Hi,
since upgrading to sync gateway 3.1, we experience issues with API calls authenticated using Bearer token. I am testing with Couchbase Sync Gateway/3.1.0(592;2a9837d) EE
.
Any API call with a Bearer Token will increase the sequence number. When using the _changes feed, this will increase the sequence number every second and spams changes.
When calling changes feed with /db/_changes?include_docs=true&since=10147607
we immediately get the result back:
{
"results": [
{
"seq": 10147608,
"id": "_user/oidc_url_830acde4-ef26-4411-a9b1-150957cb3a83",
"changes": []
}
],
"last_seq": "10147608"
}
We will then call the changes feed with since 10147608
, which will in turn trigger the next update. This both spams the changes feed and increases the sequence number into infinity.
When using longpoll inside browsers, this leads to user browsers spamming requests as well.
Debug logs look like this:
2023-06-06T21:06:01.217+02:00 [DBG] Auth+: c:#4185 db:db OIDCUsername: <ud>oidc_url_830acde4-ef26-4411-a9b1-150957cb3a83</ud>
2023-06-06T21:06:01.264+02:00 [INF] Auth: c:#4185 db:db Saved principal w/ name:<ud>oidc_url_830acde4-ef26-4411-a9b1-150957cb3a83</ud>, seq: #10147606
2023-06-06T21:06:01.264+02:00 [INF] DCP: db:db Received #10147606 ("<ud>_user/oidc_url_830acde4-ef26-4411-a9b1-150957cb3a83</ud>")
2023-06-06T21:06:01.264+02:00 [DBG] Changes+: Notifying that "bucket" changed (key="<ud>_sync:user:oidc_url_830acde4-ef26-4411-a9b1-150957cb3a83</ud>") count=23
We have “register”: true set for oidc provider, but this is an already existing user and no new user is added.
We also have another, maybe related, issue with Bearer Token and the api since upgrading: Http: panic serving <IP>: runtime error: invalid memory address or nil pointer dereference after sync gateway upgrade to 3.1
This pretty much breaks the changes feed functionality for us.
Any help is greatly appreciated.