I’m looking through the documentation for configuring the Sync Gateway to allow authentication with OpenID connect implicit flow and have run into some questions i’m looking to get help with. I already have in place an identity provider which issues user security tokens including the user’s roles. Assuming I’ve configured the Sync Gateway to trust this issuer my questions are as follows.
- I can choose to create a session using a bearer token, or continue providing the bearer token in all calls. Is there any reason to create a session besides weighing JWT’s increase transmission size and CPU verification load versus the session’s lookup time?
- I see the register configuration entry when configuring the OIDC provider - is creating a local Sync Gateway user required or can the information in the security token be presented and used for all calls?
- Is there a way through configuration to link the concept of role claims in a JWT token to SyncGateway roles for the purpose of channel access?