all of the above giving the various users ADMIN permissions as well as just bucket permissions, every time I get the same error from OpenBucket.

What could I be doing wrong? I am at a loss as to what else I can try. NOTE: there is nothing in the server logs that I can see that might suggest what is going wrong.


I can confirm that the sync_gateway user descirbed above has read and write permissions on the bucket:

curl -X POST --data 'cluster.bucket[sync_gateway]!read,cluster.bucket[sync_gateway]!write' http://sync_gateway:<PASSWORD>@



I get the same result when I try the user that is not named the same as the bucket


using the rest api admin user as the username and password in the cluster.Authenticate call (the same user that I use to log into the couchbase web UI and make cURL requests with) works! The gocb SDK opens the bucket correctly

Hi @nkhumphreys, as you’ve noticed as of CB 5.0 OpenBucket should always be called with an empty password and cluster.Authenticate always used for credentials instead. cluster.Authenticate doesn’t actually authenticate against the server when called, that happens on OpenBucket (using the credentials provided to Authenticate) which is why you see the error at that point.

You could try to use (or increase) gocb logging with gocb.SetLogger(gocb.VerboseStdioLogger()) to see if that shows anything useful.

Thanks, I will give this a try

There is nothing in the logs to suggest why the authentication for the RBAC user is failing

Are you able to make cURL requests to the bucket using any of the other users?