'CouchDB request with JWT causes error "No DB shards could be opened"

I have a couchdb server, which at this moment is for development and it has just one node running in docker.

I would like to authenticate through JWT. I have build my token.

GET https://comp010:6984/_session
Accept: application/json
Content-Type: application/json; charset=utf-8
Authorization: Bearer <JWT token>

I get proper answer (or at least I think so):

{
  "ok": true,
  "userCtx": {
    "name": "uaru",
    "roles": "admin"
  },
  "info": {
    "authentication_handlers": [
      "jwt",
      "cookie",
      "default"
    ],
    "authenticated": "jwt"
  }
}

When I send request to get actual object from the database

GET https://comp010:6984/db_userspaces/xxxx3
Accept: application/json
Content-Type: application/json; charset=utf-8

I get "unauthorized" exception. This is ok, I did not authenticated this request. So I add the same authorization header:

GET https://comp010:6984/db_userspaces/xxxx3
Accept: application/json
Content-Type: application/json; charset=utf-8
Authorization: Bearer <JWT token>

And I get

{
  "error": "internal_server_error",
  "reason": "No DB shards could be opened.",
  "ref": 179462285
}

But if I switch off the authorization ( [chttpd] require_valid_user = false), and send the same request without Authorization header,

GET https://comp010:6984/db_userspaces/xxxx3
Accept: application/json
Content-Type: application/json; charset=utf-8

I get proper response.

Server: CouchDB/3.2.1 (Erlang OTP/23)
X-Couch-Request-ID: 02c628ce15
X-CouchDB-Body-Time: 0

{
  "_id": "xxxx3",
  "_rev": "1-a11f390ffa77a03c557ffbbc7c5fda75",
  "x": "1"
}

How JWT can relate to shards? I am puzzled and I cannot find anything related.

There are no errors with Fauxton.

Thank you in advance for any suggestions.

Here is the log when the request took place

couchdb-server_1  | [error] 2022-03-09T04:52:34.662593Z nonode@nohost <0.6234.1> 82a6b79f38 rexi_server: from: nonode@nohost(<0.6134.1>) mfa: fabric_rpc:open_shard/2 error:function_clause [{lists,usort,[<<"admin">>],[{file,"lists.erl"},{line,1063}]},{couch_db,check_security,3,[{file,"src/couch_db.erl"},{line,713}]},{couch_db,is_authorized,2,[{file,"src/couch_db.erl"},{line,705}]},{couch_db,is_member,1,[{file,"src/couch_db.erl"},{line,685}]},{couch_db,check_is_member,1,[{file,"src/couch_db.erl"},{line,671}]},{couch_db,open,2,[{file,"src/couch_db.erl"},{line,166}]},{mem3_util,get_or_create_db,2,[{file,"src/mem3_util.erl"},{line,549}]},{fabric_rpc,open_shard,2,[{file,"src/fabric_rpc.erl"},{line,307}]}]
couchdb-server_1  | [error] 2022-03-09T04:52:34.662982Z nonode@nohost <0.6236.1> 82a6b79f38 rexi_server: from: nonode@nohost(<0.6134.1>) mfa: fabric_rpc:open_shard/2 error:function_clause [{lists,usort,[<<"admin">>],[{file,"lists.erl"},{line,1063}]},{couch_db,check_security,3,[{file,"src/couch_db.erl"},{line,713}]},{couch_db,is_authorized,2,[{file,"src/couch_db.erl"},{line,705}]},{couch_db,is_member,1,[{file,"src/couch_db.erl"},{line,685}]},{couch_db,check_is_member,1,[{file,"src/couch_db.erl"},{line,671}]},{couch_db,open,2,[{file,"src/couch_db.erl"},{line,166}]},{mem3_util,get_or_create_db,2,[{file,"src/mem3_util.erl"},{line,549}]},{fabric_rpc,open_shard,2,[{file,"src/fabric_rpc.erl"},{line,307}]}]
couchdb-server_1  | [error] 2022-03-09T04:52:34.663440Z nonode@nohost <0.6134.1> 82a6b79f38 req_err(179462285) internal_server_error : No DB shards could be opened.
couchdb-server_1  |     [<<"fabric_util:get_shard/4 L118">>,<<"fabric_util:get_shard/4 L132">>,<<"fabric:get_security/2 L183">>,<<"chttpd_auth_request:db_authorization_check/1 L112">>,<<"chttpd_auth_request:authorize_request/1 L19">>,<<"chttpd:handle_req_after_auth/2 L325">>,<<"chttpd:process_request/1 L310">>,<<"chttpd:handle_request_int/1 L249">>]
couchdb-server_1  | [notice] 2022-03-09T04:52:34.663753Z nonode@nohost <0.6134.1> 82a6b79f38 comp010:6984 ::ffff:150.26.121.46 uaru GET /db_userspaces/xxxx3 500 ok 2
httpauthenticationjwtcouchdb


Solution 1:[1]

In the payload to be turned into JWT, roles MUST BE an array.

{
   :sub => username,
   :'_couchdb.roles' => roles,
   :exp => ...,
}

In my case, roles was not. But it means that should be error 400 Bad Request.

The whole problem has nothing to do with shards configuration, etc. The error message was misleading.

Thanks to people in CouchDb slack channel for guiding me in the right direction.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Wojciech Tomanik

Related Questions

How does webserver handle HTTP POST [closed]

HTTP response code for POST when resource already exists

Python: How do I get key/value pairs from the BaseHTTPRequestHandler HTTP POST handler?

How to resolve the issue of HTTP ERROR 405 [closed]

Getting directory listing over http

How do I use Django piston to return a response in text/plain?

How websockets can be faster than a simple HTTP request?

Angular 7: Sending post request gives error 405 (Method not allowed)

How progressive rendering works?

HTTP simultaneous connections per host limit... are per tab, browser instance or global?

Get a JSON file (that contains Hebrew values) from a remote server and parse it in Node.js

Python requests speed up using keep-alive

RESTful - What should a DELETE response body contain

Check if online resource is reachable with JavaScript, not requiring the The Same Origin Policy to allow it

Better Event centric way to solve request-reply problem in Kafka or any streaming service