Set App User Role using OIDC

Hi!

My team is using OIDC to authenticate our users. We are wanting to assign all users created to the “basic-user” app role so they have access to some documents that should be publicly available. I already created the “basic-user” app role that has access to the “public” channel. I am able to manually update our users’ app roles to “basic-user” using the website GUI but am struggling to properly do so programmatically when we created a new user after the OIDC authentication. This is what I have so far, but am not sure that I am on the right track:

let httpsUrl = appConfig.endpointUrl.replacingOccurrences(of: "wss://", with: "https://")
        let checkUrl = // url in this format URL(string: "http://[our endpoint url]:8091/settings/rbac")
            
        /// Checks that the Couchbase endpoint is valid
        
        guard let url = URL(string: checkUrl) else {
            throw URLError(.badURL)
        }
          
        // Create the URLRequest
        var request = URLRequest(url: url, cachePolicy: .reloadIgnoringLocalCacheData, timeoutInterval: 30)
        request.httpMethod = "PUT"

        // Set necessary headers
        request.setValue("application/json", forHTTPHeaderField: "Content-Type")
        request.setValue("Bearer \(credentials.idToken)", forHTTPHeaderField: "Authorization")  // Replace with your token

        // Define the request body (assigning app role)
        let body: [String: Any] = [
            "roles": ["basic-user"]            // Replace "app_role" with your specific app role
        ]
        
        // Serialize the body into JSON
        do {
            let jsonData = try JSONSerialization.data(withJSONObject: body, options: [])
            request.httpBody = jsonData
        } catch {
            print("Error serializing JSON: \(error)")
        }
        
        /// Make the request to Couchbase
        let _ = URLSession(configuration: .default, delegate: self, delegateQueue: nil)
        // MARK: - TO DO
        // error here with signing in after logging out
        let (data, response) = try await URLSession.shared.data(for: request)
        guard let httpResponse = response as? HTTPURLResponse else {
            throw URLError(.badServerResponse)
        }
        
        /// Get status code from the authorization request
        switch httpResponse.statusCode {
            
            /// Success: Couchbase user was found or created with Auth0 credentials
        case 200:
            print("successful")
       default:
           // throw an error
    }

Am I on the right track or am I missing something or is there an easier way to accomplish this?

1 post - 1 participant

Read full topic