Internal error: Authentication failure


I am trying to configure my OIDC provider using the Admin API PUT /{db}/_config end point but getting the following response.

{"error":"Internal Server Error","reason":"Internal error: Authentication failure"}

In the logs I see these entries.

2022-03-03T00:01:16.134Z [ERR] c:#002 #002: Authentication failure -- rest.(*handler).writeError() at handler.go:1029
2022-03-03T00:01:16.134Z [INF] HTTP: #002:     --> 500 Internal error: Authentication failure  (3334.1 ms)

I am using the following Sync Gateway Docker image - couchbase/sync-gateway:3.0.0-enterprise.

I am sending the following body, which worked for me when using 3.0.0-beta02-enterprise, using Postman.

    "oidc": {
        "providers": {
            "azuread": {
                "issuer": "",
                "client_id": "50aaxxxx-51a5-xxxx-xxxx-44d0405xxxxa",
                "register": true

This is the Sync Gateway config file I am using, in case it is relevant.

    "bootstrap": {
        "server": "couchbase://cbserver7-0-3",
        "username": "sync_gateway",
        "password": "XXXXXXXXX",
        "server_tls_skip_verify": true,
        "use_tls_server": false
    "api": {
        "admin_interface": ":4985"
    "logging": {
        "console": {
	    "enabled": true,
            "log_level": "debug",
            "log_keys": ["*"],
            "color_enabled": true

Does anyone know what I am doing wrong or how to further debug this?


Hi there, few things to try:

  • Are you able to call other DB update endpoints that do not modify OIDC? how about other admin and non-admin endpoints?
  • Do you see any additional “Auth” or “Auth+” messages in the logs? maybe set log level to trace, as well.
  • if possible, can you confirm that you are able to reach the oidc provider from within the SG docker?


Hi, i’m facing a similar issue. I’ve deployed both the server and sync gateway on an ec2 instance. I’m getting exactly the same error logs as mentioned above.
“bootstrap”: {
“server”: “couchbases://localhost”,
“username”: “sync_gateway”,
“password”: “password”,
“server_tls_skip_verify”: true,
“use_tls_server”: true
“api”: {
“admin_interface”: “”,
“https”: {
“tls_cert_path”: “cert.pem”,
“tls_key_path”: “privkey.pem”
“logging”: {
“console”: {
“enabled”: true,
“log_level”: “info”,
“log_keys”: [“*”]
This is the curl call that I’m making
curl -k --location -g --request PUT ‘https://localhost:4985/traveldb/_config’ --header “Authorization: Basic $DIGEST” --header ‘Content-Type: application/json’ --data-raw ‘{
“enable_shared_bucket_access”: true,
“import_docs”: true
The digest is of the sync_gateway user which has all the sync gateway related permissions. I’ve even tried with the user with full admin permission but getting the same error.
@bruno.alves I was able to create another user sguser1 using the same digest.
I don’t see any other error messages