[server]: fix support for neondb

Update gorm/postgres driver version 1.4.7
Merge pull request #322 from authorizerdev/fix/use-scopes-as-string
2023-02-10 10:39:53 +05:30 · 2023-02-08 09:41:17 +05:30 · 2023-02-08 09:39:08 +05:30 · 2023-02-07 01:13:03 +05:30 · 2023-02-06 21:32:32 +05:30 · 2023-02-06 20:39:22 +05:30
41 changed files with 1799 additions and 93 deletions
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM golang:1.19.1-alpine as go-builder
+FROM golang:1.19.5-alpine as go-builder
 WORKDIR /authorizer
 COPY server server
 COPY Makefile .
--- a/14
+++ b/14
@@ -26,23 +26,31 @@ test-scylladb:
 	cd server && go clean --testcache && TEST_DBS="scylladb" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 test-arangodb:
-	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
+	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.10.3
 	cd server && go clean --testcache && TEST_DBS="arangodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_arangodb
 test-dynamodb:
 	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
 	cd server && go clean --testcache && TEST_DBS="dynamodb" go test -p 1 -v ./test
 	docker rm -vf dynamodb-local-test
+test-couchbase:
+	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
+	sh scripts/couchbase-test.sh
+	cd server && go clean --testcache && TEST_DBS="couchbase" go test -p 1 -v ./test
+	docker rm -vf couchbase-local-test
 test-all-db:
 	rm -rf server/test/test.db server/test/test.db-shm server/test/test.db-wal && rm -rf test.db test.db-shm test.db-wal
 	docker run -d --name authorizer_scylla_db -p 9042:9042 scylladb/scylla
 	docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15
-	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
-	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
+	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.10.3
+	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest
+	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
+	sh scripts/couchbase-test.sh
 	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 	docker rm -vf authorizer_mongodb_db
 	docker rm -vf authorizer_arangodb
 	docker rm -vf dynamodb-local-test
+	# docker rm -vf couchbase-local-test
 generate:
 	cd server && go run github.com/99designs/gqlgen generate && go mod tidy
--- a/app/package-lock.json
+++ b/app/package-lock.json
@@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@authorizerdev/authorizer-react": "^1.1.4",
+				"@authorizerdev/authorizer-react": "^1.1.7",
 				"@types/react": "^17.0.15",
 				"@types/react-dom": "^17.0.9",
 				"esbuild": "^0.12.17",
@@ -38,9 +38,9 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-react": {
-			"version": "1.1.4",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.4.tgz",
-			"integrity": "sha512-FBH2igXFM8+TdA2hl1S/HMzt1+OL5wWUow3+Zyiq+IkG9nIjWFlM7ebo4D0zJd875IJiabYFnXqstRABo0ysIQ==",
+			"version": "1.1.7",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.7.tgz",
+			"integrity": "sha512-JYwwOjlKjKx8RX0RLcXIhWacugBE241BDmKq4z20B2hq8xTy3cPbKC+UY3lkp+IiMtrIvHZJ9es26UR9NTUlXA==",
 			"dependencies": {
 				"@authorizerdev/authorizer-js": "^1.1.2"
 			},
@@ -842,9 +842,9 @@
 			}
 		},
 		"@authorizerdev/authorizer-react": {
-			"version": "1.1.4",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.4.tgz",
-			"integrity": "sha512-FBH2igXFM8+TdA2hl1S/HMzt1+OL5wWUow3+Zyiq+IkG9nIjWFlM7ebo4D0zJd875IJiabYFnXqstRABo0ysIQ==",
+			"version": "1.1.7",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.1.7.tgz",
+			"integrity": "sha512-JYwwOjlKjKx8RX0RLcXIhWacugBE241BDmKq4z20B2hq8xTy3cPbKC+UY3lkp+IiMtrIvHZJ9es26UR9NTUlXA==",
 			"requires": {
 				"@authorizerdev/authorizer-js": "^1.1.2"
 			}
--- a/app/package.json
+++ b/app/package.json
@@ -12,7 +12,7 @@
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "^1.1.4",
+		"@authorizerdev/authorizer-react": "^1.1.7",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",
--- a/scripts/couchbase-test.sh
+++ b/scripts/couchbase-test.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -x
+set -m
+
+sleep 15
+
+# Setup index and memory quota
+# curl -v -X POST http://127.0.0.1:8091/pools/default -d memoryQuota=300 -d indexMemoryQuota=300
+
+# Setup services
+curl -v http://127.0.0.1:8091/node/controller/setupServices -d services=kv%2Cn1ql%2Cindex
+
+# Setup credentials
+curl -v http://127.0.0.1:8091/settings/web -d port=8091 -d username=Administrator -d password=password
+
+# Setup Memory Optimized Indexes
+curl -i -u Administrator:password -X POST http://127.0.0.1:8091/settings/indexes -d 'storageMode=memory_optimized'
+
+# Load travel-sample bucket
+#curl -v -u Administrator:password -X POST http://127.0.0.1:8091/sampleBuckets/install -d '["travel-sample"]'
+
+echo "Type: $TYPE"
+
+if [ "$TYPE" = "WORKER" ]; then
+  echo "Sleeping ..."
+  sleep 15
+
+  #IP=`hostname -s`
+  IP=`hostname -I | cut -d ' ' -f1`
+  echo "IP: " $IP
+
+  echo "Auto Rebalance: $AUTO_REBALANCE"
+  if [ "$AUTO_REBALANCE" = "true" ]; then
+    couchbase-cli rebalance --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password
+  else
+    couchbase-cli server-add --cluster=$COUCHBASE_MASTER:8091 --user=Administrator --password=password --server-add=$IP --server-add-username=Administrator --server-add-password=password
+  fi;
+fi;
--- a/server/constants/db_types.go
+++ b/server/constants/db_types.go
@@ -27,4 +27,6 @@ const (
 	DbTypePlanetScaleDB = "planetscale"
 	// DbTypeDynamoDB is the Dynamo database type
 	DbTypeDynamoDB = "dynamodb"
+	// DbTypeCouchbaseDB is the Couchbase database type
+	DbTypeCouchbaseDB = "couchbase"
 )
--- a/server/constants/env.go
+++ b/server/constants/env.go
@@ -43,6 +43,13 @@ const (
 	EnvKeyDatabaseCertKey = "DATABASE_CERT_KEY"
 	// EnvKeyDatabaseCACert key for env variable DATABASE_CA_CERT
 	EnvKeyDatabaseCACert = "DATABASE_CA_CERT"
+	// EnvCouchbaseBucket key for env variable COUCHBASE_BUCKET
+	EnvCouchbaseBucket = "COUCHBASE_BUCKET"
+	// EnvCouchbaseBucketRAMQuotaMB key for env variable COUCHBASE_BUCKET_RAM_QUOTA
+	// This value should be parsed as number
+	EnvCouchbaseBucketRAMQuotaMB = "COUCHBASE_BUCKET_RAM_QUOTA"
+	// EnvCouchbaseBucket key for env variable COUCHBASE_SCOPE
+	EnvCouchbaseScope = "COUCHBASE_SCOPE"
 	// EnvKeySmtpHost key for env variable SMTP_HOST
 	EnvKeySmtpHost = "SMTP_HOST"
 	// EnvKeySmtpPort key for env variable SMTP_PORT
--- a/server/db/db.go
+++ b/server/db/db.go
@@ -7,6 +7,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/providers"
 	"github.com/authorizerdev/authorizer/server/db/providers/arangodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/cassandradb"
+	"github.com/authorizerdev/authorizer/server/db/providers/couchbase"
 	"github.com/authorizerdev/authorizer/server/db/providers/dynamodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/mongodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/sql"
@@ -21,11 +22,12 @@ func InitDB() error {

 	envs := memorystore.RequiredEnvStoreObj.GetRequiredEnv()

-	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB && envs.DatabaseType != constants.DbTypeDynamoDB
+	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB && envs.DatabaseType != constants.DbTypeDynamoDB && envs.DatabaseType != constants.DbTypeCouchbaseDB
 	isArangoDB := envs.DatabaseType == constants.DbTypeArangodb
 	isMongoDB := envs.DatabaseType == constants.DbTypeMongodb
 	isCassandra := envs.DatabaseType == constants.DbTypeCassandraDB || envs.DatabaseType == constants.DbTypeScyllaDB
 	isDynamoDB := envs.DatabaseType == constants.DbTypeDynamoDB
+	isCouchbaseDB := envs.DatabaseType == constants.DbTypeCouchbaseDB

 	if isSQL {
 		log.Info("Initializing SQL Driver for: ", envs.DatabaseType)
@@ -72,5 +74,14 @@ func InitDB() error {
 		}
 	}

+	if isCouchbaseDB {
+		log.Info("Initializing CouchbaseDB Driver for: ", envs.DatabaseType)
+		Provider, err = couchbase.NewProvider()
+		if err != nil {
+			log.Fatal("Failed to initialize Couchbase driver: ", err)
+			return err
+		}
+	}
+
 	return nil
 }
--- a/server/db/models/env.go
+++ b/server/db/models/env.go
@@ -4,10 +4,11 @@ package models

 // Env model for db
 type Env struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
-	EnvData   string `json:"env" bson:"env" cql:"env" dynamo:"env"`
-	Hash      string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	Key           string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID            string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EnvData       string `json:"env" bson:"env" cql:"env" dynamo:"env"`
+	Hash          string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
+	EncryptionKey string `json:"encryption_key" bson:"encryption_key" cql:"encryption_key" dynamo:"encryption_key"` // couchbase has "hash" as reserved keyword so we cannot use it. This will be empty for other dbs.
+	UpdatedAt     int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+	CreatedAt     int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
 }
--- a/server/db/providers/arangodb/email_template.go
+++ b/server/db/providers/arangodb/email_template.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"

-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -52,7 +51,7 @@ func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagin

 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.EmailTemplate, pagination.Offset, pagination.Limit)

-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	cursor, err := p.db.Query(sctx, query, nil)
 	if err != nil {
 		return nil, err
--- a/server/db/providers/arangodb/provider.go
+++ b/server/db/providers/arangodb/provider.go
@@ -2,8 +2,11 @@ package arangodb

 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/base64"
+	"fmt"

-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/arangodb/go-driver/http"
 	"github.com/authorizerdev/authorizer/server/db/models"
@@ -22,44 +25,75 @@ type provider struct {
 func NewProvider() (*provider, error) {
 	ctx := context.Background()
 	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
-	conn, err := http.NewConnection(http.ConnectionConfig{
+	dbUsername := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
+	dbPassword := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword
+	dbCACertificate := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCACert
+	httpConfig := http.ConnectionConfig{
 		Endpoints: []string{dbURL},
-	})
+	}
+	// If ca certificate if present, create tls config
+	if dbCACertificate != "" {
+		caCert, err := base64.StdEncoding.DecodeString(dbCACertificate)
+		if err != nil {
+			return nil, err
+		}
+		// Prepare TLS Config
+		tlsConfig := &tls.Config{}
+		certPool := x509.NewCertPool()
+		if success := certPool.AppendCertsFromPEM(caCert); !success {
+			return nil, fmt.Errorf("invalid certificate")
+		}
+		tlsConfig.RootCAs = certPool
+		httpConfig.TLSConfig = tlsConfig
+	}
+	// Create new http connection
+	conn, err := http.NewConnection(httpConfig)
 	if err != nil {
 		return nil, err
 	}
-
-	arangoClient, err := arangoDriver.NewClient(arangoDriver.ClientConfig{
+	clientConfig := arangoDriver.ClientConfig{
 		Connection: conn,
-	})
+	}
+	if dbUsername != "" && dbPassword != "" {
+		clientConfig.Authentication = arangoDriver.BasicAuthentication(dbUsername, dbPassword)
+	}
+	arangoClient, err := arangoDriver.NewClient(clientConfig)
 	if err != nil {
 		return nil, err
 	}

-	var arangodb driver.Database
+	var arangodb arangoDriver.Database
 	dbName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
-	arangodb_exists, err := arangoClient.DatabaseExists(nil, dbName)
-
+	arangodb_exists, err := arangoClient.DatabaseExists(ctx, dbName)
+	if err != nil {
+		return nil, err
+	}
 	if arangodb_exists {
-		arangodb, err = arangoClient.Database(nil, dbName)
+		arangodb, err = arangoClient.Database(ctx, dbName)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		arangodb, err = arangoClient.CreateDatabase(nil, dbName, nil)
+		arangodb, err = arangoClient.CreateDatabase(ctx, dbName, nil)
 		if err != nil {
 			return nil, err
 		}
 	}

 	userCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.User)
+	if err != nil {
+		return nil, err
+	}
 	if !userCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.User, nil)
 		if err != nil {
 			return nil, err
 		}
 	}
-	userCollection, _ := arangodb.Collection(nil, models.Collections.User)
+	userCollection, err := arangodb.Collection(ctx, models.Collections.User)
+	if err != nil {
+		return nil, err
+	}
 	userCollection.EnsureHashIndex(ctx, []string{"email"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
@@ -70,6 +104,9 @@ func NewProvider() (*provider, error) {
 	})

 	verificationRequestCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.VerificationRequest)
+	if err != nil {
+		return nil, err
+	}
 	if !verificationRequestCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.VerificationRequest, nil)
 		if err != nil {
@@ -77,7 +114,10 @@ func NewProvider() (*provider, error) {
 		}
 	}

-	verificationRequestCollection, _ := arangodb.Collection(nil, models.Collections.VerificationRequest)
+	verificationRequestCollection, err := arangodb.Collection(ctx, models.Collections.VerificationRequest)
+	if err != nil {
+		return nil, err
+	}
 	verificationRequestCollection.EnsureHashIndex(ctx, []string{"email", "identifier"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
@@ -87,6 +127,9 @@ func NewProvider() (*provider, error) {
 	})

 	sessionCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Session)
+	if err != nil {
+		return nil, err
+	}
 	if !sessionCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.Session, nil)
 		if err != nil {
@@ -94,13 +137,19 @@ func NewProvider() (*provider, error) {
 		}
 	}

-	sessionCollection, _ := arangodb.Collection(nil, models.Collections.Session)
+	sessionCollection, err := arangodb.Collection(ctx, models.Collections.Session)
+	if err != nil {
+		return nil, err
+	}
 	sessionCollection.EnsureHashIndex(ctx, []string{"user_id"}, &arangoDriver.EnsureHashIndexOptions{
 		Sparse: true,
 	})

-	configCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Env)
-	if !configCollectionExists {
+	envCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Env)
+	if err != nil {
+		return nil, err
+	}
+	if !envCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.Env, nil)
 		if err != nil {
 			return nil, err
@@ -108,6 +157,9 @@ func NewProvider() (*provider, error) {
 	}

 	webhookCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.Webhook)
+	if err != nil {
+		return nil, err
+	}
 	if !webhookCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.Webhook, nil)
 		if err != nil {
@@ -115,13 +167,19 @@ func NewProvider() (*provider, error) {
 		}
 	}

-	webhookCollection, _ := arangodb.Collection(nil, models.Collections.Webhook)
+	webhookCollection, err := arangodb.Collection(ctx, models.Collections.Webhook)
+	if err != nil {
+		return nil, err
+	}
 	webhookCollection.EnsureHashIndex(ctx, []string{"event_name"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
 	})

 	webhookLogCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.WebhookLog)
+	if err != nil {
+		return nil, err
+	}
 	if !webhookLogCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.WebhookLog, nil)
 		if err != nil {
@@ -129,12 +187,18 @@ func NewProvider() (*provider, error) {
 		}
 	}

-	webhookLogCollection, _ := arangodb.Collection(nil, models.Collections.WebhookLog)
+	webhookLogCollection, err := arangodb.Collection(ctx, models.Collections.WebhookLog)
+	if err != nil {
+		return nil, err
+	}
 	webhookLogCollection.EnsureHashIndex(ctx, []string{"webhook_id"}, &arangoDriver.EnsureHashIndexOptions{
 		Sparse: true,
 	})

 	emailTemplateCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.EmailTemplate)
+	if err != nil {
+		return nil, err
+	}
 	if !emailTemplateCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.EmailTemplate, nil)
 		if err != nil {
@@ -142,13 +206,19 @@ func NewProvider() (*provider, error) {
 		}
 	}

-	emailTemplateCollection, _ := arangodb.Collection(nil, models.Collections.EmailTemplate)
+	emailTemplateCollection, err := arangodb.Collection(ctx, models.Collections.EmailTemplate)
+	if err != nil {
+		return nil, err
+	}
 	emailTemplateCollection.EnsureHashIndex(ctx, []string{"event_name"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
 	})

 	otpCollectionExists, err := arangodb.CollectionExists(ctx, models.Collections.OTP)
+	if err != nil {
+		return nil, err
+	}
 	if !otpCollectionExists {
 		_, err = arangodb.CreateCollection(ctx, models.Collections.OTP, nil)
 		if err != nil {
@@ -156,7 +226,10 @@ func NewProvider() (*provider, error) {
 		}
 	}

-	otpCollection, _ := arangodb.Collection(nil, models.Collections.OTP)
+	otpCollection, err := arangodb.Collection(ctx, models.Collections.OTP)
+	if err != nil {
+		return nil, err
+	}
 	otpCollection.EnsureHashIndex(ctx, []string{"email"}, &arangoDriver.EnsureHashIndexOptions{
 		Unique: true,
 		Sparse: true,
--- a/server/db/providers/arangodb/user.go
+++ b/server/db/providers/arangodb/user.go
@@ -7,7 +7,6 @@ import (
 	"strings"
 	"time"

-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/google/uuid"

@@ -91,7 +90,7 @@ func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
 // ListUsers to get list of users from database
 func (p *provider) ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error) {
 	var users []*model.User
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)

 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.User, pagination.Offset, pagination.Limit)

@@ -199,7 +198,7 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}

 	query := ""
-	if ids != nil && len(ids) > 0 {
+	if len(ids) > 0 {
 		keysArray := ""
 		for _, id := range ids {
 			keysArray += fmt.Sprintf("'%s', ", id)
@@ -212,7 +211,6 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 	}

 	_, err = p.db.Query(ctx, query, nil)
-
 	if err != nil {
 		return err
 	}
--- a/server/db/providers/arangodb/verification_requests.go
+++ b/server/db/providers/arangodb/verification_requests.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"time"

-	"github.com/arangodb/go-driver"
+	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/google/uuid"
@@ -96,7 +96,7 @@ func (p *provider) GetVerificationRequestByEmail(ctx context.Context, email stri
 // ListVerificationRequests to get list of verification requests from database
 func (p *provider) ListVerificationRequests(ctx context.Context, pagination model.Pagination) (*model.VerificationRequests, error) {
 	var verificationRequests []*model.VerificationRequest
-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.VerificationRequest, pagination.Offset, pagination.Limit)

 	cursor, err := p.db.Query(sctx, query, nil)
@@ -112,7 +112,7 @@ func (p *provider) ListVerificationRequests(ctx context.Context, pagination mode
 		var verificationRequest models.VerificationRequest
 		meta, err := cursor.ReadDocument(ctx, &verificationRequest)

-		if driver.IsNoMoreDocuments(err) {
+		if arangoDriver.IsNoMoreDocuments(err) {
 			break
 		} else if err != nil {
 			return nil, err
@@ -132,8 +132,8 @@ func (p *provider) ListVerificationRequests(ctx context.Context, pagination mode

 // DeleteVerificationRequest to delete verification request from database
 func (p *provider) DeleteVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) error {
-	collection, _ := p.db.Collection(nil, models.Collections.VerificationRequest)
-	_, err := collection.RemoveDocument(nil, verificationRequest.Key)
+	collection, _ := p.db.Collection(ctx, models.Collections.VerificationRequest)
+	_, err := collection.RemoveDocument(ctx, verificationRequest.Key)
 	if err != nil {
 		return err
 	}
--- a/server/db/providers/arangodb/webhook.go
+++ b/server/db/providers/arangodb/webhook.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"

-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -50,7 +49,7 @@ func (p *provider) ListWebhook(ctx context.Context, pagination model.Pagination)

 	query := fmt.Sprintf("FOR d in %s SORT d.created_at DESC LIMIT %d, %d RETURN d", models.Collections.Webhook, pagination.Offset, pagination.Limit)

-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	cursor, err := p.db.Query(sctx, query, nil)
 	if err != nil {
 		return nil, err
--- a/server/db/providers/arangodb/webhook_log.go
+++ b/server/db/providers/arangodb/webhook_log.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"time"

-	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -44,7 +43,7 @@ func (p *provider) ListWebhookLogs(ctx context.Context, pagination model.Paginat
 		}
 	}

-	sctx := driver.WithQueryFullCount(ctx)
+	sctx := arangoDriver.WithQueryFullCount(ctx)
 	cursor, err := p.db.Query(sctx, query, bindVariables)
 	if err != nil {
 		return nil, err
--- a/server/db/providers/couchbase/email_template.go
+++ b/server/db/providers/couchbase/email_template.go
@@ -0,0 +1,166 @@
+package couchbase
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddEmailTemplate to add EmailTemplate
+func (p *provider) AddEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+
+	if emailTemplate.ID == "" {
+		emailTemplate.ID = uuid.New().String()
+	}
+
+	emailTemplate.Key = emailTemplate.ID
+	emailTemplate.CreatedAt = time.Now().Unix()
+	emailTemplate.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+
+	_, err := p.db.Collection(models.Collections.EmailTemplate).Insert(emailTemplate.ID, emailTemplate, &insertOpt)
+	if err != nil {
+		return emailTemplate.AsAPIEmailTemplate(), err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// UpdateEmailTemplate to update EmailTemplate
+func (p *provider) UpdateEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+	bytes, err := json.Marshal(emailTemplate)
+	if err != nil {
+		return nil, err
+	}
+	// use decoder instead of json.Unmarshall, because it converts int64 -> float64 after unmarshalling
+	decoder := json.NewDecoder(strings.NewReader(string(bytes)))
+	decoder.UseNumber()
+	emailTemplateMap := map[string]interface{}{}
+	err = decoder.Decode(&emailTemplateMap)
+	if err != nil {
+		return nil, err
+	}
+
+	updateFields, params := GetSetFields(emailTemplateMap)
+	params["emailId"] = emailTemplate.ID
+
+	query := fmt.Sprintf("UPDATE %s.%s SET %s WHERE _id = $emailId", p.scopeName, models.Collections.EmailTemplate, updateFields)
+
+	_, err = p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// ListEmailTemplates to list EmailTemplate
+func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagination) (*model.EmailTemplates, error) {
+	emailTemplates := []*model.EmailTemplate{}
+	paginationClone := pagination
+	total, err := p.GetTotalDocs(ctx, models.Collections.EmailTemplate)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	userQuery := fmt.Sprintf("SELECT _id, event_name, subject, design, template, created_at, updated_at FROM %s.%s ORDER BY _id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.EmailTemplate)
+
+	queryResult, err := p.db.Query(userQuery, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{paginationClone.Offset, paginationClone.Limit},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	for queryResult.Next() {
+		emailTemplate := models.EmailTemplate{}
+		err := queryResult.Row(&emailTemplate)
+		if err != nil {
+			log.Fatal(err)
+		}
+		emailTemplates = append(emailTemplates, emailTemplate.AsAPIEmailTemplate())
+	}
+
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+
+	return &model.EmailTemplates{
+		Pagination:     &paginationClone,
+		EmailTemplates: emailTemplates,
+	}, nil
+}
+
+// GetEmailTemplateByID to get EmailTemplate by id
+func (p *provider) GetEmailTemplateByID(ctx context.Context, emailTemplateID string) (*model.EmailTemplate, error) {
+	emailTemplate := models.EmailTemplate{}
+
+	query := fmt.Sprintf(`SELECT  _id, event_name, subject, design, template, created_at, updated_at  FROM %s.%s WHERE _id = $1 LIMIT 1`, p.scopeName, models.Collections.EmailTemplate)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{emailTemplateID},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&emailTemplate)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// GetEmailTemplateByEventName to get EmailTemplate by event_name
+func (p *provider) GetEmailTemplateByEventName(ctx context.Context, eventName string) (*model.EmailTemplate, error) {
+	emailTemplate := models.EmailTemplate{}
+
+	query := fmt.Sprintf("SELECT  _id, event_name, subject, design, template, created_at, updated_at  FROM %s.%s WHERE event_name=$1 LIMIT 1", p.scopeName, models.Collections.EmailTemplate)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{eventName},
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&emailTemplate)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// DeleteEmailTemplate to delete EmailTemplate
+func (p *provider) DeleteEmailTemplate(ctx context.Context, emailTemplate *model.EmailTemplate) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.EmailTemplate).Remove(emailTemplate.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/server/db/providers/couchbase/env.go
+++ b/server/db/providers/couchbase/env.go
@@ -0,0 +1,70 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddEnv to save environment information in database
+func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	if env.ID == "" {
+		env.ID = uuid.New().String()
+	}
+	env.CreatedAt = time.Now().Unix()
+	env.UpdatedAt = time.Now().Unix()
+	env.Key = env.ID
+	env.EncryptionKey = env.Hash
+
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Env).Insert(env.ID, env, &insertOpt)
+	if err != nil {
+		return env, err
+	}
+	return env, nil
+}
+
+// UpdateEnv to update environment information in database
+func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	env.UpdatedAt = time.Now().Unix()
+	env.EncryptionKey = env.Hash
+
+	updateEnvQuery := fmt.Sprintf("UPDATE %s.%s SET env = $1, updated_at = $2 WHERE _id = $3", p.scopeName, models.Collections.Env)
+	_, err := p.db.Query(updateEnvQuery, &gocb.QueryOptions{
+		Context:              ctx,
+		PositionalParameters: []interface{}{env.EnvData, env.UpdatedAt, env.UpdatedAt, env.ID},
+	})
+
+	if err != nil {
+		return env, err
+	}
+
+	return env, nil
+}
+
+// GetEnv to get environment information from database
+func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
+	var env models.Env
+
+	query := fmt.Sprintf("SELECT _id, env, encryption_key, created_at, updated_at FROM %s.%s LIMIT 1", p.scopeName, models.Collections.Env)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+	})
+	if err != nil {
+		return env, err
+	}
+	err = q.One(&env)
+
+	if err != nil {
+		return env, err
+	}
+	env.Hash = env.EncryptionKey
+	return env, nil
+}
--- a/server/db/providers/couchbase/otp.go
+++ b/server/db/providers/couchbase/otp.go
@@ -0,0 +1,84 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// UpsertOTP to add or update otp
+func (p *provider) UpsertOTP(ctx context.Context, otpParam *models.OTP) (*models.OTP, error) {
+	otp, _ := p.GetOTPByEmail(ctx, otpParam.Email)
+
+	shouldCreate := false
+	if otp == nil {
+		shouldCreate = true
+		otp = &models.OTP{
+			ID:        uuid.NewString(),
+			Otp:       otpParam.Otp,
+			Email:     otpParam.Email,
+			ExpiresAt: otpParam.ExpiresAt,
+			CreatedAt: time.Now().Unix(),
+			UpdatedAt: time.Now().Unix(),
+		}
+	} else {
+		otp.Otp = otpParam.Otp
+		otp.ExpiresAt = otpParam.ExpiresAt
+	}
+
+	otp.UpdatedAt = time.Now().Unix()
+	if shouldCreate {
+		insertOpt := gocb.InsertOptions{
+			Context: ctx,
+		}
+		_, err := p.db.Collection(models.Collections.OTP).Insert(otp.ID, otp, &insertOpt)
+		if err != nil {
+			return otp, err
+		}
+	} else {
+		query := fmt.Sprintf(`UPDATE %s.%s SET otp=$1, expires_at=$2, updated_at=$3 WHERE _id=$4`, p.scopeName, models.Collections.OTP)
+		_, err := p.db.Query(query, &gocb.QueryOptions{
+			PositionalParameters: []interface{}{otp.Otp, otp.ExpiresAt, otp.UpdatedAt, otp.ID},
+		})
+		if err != nil {
+			return otp, err
+		}
+	}
+	return otp, nil
+}
+
+// GetOTPByEmail to get otp for a given email address
+func (p *provider) GetOTPByEmail(ctx context.Context, emailAddress string) (*models.OTP, error) {
+	otp := models.OTP{}
+	query := fmt.Sprintf(`SELECT _id, email, otp, expires_at, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1`, p.scopeName, models.Collections.OTP)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{emailAddress},
+	})
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&otp)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &otp, nil
+}
+
+// DeleteOTP to delete otp
+func (p *provider) DeleteOTP(ctx context.Context, otp *models.OTP) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.OTP).Remove(otp.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/server/db/providers/couchbase/provider.go
+++ b/server/db/providers/couchbase/provider.go
@@ -0,0 +1,170 @@
+package couchbase
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/couchbase/gocb/v2"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+)
+
+const (
+	defaultBucketName = "authorizer"
+	defaultScope      = "_default"
+)
+
+type provider struct {
+	db        *gocb.Scope
+	scopeName string
+}
+
+// NewProvider returns a new Couchbase provider
+func NewProvider() (*provider, error) {
+	bucketName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().CouchbaseBucket
+	scopeName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().CouchbaseScope
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
+	userName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
+	password := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword
+	opts := gocb.ClusterOptions{
+		Username: userName,
+		Password: password,
+	}
+	if bucketName == "" {
+		bucketName = defaultBucketName
+	}
+	if scopeName == "" {
+		scopeName = defaultScope
+	}
+	cluster, err := gocb.Connect(dbURL, opts)
+	if err != nil {
+		return nil, err
+	}
+	// To create the bucket and scope if not exist
+	bucket, err := CreateBucketAndScope(cluster, bucketName, scopeName)
+	if err != nil {
+		return nil, err
+	}
+	scope := bucket.Scope(scopeName)
+	scopeIdentifier := fmt.Sprintf("%s.%s", bucketName, scopeName)
+	v := reflect.ValueOf(models.Collections)
+	for i := 0; i < v.NumField(); i++ {
+		collectionName := v.Field(i)
+		user := gocb.CollectionSpec{
+			Name:      collectionName.String(),
+			ScopeName: scopeName,
+		}
+		collectionOpts := gocb.CreateCollectionOptions{
+			Context: context.TODO(),
+		}
+		err = bucket.Collections().CreateCollection(user, &collectionOpts)
+		if err != nil && !errors.Is(err, gocb.ErrCollectionExists) {
+			return nil, err
+		}
+		// TODO: find how to fix this sleep time.
+		// Add wait time for successful collection creation
+		time.Sleep(5 * time.Second)
+		indexQuery := fmt.Sprintf("CREATE PRIMARY INDEX ON %s.%s", scopeIdentifier, collectionName.String())
+		_, err = scope.Query(indexQuery, nil)
+		if err != nil && !strings.Contains(err.Error(), "The index #primary already exists") {
+			return nil, err
+		}
+	}
+
+	indices := GetIndex(scopeIdentifier)
+	for i := 0; i < v.NumField(); i++ {
+		field := v.Field(i)
+		for _, indexQuery := range indices[field.String()] {
+			scope.Query(indexQuery, nil)
+		}
+	}
+	return &provider{
+		db:        scope,
+		scopeName: scopeIdentifier,
+	}, nil
+}
+
+func CreateBucketAndScope(cluster *gocb.Cluster, bucketName string, scopeName string) (*gocb.Bucket, error) {
+	bucketRAMQuotaMB := memorystore.RequiredEnvStoreObj.GetRequiredEnv().CouchbaseBucketRAMQuotaMB
+	if bucketRAMQuotaMB == "" {
+		bucketRAMQuotaMB = "1000"
+	}
+	bucketRAMQuota, err := strconv.ParseInt(bucketRAMQuotaMB, 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	settings := gocb.BucketSettings{
+		Name:            bucketName,
+		RAMQuotaMB:      uint64(bucketRAMQuota),
+		BucketType:      gocb.CouchbaseBucketType,
+		EvictionPolicy:  gocb.EvictionPolicyTypeValueOnly,
+		FlushEnabled:    true,
+		CompressionMode: gocb.CompressionModeActive,
+	}
+	shouldCreateBucket := false
+	// check if bucket exists
+	_, err = cluster.Buckets().GetBucket(bucketName, nil)
+	if err != nil {
+		// bucket not found
+		shouldCreateBucket = true
+	}
+	if shouldCreateBucket {
+		err = cluster.Buckets().CreateBucket(gocb.CreateBucketSettings{
+			BucketSettings:         settings,
+			ConflictResolutionType: gocb.ConflictResolutionTypeSequenceNumber,
+		}, nil)
+		if err != nil {
+			return nil, err
+		}
+	}
+	bucket := cluster.Bucket(bucketName)
+	if scopeName != defaultScope {
+		err = bucket.Collections().CreateScope(scopeName, nil)
+		if err != nil && !errors.Is(err, gocb.ErrScopeExists) {
+			return bucket, err
+		}
+	}
+	return bucket, nil
+}
+
+func GetIndex(scopeName string) map[string][]string {
+	indices := make(map[string][]string)
+
+	// User Index
+	userIndex1 := fmt.Sprintf("CREATE INDEX userEmailIndex ON %s.%s(email)", scopeName, models.Collections.User)
+	userIndex2 := fmt.Sprintf("CREATE INDEX userPhoneIndex ON %s.%s(phone_number)", scopeName, models.Collections.User)
+	indices[models.Collections.User] = []string{userIndex1, userIndex2}
+
+	// VerificationRequest
+	verificationIndex1 := fmt.Sprintf("CREATE INDEX verificationRequestTokenIndex ON %s.%s(token)", scopeName, models.Collections.VerificationRequest)
+	verificationIndex2 := fmt.Sprintf("CREATE INDEX verificationRequestEmailAndIdentifierIndex ON %s.%s(email,identifier)", scopeName, models.Collections.VerificationRequest)
+	indices[models.Collections.VerificationRequest] = []string{verificationIndex1, verificationIndex2}
+
+	// Session index
+	sessionIndex1 := fmt.Sprintf("CREATE INDEX SessionUserIdIndex ON %s.%s(user_id)", scopeName, models.Collections.Session)
+	indices[models.Collections.Session] = []string{sessionIndex1}
+
+	// Webhook index
+	webhookIndex1 := fmt.Sprintf("CREATE INDEX webhookEventNameIndex ON %s.%s(event_name)", scopeName, models.Collections.Webhook)
+	indices[models.Collections.Webhook] = []string{webhookIndex1}
+
+	// WebhookLog index
+	webhookLogIndex1 := fmt.Sprintf("CREATE INDEX webhookLogIdIndex ON %s.%s(webhook_id)", scopeName, models.Collections.WebhookLog)
+	indices[models.Collections.Webhook] = []string{webhookLogIndex1}
+
+	// WebhookLog index
+	emailTempIndex1 := fmt.Sprintf("CREATE INDEX EmailTemplateEventNameIndex ON %s.%s(event_name)", scopeName, models.Collections.EmailTemplate)
+	indices[models.Collections.EmailTemplate] = []string{emailTempIndex1}
+
+	// OTP index
+	otpIndex1 := fmt.Sprintf("CREATE INDEX OTPEmailIndex ON %s.%s(email)", scopeName, models.Collections.OTP)
+	indices[models.Collections.OTP] = []string{otpIndex1}
+
+	return indices
+}
--- a/server/db/providers/couchbase/session.go
+++ b/server/db/providers/couchbase/session.go
@@ -0,0 +1,34 @@
+package couchbase
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddSession to save session information in database
+func (p *provider) AddSession(ctx context.Context, session models.Session) error {
+	if session.ID == "" {
+		session.ID = uuid.New().String()
+	}
+
+	session.CreatedAt = time.Now().Unix()
+	session.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Session).Insert(session.ID, session, &insertOpt)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DeleteSession to delete session information from database
+func (p *provider) DeleteSession(ctx context.Context, userId string) error {
+	return nil
+}
--- a/server/db/providers/couchbase/shared.go
+++ b/server/db/providers/couchbase/shared.go
@@ -0,0 +1,65 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/couchbase/gocb/v2"
+)
+
+func GetSetFields(webhookMap map[string]interface{}) (string, map[string]interface{}) {
+	params := make(map[string]interface{}, 1)
+
+	updateFields := ""
+
+	for key, value := range webhookMap {
+		if key == "_id" {
+			continue
+		}
+
+		if key == "_key" {
+			continue
+		}
+
+		if value == nil {
+			updateFields += fmt.Sprintf("%s=$%s,", key, key)
+			params[key] = "null"
+			continue
+		}
+
+		valueType := reflect.TypeOf(value)
+		if valueType.Name() == "string" {
+			updateFields += fmt.Sprintf("%s = $%s, ", key, key)
+			params[key] = value.(string)
+
+		} else {
+			updateFields += fmt.Sprintf("%s = $%s, ", key, key)
+			params[key] = value
+		}
+	}
+	updateFields = strings.Trim(updateFields, " ")
+	updateFields = strings.TrimSuffix(updateFields, ",")
+	return updateFields, params
+}
+
+func (p *provider) GetTotalDocs(ctx context.Context, collection string) (int64, error) {
+	totalDocs := TotalDocs{}
+
+	countQuery := fmt.Sprintf("SELECT COUNT(*) as Total FROM %s.%s", p.scopeName, collection)
+	queryRes, err := p.db.Query(countQuery, &gocb.QueryOptions{
+		Context: ctx,
+	})
+
+	queryRes.One(&totalDocs)
+
+	if err != nil {
+		return totalDocs.Total, err
+	}
+	return totalDocs.Total, nil
+}
+
+type TotalDocs struct {
+	Total int64
+}
--- a/server/db/providers/couchbase/user.go
+++ b/server/db/providers/couchbase/user.go
@@ -0,0 +1,199 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddUser to save user information in database
+func (p *provider) AddUser(ctx context.Context, user models.User) (models.User, error) {
+	if user.ID == "" {
+		user.ID = uuid.New().String()
+	}
+
+	if user.Roles == "" {
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
+	}
+
+	user.CreatedAt = time.Now().Unix()
+	user.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.User).Insert(user.ID, user, &insertOpt)
+	if err != nil {
+		return user, err
+	}
+	return user, nil
+}
+
+// UpdateUser to update user information in database
+func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
+	user.UpdatedAt = time.Now().Unix()
+	unsertOpt := gocb.UpsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.User).Upsert(user.ID, user, &unsertOpt)
+	if err != nil {
+		return user, err
+	}
+	return user, nil
+}
+
+// DeleteUser to delete user information from database
+func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.User).Remove(user.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// ListUsers to get list of users from database
+func (p *provider) ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error) {
+	users := []*model.User{}
+	paginationClone := pagination
+
+	userQuery := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s ORDER BY id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.User)
+
+	queryResult, err := p.db.Query(userQuery, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{paginationClone.Offset, paginationClone.Limit},
+	})
+	if err != nil {
+		return nil, err
+	}
+	total, err := p.GetTotalDocs(ctx, models.Collections.User)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	for queryResult.Next() {
+		var user models.User
+		err := queryResult.Row(&user)
+		if err != nil {
+			log.Fatal(err)
+		}
+		users = append(users, user.AsAPIUser())
+	}
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+	}
+	return &model.Users{
+		Pagination: &paginationClone,
+		Users:      users,
+	}, nil
+}
+
+// GetUserByEmail to get user information from database using email address
+func (p *provider) GetUserByEmail(ctx context.Context, email string) (models.User, error) {
+	user := models.User{}
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{email},
+	})
+
+	if err != nil {
+		return user, err
+	}
+	err = q.One(&user)
+	if err != nil {
+		return user, err
+	}
+
+	return user, nil
+}
+
+// GetUserByID to get user information from database using user ID
+func (p *provider) GetUserByID(ctx context.Context, id string) (models.User, error) {
+	user := models.User{}
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE _id = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{id},
+	})
+	if err != nil {
+		return user, err
+	}
+	err = q.One(&user)
+	if err != nil {
+		return user, err
+	}
+
+	return user, nil
+}
+
+// UpdateUsers to update multiple users, with parameters of user IDs slice
+// If ids set to nil / empty all the users will be updated
+func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{}, ids []string) error {
+	// set updated_at time for all users
+	data["updated_at"] = time.Now().Unix()
+	updateFields, params := GetSetFields(data)
+	if len(ids) > 0 {
+		for _, id := range ids {
+			params["id"] = id
+			userQuery := fmt.Sprintf("UPDATE %s.%s SET %s WHERE _id = $id", p.scopeName, models.Collections.User, updateFields)
+
+			_, err := p.db.Query(userQuery, &gocb.QueryOptions{
+				ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+				Context:         ctx,
+				NamedParameters: params,
+			})
+			if err != nil {
+				return err
+			}
+		}
+	} else {
+		userQuery := fmt.Sprintf("UPDATE %s.%s SET %s WHERE _id IS NOT NULL", p.scopeName, models.Collections.User, updateFields)
+		_, err := p.db.Query(userQuery, &gocb.QueryOptions{
+			ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+			Context:         ctx,
+			NamedParameters: params,
+		})
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// GetUserByPhoneNumber to get user information from database using phone number
+func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
+	var user *models.User
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE phone_number = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		Context:              ctx,
+		PositionalParameters: []interface{}{phoneNumber},
+	})
+	if err != nil {
+		return user, err
+	}
+	err = q.One(&user)
+	if err != nil {
+		return user, err
+	}
+
+	return user, nil
+}
--- a/server/db/providers/couchbase/verification_requests.go
+++ b/server/db/providers/couchbase/verification_requests.go
@@ -0,0 +1,128 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddVerification to save verification request in database
+func (p *provider) AddVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) (models.VerificationRequest, error) {
+	if verificationRequest.ID == "" {
+		verificationRequest.ID = uuid.New().String()
+	}
+
+	verificationRequest.Key = verificationRequest.ID
+	verificationRequest.CreatedAt = time.Now().Unix()
+	verificationRequest.UpdatedAt = time.Now().Unix()
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.VerificationRequest).Insert(verificationRequest.ID, verificationRequest, &insertOpt)
+	if err != nil {
+		return verificationRequest, err
+	}
+
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByToken to get verification request from database using token
+func (p *provider) GetVerificationRequestByToken(ctx context.Context, token string) (models.VerificationRequest, error) {
+	verificationRequest := models.VerificationRequest{}
+	params := make(map[string]interface{}, 1)
+	params["token"] = token
+	query := fmt.Sprintf("SELECT _id, token, identifier, expires_at, email, nonce, redirect_uri, created_at, updated_at FROM %s.%s WHERE token=$1 LIMIT 1", p.scopeName, models.Collections.VerificationRequest)
+
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		PositionalParameters: []interface{}{token},
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+	})
+
+	if err != nil {
+		return verificationRequest, err
+	}
+	err = queryResult.One(&verificationRequest)
+
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByEmail to get verification request by email from database
+func (p *provider) GetVerificationRequestByEmail(ctx context.Context, email string, identifier string) (models.VerificationRequest, error) {
+
+	query := fmt.Sprintf("SELECT _id, identifier, token, expires_at, email, nonce, redirect_uri, created_at, updated_at FROM %s.%s WHERE email=$1 AND identifier=$2 LIMIT 1", p.scopeName, models.Collections.VerificationRequest)
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		PositionalParameters: []interface{}{email, identifier},
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+	})
+	verificationRequest := models.VerificationRequest{}
+
+	if err != nil {
+		return verificationRequest, err
+	}
+
+	err = queryResult.One(&verificationRequest)
+
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// ListVerificationRequests to get list of verification requests from database
+func (p *provider) ListVerificationRequests(ctx context.Context, pagination model.Pagination) (*model.VerificationRequests, error) {
+	var verificationRequests []*model.VerificationRequest
+	paginationClone := pagination
+	total, err := p.GetTotalDocs(ctx, models.Collections.VerificationRequest)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s OFFSET $1 LIMIT $2", p.scopeName, models.Collections.VerificationRequest)
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:              ctx,
+		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
+		PositionalParameters: []interface{}{paginationClone.Offset, paginationClone.Limit},
+	})
+	if err != nil {
+		return nil, err
+	}
+	for queryResult.Next() {
+		var verificationRequest models.VerificationRequest
+		err := queryResult.Row(&verificationRequest)
+		if err != nil {
+			log.Fatal(err)
+		}
+		verificationRequests = append(verificationRequests, verificationRequest.AsAPIVerificationRequest())
+	}
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+	return &model.VerificationRequests{
+		VerificationRequests: verificationRequests,
+		Pagination:           &paginationClone,
+	}, nil
+}
+
+// DeleteVerificationRequest to delete verification request from database
+func (p *provider) DeleteVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) error {
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.VerificationRequest).Remove(verificationRequest.ID, &removeOpt)
+	if err != nil {
+		return err
+	}
+	return nil
+}
--- a/server/db/providers/couchbase/webhook.go
+++ b/server/db/providers/couchbase/webhook.go
@@ -0,0 +1,185 @@
+package couchbase
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddWebhook to add webhook
+func (p *provider) AddWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	if webhook.ID == "" {
+		webhook.ID = uuid.New().String()
+	}
+
+	webhook.Key = webhook.ID
+	webhook.CreatedAt = time.Now().Unix()
+	webhook.UpdatedAt = time.Now().Unix()
+
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Webhook).Insert(webhook.ID, webhook, &insertOpt)
+	if err != nil {
+		return webhook.AsAPIWebhook(), err
+	}
+	return webhook.AsAPIWebhook(), nil
+}
+
+// UpdateWebhook to update webhook
+func (p *provider) UpdateWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	webhook.UpdatedAt = time.Now().Unix()
+
+	bytes, err := json.Marshal(webhook)
+	if err != nil {
+		return nil, err
+	}
+	// use decoder instead of json.Unmarshall, because it converts int64 -> float64 after unmarshalling
+	decoder := json.NewDecoder(strings.NewReader(string(bytes)))
+	decoder.UseNumber()
+	webhookMap := map[string]interface{}{}
+	err = decoder.Decode(&webhookMap)
+	if err != nil {
+		return nil, err
+	}
+
+	updateFields, params := GetSetFields(webhookMap)
+
+	query := fmt.Sprintf(`UPDATE %s.%s SET %s WHERE _id='%s'`, p.scopeName, models.Collections.Webhook, updateFields, webhook.ID)
+
+	_, err = p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// ListWebhooks to list webhook
+func (p *provider) ListWebhook(ctx context.Context, pagination model.Pagination) (*model.Webhooks, error) {
+	webhooks := []*model.Webhook{}
+	paginationClone := pagination
+
+	params := make(map[string]interface{}, 1)
+	params["offset"] = paginationClone.Offset
+	params["limit"] = paginationClone.Limit
+	total, err := p.GetTotalDocs(ctx, models.Collections.Webhook)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	query := fmt.Sprintf("SELECT _id, env, created_at, updated_at FROM %s.%s OFFSET $offset LIMIT $limit", p.scopeName, models.Collections.Webhook)
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return nil, err
+	}
+	for queryResult.Next() {
+		var webhook models.Webhook
+		err := queryResult.Row(&webhook)
+		if err != nil {
+			log.Fatal(err)
+		}
+		webhooks = append(webhooks, webhook.AsAPIWebhook())
+	}
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+	}
+	return &model.Webhooks{
+		Pagination: &paginationClone,
+		Webhooks:   webhooks,
+	}, nil
+}
+
+// GetWebhookByID to get webhook by id
+func (p *provider) GetWebhookByID(ctx context.Context, webhookID string) (*model.Webhook, error) {
+	var webhook models.Webhook
+
+	params := make(map[string]interface{}, 1)
+	params["_id"] = webhookID
+
+	query := fmt.Sprintf(`SELECT _id, event_name, endpoint, headers, enabled, created_at, updated_at FROM %s.%s WHERE _id=$_id LIMIT 1`, p.scopeName, models.Collections.Webhook)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&webhook)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// GetWebhookByEventName to get webhook by event_name
+func (p *provider) GetWebhookByEventName(ctx context.Context, eventName string) (*model.Webhook, error) {
+	var webhook models.Webhook
+	params := make(map[string]interface{}, 1)
+	params["event_name"] = eventName
+
+	query := fmt.Sprintf(`SELECT _id, event_name, endpoint, headers, enabled, created_at, updated_at FROM %s.%s WHERE event_name=$event_name LIMIT 1`, p.scopeName, models.Collections.Webhook)
+	q, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	err = q.One(&webhook)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// DeleteWebhook to delete webhook
+func (p *provider) DeleteWebhook(ctx context.Context, webhook *model.Webhook) error {
+
+	params := make(map[string]interface{}, 1)
+	params["webhook_id"] = webhook.ID
+	removeOpt := gocb.RemoveOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.Webhook).Remove(webhook.ID, &removeOpt)
+
+	if err != nil {
+		return err
+	}
+
+	query := fmt.Sprintf(`DELETE FROM %s.%s WHERE webhook_id=$webhook_id`, p.scopeName, models.Collections.WebhookLog)
+	_, err = p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
--- a/server/db/providers/couchbase/webhook_log.go
+++ b/server/db/providers/couchbase/webhook_log.go
@@ -0,0 +1,85 @@
+package couchbase
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/couchbase/gocb/v2"
+	"github.com/google/uuid"
+)
+
+// AddWebhookLog to add webhook log
+func (p *provider) AddWebhookLog(ctx context.Context, webhookLog models.WebhookLog) (*model.WebhookLog, error) {
+	if webhookLog.ID == "" {
+		webhookLog.ID = uuid.New().String()
+	}
+
+	webhookLog.Key = webhookLog.ID
+	webhookLog.CreatedAt = time.Now().Unix()
+	webhookLog.UpdatedAt = time.Now().Unix()
+
+	insertOpt := gocb.InsertOptions{
+		Context: ctx,
+	}
+	_, err := p.db.Collection(models.Collections.WebhookLog).Insert(webhookLog.ID, webhookLog, &insertOpt)
+	if err != nil {
+		return webhookLog.AsAPIWebhookLog(), err
+	}
+
+	return webhookLog.AsAPIWebhookLog(), nil
+}
+
+// ListWebhookLogs to list webhook logs
+func (p *provider) ListWebhookLogs(ctx context.Context, pagination model.Pagination, webhookID string) (*model.WebhookLogs, error) {
+	var query string
+	var err error
+
+	webhookLogs := []*model.WebhookLog{}
+	params := make(map[string]interface{}, 1)
+	paginationClone := pagination
+
+	params["webhookID"] = webhookID
+	params["offset"] = paginationClone.Offset
+	params["limit"] = paginationClone.Limit
+	total, err := p.GetTotalDocs(ctx, models.Collections.WebhookLog)
+	if err != nil {
+		return nil, err
+	}
+	paginationClone.Total = total
+	if webhookID != "" {
+		query = fmt.Sprintf(`SELECT _id, http_status, response, request, webhook_id, created_at, updated_at FROM %s.%s WHERE webhook_id=$webhookID`, p.scopeName, models.Collections.WebhookLog)
+	} else {
+		query = fmt.Sprintf("SELECT _id, http_status, response, request, webhook_id, created_at, updated_at FROM %s.%s OFFSET $offset LIMIT $limit", p.scopeName, models.Collections.WebhookLog)
+	}
+
+	queryResult, err := p.db.Query(query, &gocb.QueryOptions{
+		Context:         ctx,
+		ScanConsistency: gocb.QueryScanConsistencyRequestPlus,
+		NamedParameters: params,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	for queryResult.Next() {
+		var webhookLog models.WebhookLog
+		err := queryResult.Row(&webhookLog)
+		if err != nil {
+			log.Fatal(err)
+		}
+		webhookLogs = append(webhookLogs, webhookLog.AsAPIWebhookLog())
+	}
+
+	if err := queryResult.Err(); err != nil {
+		return nil, err
+
+	}
+	return &model.WebhookLogs{
+		Pagination:  &paginationClone,
+		WebhookLogs: webhookLogs,
+	}, nil
+}
--- a/server/env/env.go
+++ b/server/env/env.go
@@ -81,6 +81,9 @@ func InitAllEnv() error {
 	osAwsRegion := os.Getenv(constants.EnvAwsRegion)
 	osAwsAccessKey := os.Getenv(constants.EnvAwsAccessKeyID)
 	osAwsSecretKey := os.Getenv(constants.EnvAwsSecretAccessKey)
+	osCouchbaseBucket := os.Getenv(constants.EnvCouchbaseBucket)
+	osCouchbaseScope := os.Getenv(constants.EnvCouchbaseScope)
+	osCouchbaseBucketRAMQuotaMB := os.Getenv(constants.EnvCouchbaseBucketRAMQuotaMB)

 	// os bool vars
 	osAppCookieSecure := os.Getenv(constants.EnvKeyAppCookieSecure)
@@ -134,17 +137,38 @@ func InitAllEnv() error {
 	if val, ok := envData[constants.EnvAwsAccessKeyID]; !ok || val == "" {
 		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
 	}
-	if osAwsAccessKey != "" && envData[constants.EnvAwsAccessKeyID] != osAwsRegion {
+	if osAwsAccessKey != "" && envData[constants.EnvAwsAccessKeyID] != osAwsAccessKey {
 		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
 	}

 	if val, ok := envData[constants.EnvAwsSecretAccessKey]; !ok || val == "" {
 		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
 	}
-	if osAwsSecretKey != "" && envData[constants.EnvAwsSecretAccessKey] != osAwsRegion {
+	if osAwsSecretKey != "" && envData[constants.EnvAwsSecretAccessKey] != osAwsSecretKey {
 		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
 	}

+	if val, ok := envData[constants.EnvCouchbaseBucket]; !ok || val == "" {
+		envData[constants.EnvCouchbaseBucket] = osCouchbaseBucket
+	}
+	if osCouchbaseBucket != "" && envData[constants.EnvCouchbaseBucket] != osCouchbaseBucket {
+		envData[constants.EnvCouchbaseBucket] = osCouchbaseBucket
+	}
+
+	if val, ok := envData[constants.EnvCouchbaseBucketRAMQuotaMB]; !ok || val == "" {
+		envData[constants.EnvCouchbaseBucketRAMQuotaMB] = osCouchbaseBucketRAMQuotaMB
+	}
+	if osCouchbaseBucketRAMQuotaMB != "" && envData[constants.EnvCouchbaseBucketRAMQuotaMB] != osCouchbaseBucketRAMQuotaMB {
+		envData[constants.EnvCouchbaseBucketRAMQuotaMB] = osCouchbaseBucketRAMQuotaMB
+	}
+
+	if val, ok := envData[constants.EnvCouchbaseScope]; !ok || val == "" {
+		envData[constants.EnvCouchbaseScope] = osCouchbaseScope
+	}
+	if osCouchbaseScope != "" && envData[constants.EnvCouchbaseScope] != osCouchbaseScope {
+		envData[constants.EnvCouchbaseScope] = osCouchbaseScope
+	}
+
 	if val, ok := envData[constants.EnvKeyAppURL]; !ok || val == "" {
 		envData[constants.EnvKeyAppURL] = osAppURL
 	}
--- a/server/go.mod
+++ b/server/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/arangodb/go-driver v1.2.1
 	github.com/aws/aws-sdk-go v1.44.109
 	github.com/coreos/go-oidc/v3 v3.1.0
+	github.com/couchbase/gocb/v2 v2.6.0 // indirect
 	github.com/gin-gonic/gin v1.8.1
 	github.com/glebarez/sqlite v1.5.0
 	github.com/go-playground/validator/v10 v10.11.1 // indirect
@@ -17,6 +18,7 @@ require (
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/uuid v1.3.0
 	github.com/guregu/dynamo v1.16.0
+	github.com/jackc/pgx/v4 v4.17.2 // indirect
 	github.com/joho/godotenv v1.3.0
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
@@ -25,7 +27,7 @@ require (
 	github.com/stretchr/testify v1.8.0
 	github.com/vektah/gqlparser/v2 v2.5.1
 	go.mongodb.org/mongo-driver v1.8.1
-	golang.org/x/crypto v0.3.0
+	golang.org/x/crypto v0.4.0
 	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
@@ -33,7 +35,7 @@ require (
 	gopkg.in/mail.v2 v2.3.1
 	gopkg.in/square/go-jose.v2 v2.6.0
 	gorm.io/driver/mysql v1.4.3
-	gorm.io/driver/postgres v1.4.5
+	gorm.io/driver/postgres v1.4.7
 	gorm.io/driver/sqlserver v1.4.1
-	gorm.io/gorm v1.24.1
+	gorm.io/gorm v1.24.2
 )
--- a/server/go.sum
+++ b/server/go.sum
@@ -77,6 +77,11 @@ github.com/coreos/go-oidc/v3 v3.1.0 h1:6avEvcdvTa1qYsOZ6I5PRkSYHzpTNWgKYmaJfaYbr
 github.com/coreos/go-oidc/v3 v3.1.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/couchbase/gocb/v2 v2.6.0 h1:DhkLNatDcddCcS411D6kNwZspSEAWVeI/N3abzt/HLc=
+github.com/couchbase/gocb/v2 v2.6.0/go.mod h1:5su8b1gBF3V4j07SiGw+CA0bK9a84YWEb6UH7up0MEs=
+github.com/couchbase/gocbcore/v10 v10.2.0 h1:ZoSBLtcmt+lXbxVVT4SAhXDVNR+D48iSOZWNzHucVVk=
+github.com/couchbase/gocbcore/v10 v10.2.0/go.mod h1:qkPnOBziCs0guMEEvd0cRFo+AjOW0yEL99cU3I4n3Ao=
+github.com/couchbaselabs/gocaves/client v0.0.0-20220223122017-22859b310bd2/go.mod h1:AVekAZwIY2stsJOMWLAS/0uA/+qdp7pjO8EHnl61QkY=
 github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
@@ -174,6 +179,8 @@ github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiu
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -249,6 +256,8 @@ github.com/jackc/pgproto3/v2 v2.3.1 h1:nwj7qwf0S+Q7ISFfBndqeLwSwxs+4DPsbRFjECT1Y
 github.com/jackc/pgproto3/v2 v2.3.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
 github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg=
 github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
+github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=
+github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
 github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
 github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
 github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
@@ -261,10 +270,13 @@ github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQ
 github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
 github.com/jackc/pgx/v4 v4.17.2 h1:0Ut0rpeKwvIVbMQ1KbMBU4h6wxehBI535LK6Flheh8E=
 github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw=
+github.com/jackc/pgx/v5 v5.2.0 h1:NdPpngX0Y6z6XDFKqmFQaE+bCtkqzvQIOt1wvBlAqs8=
+github.com/jackc/pgx/v5 v5.2.0/go.mod h1:Ptn7zmohNsWEsdxRawMzk3gaKma2obW+NWTnKa0S4nk=
 github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle/v2 v2.1.2/go.mod h1:2lpufsF5mRHO6SuZkm0fNYxM6SWHfvyFj62KwNzgels=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
@@ -377,6 +389,7 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
@@ -425,6 +438,7 @@ go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
@@ -447,9 +461,12 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220511200225-c6db032c6c88/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.4.0 h1:UVQgzMY87xqpKNgb+kDsll2Igd33HszWHFLmpaRMq/8=
+golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -525,6 +542,8 @@ golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0 h1:VWL6FNY2bEEmsGVKabSlHu5Irp34xmMRoqb/9lF9lxk=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -544,6 +563,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7 h1:ZrnxWX62AgTKOSagEqxvb3ffipvEDX2pl7E1TdqLqIc=
+golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -598,10 +619,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -611,8 +635,11 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -792,6 +819,8 @@ gorm.io/driver/mysql v1.4.3 h1:/JhWJhO2v17d8hjApTltKNADm7K7YI2ogkR7avJUL3k=
 gorm.io/driver/mysql v1.4.3/go.mod h1:sSIebwZAVPiT+27jK9HIwvsqOGKx3YMPmrA3mBJR10c=
 gorm.io/driver/postgres v1.4.5 h1:mTeXTTtHAgnS9PgmhN2YeUbazYpLhUI1doLnw42XUZc=
 gorm.io/driver/postgres v1.4.5/go.mod h1:GKNQYSJ14qvWkvPwXljMGehpKrhlDNsqYRr5HnYGncg=
+gorm.io/driver/postgres v1.4.7 h1:J06jXZCNq7Pdf7LIPn8tZn9LsWjd81BRSKveKNr0ZfA=
+gorm.io/driver/postgres v1.4.7/go.mod h1:UJChCNLFKeBqQRE+HrkFUbKbq9idPXmTOk2u4Wok8S4=
 gorm.io/driver/sqlserver v1.4.1 h1:t4r4r6Jam5E6ejqP7N82qAJIJAht27EGT41HyPfXRw0=
 gorm.io/driver/sqlserver v1.4.1/go.mod h1:DJ4P+MeZbc5rvY58PnmN1Lnyvb5gw5NPzGshHDnJLig=
 gorm.io/gorm v1.23.8/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk=
@@ -799,6 +828,8 @@ gorm.io/gorm v1.24.0/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
 gorm.io/gorm v1.24.1-0.20221019064659-5dd2bb482755/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
 gorm.io/gorm v1.24.1 h1:CgvzRniUdG67hBAzsxDGOAuq4Te1osVMYsa1eQbd4fs=
 gorm.io/gorm v1.24.1/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
+gorm.io/gorm v1.24.2 h1:9wR6CFD+G8nOusLdvkZelOEhpJVwwHzpQOUM+REd6U0=
+gorm.io/gorm v1.24.2/go.mod h1:DVrVomtaYTbqs7gB/x2uVvqnXzv0nqjB396B8cG4dBA=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/server/graph/generated/generated.go
+++ b/server/graph/generated/generated.go
@@ -203,6 +203,7 @@ type ComplexityRoot struct {
 		Meta                 func(childComplexity int) int
 		Profile              func(childComplexity int) int
 		Session              func(childComplexity int, params *model.SessionQueryInput) int
+		User                 func(childComplexity int, params model.GetUserRequest) int
 		Users                func(childComplexity int, params *model.PaginatedInput) int
 		ValidateJwtToken     func(childComplexity int, params model.ValidateJWTTokenInput) int
 		VerificationRequests func(childComplexity int, params *model.PaginatedInput) int
@@ -339,6 +340,7 @@ type QueryResolver interface {
 	Profile(ctx context.Context) (*model.User, error)
 	ValidateJwtToken(ctx context.Context, params model.ValidateJWTTokenInput) (*model.ValidateJWTTokenResponse, error)
 	Users(ctx context.Context, params *model.PaginatedInput) (*model.Users, error)
+	User(ctx context.Context, params model.GetUserRequest) (*model.User, error)
 	VerificationRequests(ctx context.Context, params *model.PaginatedInput) (*model.VerificationRequests, error)
 	AdminSession(ctx context.Context) (*model.Response, error)
 	Env(ctx context.Context) (*model.Env, error)
@@ -1435,6 +1437,18 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in

 		return e.complexity.Query.Session(childComplexity, args["params"].(*model.SessionQueryInput)), true

+	case "Query._user":
+		if e.complexity.Query.User == nil {
+			break
+		}
+
+		args, err := ec.field_Query__user_args(context.TODO(), rawArgs)
+		if err != nil {
+			return 0, false
+		}
+
+		return e.complexity.Query.User(childComplexity, args["params"].(model.GetUserRequest)), true
+
 	case "Query._users":
 		if e.complexity.Query.Users == nil {
 			break
@@ -1908,6 +1922,7 @@ func (e *executableSchema) Exec(ctx context.Context) graphql.ResponseHandler {
 		ec.unmarshalInputDeleteUserInput,
 		ec.unmarshalInputForgotPasswordInput,
 		ec.unmarshalInputGenerateJWTKeysInput,
+		ec.unmarshalInputGetUserRequest,
 		ec.unmarshalInputInviteMemberInput,
 		ec.unmarshalInputListWebhookLogRequest,
 		ec.unmarshalInputLoginInput,
@@ -2510,6 +2525,10 @@ input ResendOTPRequest {
  state: String
 }

+input GetUserRequest {
+  id: String!
+}
+
 type Mutation {
  signup(params: SignUpInput!): AuthResponse!
  mobile_signup(params: MobileSignUpInput): AuthResponse!
@@ -2552,6 +2571,7 @@ type Query {
  validate_jwt_token(params: ValidateJWTTokenInput!): ValidateJWTTokenResponse!
  # admin only apis
  _users(params: PaginatedInput): Users!
+  _user(params: GetUserRequest!): User!
  _verification_requests(params: PaginatedInput): VerificationRequests!
  _admin_session: Response!
  _env: Env!
@@ -3033,6 +3053,21 @@ func (ec *executionContext) field_Query__email_templates_args(ctx context.Contex
 	return args, nil
 }

+func (ec *executionContext) field_Query__user_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) {
+	var err error
+	args := map[string]interface{}{}
+	var arg0 model.GetUserRequest
+	if tmp, ok := rawArgs["params"]; ok {
+		ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("params"))
+		arg0, err = ec.unmarshalNGetUserRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋserverᚋgraphᚋmodelᚐGetUserRequest(ctx, tmp)
+		if err != nil {
+			return nil, err
+		}
+	}
+	args["params"] = arg0
+	return args, nil
+}
+
 func (ec *executionContext) field_Query__users_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) {
 	var err error
 	args := map[string]interface{}{}
@@ -9491,6 +9526,101 @@ func (ec *executionContext) fieldContext_Query__users(ctx context.Context, field
 	return fc, nil
 }

+func (ec *executionContext) _Query__user(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) {
+	fc, err := ec.fieldContext_Query__user(ctx, field)
+	if err != nil {
+		return graphql.Null
+	}
+	ctx = graphql.WithFieldContext(ctx, fc)
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return ec.resolvers.Query().User(rctx, fc.Args["params"].(model.GetUserRequest))
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
+		return graphql.Null
+	}
+	res := resTmp.(*model.User)
+	fc.Result = res
+	return ec.marshalNUser2ᚖgithubᚗcomᚋauthorizerdevᚋauthorizerᚋserverᚋgraphᚋmodelᚐUser(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) fieldContext_Query__user(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
+	fc = &graphql.FieldContext{
+		Object:     "Query",
+		Field:      field,
+		IsMethod:   true,
+		IsResolver: true,
+		Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) {
+			switch field.Name {
+			case "id":
+				return ec.fieldContext_User_id(ctx, field)
+			case "email":
+				return ec.fieldContext_User_email(ctx, field)
+			case "email_verified":
+				return ec.fieldContext_User_email_verified(ctx, field)
+			case "signup_methods":
+				return ec.fieldContext_User_signup_methods(ctx, field)
+			case "given_name":
+				return ec.fieldContext_User_given_name(ctx, field)
+			case "family_name":
+				return ec.fieldContext_User_family_name(ctx, field)
+			case "middle_name":
+				return ec.fieldContext_User_middle_name(ctx, field)
+			case "nickname":
+				return ec.fieldContext_User_nickname(ctx, field)
+			case "preferred_username":
+				return ec.fieldContext_User_preferred_username(ctx, field)
+			case "gender":
+				return ec.fieldContext_User_gender(ctx, field)
+			case "birthdate":
+				return ec.fieldContext_User_birthdate(ctx, field)
+			case "phone_number":
+				return ec.fieldContext_User_phone_number(ctx, field)
+			case "phone_number_verified":
+				return ec.fieldContext_User_phone_number_verified(ctx, field)
+			case "picture":
+				return ec.fieldContext_User_picture(ctx, field)
+			case "roles":
+				return ec.fieldContext_User_roles(ctx, field)
+			case "created_at":
+				return ec.fieldContext_User_created_at(ctx, field)
+			case "updated_at":
+				return ec.fieldContext_User_updated_at(ctx, field)
+			case "revoked_timestamp":
+				return ec.fieldContext_User_revoked_timestamp(ctx, field)
+			case "is_multi_factor_auth_enabled":
+				return ec.fieldContext_User_is_multi_factor_auth_enabled(ctx, field)
+			}
+			return nil, fmt.Errorf("no field named %q was found under type User", field.Name)
+		},
+	}
+	defer func() {
+		if r := recover(); r != nil {
+			err = ec.Recover(ctx, r)
+			ec.Error(ctx, err)
+		}
+	}()
+	ctx = graphql.WithFieldContext(ctx, fc)
+	if fc.Args, err = ec.field_Query__user_args(ctx, field.ArgumentMap(ec.Variables)); err != nil {
+		ec.Error(ctx, err)
+		return
+	}
+	return fc, nil
+}
+
 func (ec *executionContext) _Query__verification_requests(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) {
 	fc, err := ec.fieldContext_Query__verification_requests(ctx, field)
 	if err != nil {
@@ -14641,6 +14771,34 @@ func (ec *executionContext) unmarshalInputGenerateJWTKeysInput(ctx context.Conte
 	return it, nil
 }

+func (ec *executionContext) unmarshalInputGetUserRequest(ctx context.Context, obj interface{}) (model.GetUserRequest, error) {
+	var it model.GetUserRequest
+	asMap := map[string]interface{}{}
+	for k, v := range obj.(map[string]interface{}) {
+		asMap[k] = v
+	}
+
+	fieldsInOrder := [...]string{"id"}
+	for _, k := range fieldsInOrder {
+		v, ok := asMap[k]
+		if !ok {
+			continue
+		}
+		switch k {
+		case "id":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id"))
+			it.ID, err = ec.unmarshalNString2string(ctx, v)
+			if err != nil {
+				return it, err
+			}
+		}
+	}
+
+	return it, nil
+}
+
 func (ec *executionContext) unmarshalInputInviteMemberInput(ctx context.Context, obj interface{}) (model.InviteMemberInput, error) {
 	var it model.InviteMemberInput
 	asMap := map[string]interface{}{}
@@ -17536,6 +17694,29 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr
 				return ec.OperationContext.RootResolverMiddleware(ctx, innerFunc)
 			}

+			out.Concurrently(i, func() graphql.Marshaler {
+				return rrm(innerCtx)
+			})
+		case "_user":
+			field := field
+
+			innerFunc := func(ctx context.Context) (res graphql.Marshaler) {
+				defer func() {
+					if r := recover(); r != nil {
+						ec.Error(ctx, ec.Recover(ctx, r))
+					}
+				}()
+				res = ec._Query__user(ctx, field)
+				if res == graphql.Null {
+					atomic.AddUint32(&invalids, 1)
+				}
+				return res
+			}
+
+			rrm := func(ctx context.Context) graphql.Marshaler {
+				return ec.OperationContext.RootResolverMiddleware(ctx, innerFunc)
+			}
+
 			out.Concurrently(i, func() graphql.Marshaler {
 				return rrm(innerCtx)
 			})
@@ -18711,6 +18892,11 @@ func (ec *executionContext) marshalNGenerateJWTKeysResponse2ᚖgithubᚗcomᚋau
 	return ec._GenerateJWTKeysResponse(ctx, sel, v)
 }

+func (ec *executionContext) unmarshalNGetUserRequest2githubᚗcomᚋauthorizerdevᚋauthorizerᚋserverᚋgraphᚋmodelᚐGetUserRequest(ctx context.Context, v interface{}) (model.GetUserRequest, error) {
+	res, err := ec.unmarshalInputGetUserRequest(ctx, v)
+	return res, graphql.ErrorOnPath(ctx, err)
+}
+
 func (ec *executionContext) unmarshalNID2string(ctx context.Context, v interface{}) (string, error) {
 	res, err := graphql.UnmarshalID(v)
 	return res, graphql.ErrorOnPath(ctx, err)
--- a/server/graph/model/models_gen.go
+++ b/server/graph/model/models_gen.go
@@ -136,6 +136,10 @@ type GenerateJWTKeysResponse struct {
 	PrivateKey *string `json:"private_key"`
 }

+type GetUserRequest struct {
+	ID string `json:"id"`
+}
+
 type InviteMemberInput struct {
 	Emails      []string `json:"emails"`
 	RedirectURI *string  `json:"redirect_uri"`
--- a/server/graph/schema.graphqls
+++ b/server/graph/schema.graphqls
@@ -515,6 +515,10 @@ input ResendOTPRequest {
  state: String
 }

+input GetUserRequest {
+  id: String!
+}
+
 type Mutation {
  signup(params: SignUpInput!): AuthResponse!
  mobile_signup(params: MobileSignUpInput): AuthResponse!
@@ -557,6 +561,7 @@ type Query {
  validate_jwt_token(params: ValidateJWTTokenInput!): ValidateJWTTokenResponse!
  # admin only apis
  _users(params: PaginatedInput): Users!
+  _user(params: GetUserRequest!): User!
  _verification_requests(params: PaginatedInput): VerificationRequests!
  _admin_session: Response!
  _env: Env!
--- a/server/graph/schema.resolvers.go
+++ b/server/graph/schema.resolvers.go
@@ -191,6 +191,11 @@ func (r *queryResolver) Users(ctx context.Context, params *model.PaginatedInput)
 	return resolvers.UsersResolver(ctx, params)
 }

+// User is the resolver for the _user field.
+func (r *queryResolver) User(ctx context.Context, params model.GetUserRequest) (*model.User, error) {
+	return resolvers.UserResolver(ctx, params)
+}
+
 // VerificationRequests is the resolver for the _verification_requests field.
 func (r *queryResolver) VerificationRequests(ctx context.Context, params *model.PaginatedInput) (*model.VerificationRequests, error) {
 	return resolvers.VerificationRequestsResolver(ctx, params)
--- a/server/handlers/app.go
+++ b/server/handlers/app.go
@@ -76,7 +76,7 @@ func AppHandler() gin.HandlerFunc {
 			"data": map[string]interface{}{
 				"authorizerURL":    hostname,
 				"redirectURL":      redirectURI,
-				"scope":            scope,
+				"scope":            strings.Join(scope, " "),
 				"state":            state,
 				"organizationName": orgName,
 				"organizationLogo": orgLogo,
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -284,7 +284,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 				"access_token": authToken.AccessToken.Token,
 				"id_token":     authToken.IDToken.Token,
 				"state":        state,
-				"scope":        scope,
+				"scope":        strings.Join(scope, " "),
 				"token_type":   "Bearer",
 				"expires_in":   authToken.AccessToken.ExpiresAt,
 			}
--- a/server/handlers/token.go
+++ b/server/handlers/token.go
@@ -259,7 +259,7 @@ func TokenHandler() gin.HandlerFunc {
 		res := map[string]interface{}{
 			"access_token": authToken.AccessToken.Token,
 			"id_token":     authToken.IDToken.Token,
-			"scope":        scope,
+			"scope":        strings.Join(scope, " "),
 			"roles":        roles,
 			"expires_in":   expiresIn,
 		}
--- a/server/memorystore/required_env_store.go
+++ b/server/memorystore/required_env_store.go
@@ -32,6 +32,10 @@ type RequiredEnv struct {
 	AwsRegion          string `json:"AWS_REGION"`
 	AwsAccessKeyID     string `json:"AWS_ACCESS_KEY_ID"`
 	AwsSecretAccessKey string `json:"AWS_SECRET_ACCESS_KEY"`
+	// Couchbase related envs
+	CouchbaseBucket           string `json:"COUCHBASE_BUCKET"`
+	CouchbaseScope            string `json:"COUCHBASE_SCOPE"`
+	CouchbaseBucketRAMQuotaMB string `json:"COUCHBASE_BUCKET_RAM_QUOTA"`
 }

 // RequiredEnvObj is a simple in-memory store for sessions.
@@ -93,6 +97,9 @@ func InitRequiredEnv() error {
 	awsRegion := os.Getenv(constants.EnvAwsRegion)
 	awsAccessKeyID := os.Getenv(constants.EnvAwsAccessKeyID)
 	awsSecretAccessKey := os.Getenv(constants.EnvAwsSecretAccessKey)
+	couchbaseBucket := os.Getenv(constants.EnvCouchbaseBucket)
+	couchbaseScope := os.Getenv(constants.EnvCouchbaseScope)
+	couchbaseBucketRAMQuotaMB := os.Getenv(constants.EnvCouchbaseBucketRAMQuotaMB)

 	if strings.TrimSpace(redisURL) == "" {
 		if cli.ARG_REDIS_URL != nil && *cli.ARG_REDIS_URL != "" {
@@ -135,22 +142,25 @@ func InitRequiredEnv() error {
 	}

 	requiredEnv := RequiredEnv{
-		EnvPath:            envPath,
-		DatabaseURL:        dbURL,
-		DatabaseType:       dbType,
-		DatabaseName:       dbName,
-		DatabaseHost:       dbHost,
-		DatabasePort:       dbPort,
-		DatabaseUsername:   dbUsername,
-		DatabasePassword:   dbPassword,
-		DatabaseCert:       dbCert,
-		DatabaseCertKey:    dbCertKey,
-		DatabaseCACert:     dbCACert,
-		RedisURL:           redisURL,
-		DisableRedisForEnv: disableRedisForEnv,
-		AwsRegion:          awsRegion,
-		AwsAccessKeyID:     awsAccessKeyID,
-		AwsSecretAccessKey: awsSecretAccessKey,
+		EnvPath:                   envPath,
+		DatabaseURL:               dbURL,
+		DatabaseType:              dbType,
+		DatabaseName:              dbName,
+		DatabaseHost:              dbHost,
+		DatabasePort:              dbPort,
+		DatabaseUsername:          dbUsername,
+		DatabasePassword:          dbPassword,
+		DatabaseCert:              dbCert,
+		DatabaseCertKey:           dbCertKey,
+		DatabaseCACert:            dbCACert,
+		RedisURL:                  redisURL,
+		DisableRedisForEnv:        disableRedisForEnv,
+		AwsRegion:                 awsRegion,
+		AwsAccessKeyID:            awsAccessKeyID,
+		AwsSecretAccessKey:        awsSecretAccessKey,
+		CouchbaseBucket:           couchbaseBucket,
+		CouchbaseScope:            couchbaseScope,
+		CouchbaseBucketRAMQuotaMB: couchbaseBucketRAMQuotaMB,
 	}

 	RequiredEnvStoreObj = &RequiredEnvStore{
--- a/server/resolvers/user.go
+++ b/server/resolvers/user.go
@@ -0,0 +1,36 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/token"
+	"github.com/authorizerdev/authorizer/server/utils"
+)
+
+// UserResolver is a resolver for user query
+// This is admin only query
+func UserResolver(ctx context.Context, params model.GetUserRequest) (*model.User, error) {
+	gc, err := utils.GinContextFromContext(ctx)
+	if err != nil {
+		log.Debug("Failed to get GinContext: ", err)
+		return nil, err
+	}
+
+	if !token.IsSuperAdmin(gc) {
+		log.Debug("Not logged in as super admin.")
+		return nil, fmt.Errorf("unauthorized")
+	}
+
+	res, err := db.Provider.GetUserByID(ctx, params.ID)
+	if err != nil {
+		log.Debug("Failed to get users: ", err)
+		return nil, err
+	}
+
+	return res.AsAPIUser(), nil
+}
--- a/server/test/admin_signup_test.go
+++ b/server/test/admin_signup_test.go
@@ -25,7 +25,6 @@ func adminSignupTests(t *testing.T, s TestSetup) {
 		_, err = resolvers.AdminSignupResolver(ctx, model.AdminSignupInput{
 			AdminSecret: "admin123",
 		})
-
 		assert.Nil(t, err)
 	})
 }
--- a/server/test/resolvers_test.go
+++ b/server/test/resolvers_test.go
@@ -16,11 +16,12 @@ import (

 func TestResolvers(t *testing.T) {
 	databases := map[string]string{
-		constants.DbTypeSqlite:   "../../test.db",
-		constants.DbTypeArangodb: "http://localhost:8529",
-		constants.DbTypeMongodb:  "mongodb://localhost:27017",
-		constants.DbTypeScyllaDB: "127.0.0.1:9042",
-		constants.DbTypeDynamoDB: "http://0.0.0.0:8000",
+		constants.DbTypeSqlite:      "../../test.db",
+		constants.DbTypeArangodb:    "http://localhost:8529",
+		constants.DbTypeMongodb:     "mongodb://localhost:27017",
+		constants.DbTypeScyllaDB:    "127.0.0.1:9042",
+		constants.DbTypeDynamoDB:    "http://0.0.0.0:8000",
+		constants.DbTypeCouchbaseDB: "couchbase://127.0.0.1",
 	}

 	testDBs := strings.Split(os.Getenv("TEST_DBS"), ",")
@@ -57,6 +58,12 @@ func TestResolvers(t *testing.T) {
 			memorystore.Provider.UpdateEnvVariable(constants.EnvAwsRegion, "ap-south-1")
 			os.Setenv(constants.EnvAwsRegion, "ap-south-1")
 		}
+		if dbType == constants.DbTypeCouchbaseDB {
+			memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDatabaseUsername, "Administrator")
+			os.Setenv(constants.EnvKeyDatabaseUsername, "Administrator")
+			memorystore.Provider.UpdateEnvVariable(constants.EnvKeyDatabasePassword, "password")
+			os.Setenv(constants.EnvKeyDatabasePassword, "password")
+		}

 		memorystore.InitRequiredEnv()

@@ -93,6 +100,7 @@ func TestResolvers(t *testing.T) {
 			webhookTest(t, s)
 			webhooksTest(t, s)
 			usersTest(t, s)
+			userTest(t, s)
 			deleteUserTest(t, s)
 			updateUserTest(t, s)
 			adminLoginTests(t, s)
--- a/server/test/user_test.go
+++ b/server/test/user_test.go
@@ -0,0 +1,49 @@
+package test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/crypto"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func userTest(t *testing.T, s TestSetup) {
+	t.Helper()
+	t.Run(`should get users list with admin secret only`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "user." + s.TestInfo.Email
+		res, err := resolvers.SignupResolver(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		assert.NoError(t, err)
+		assert.NotEmpty(t, res.User)
+
+		userRes, err := resolvers.UserResolver(ctx, model.GetUserRequest{
+			ID: res.User.ID,
+		})
+		assert.Nil(t, userRes)
+		assert.NotNil(t, err, "unauthorized")
+
+		adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+		assert.Nil(t, err)
+		h, err := crypto.EncryptPassword(adminSecret)
+		assert.Nil(t, err)
+		req.Header.Set("Cookie", fmt.Sprintf("%s=%s", constants.AdminCookieName, h))
+
+		userRes, err = resolvers.UserResolver(ctx, model.GetUserRequest{
+			ID: res.User.ID,
+		})
+		assert.Nil(t, err)
+		assert.Equal(t, res.User.ID, userRes.ID)
+		assert.Equal(t, email, userRes.Email)
+
+		cleanData(email)
+	})
+}
--- a/server/token/auth_token.go
+++ b/server/token/auth_token.go
@@ -162,9 +162,7 @@ func CreateAccessToken(user models.User, roles, scopes []string, hostName, nonce
 	if err != nil {
 		expiryBound = time.Minute * 30
 	}
-
 	expiresAt := time.Now().Add(expiryBound).Unix()
-
 	clientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID)
 	if err != nil {
 		return "", 0, err
@@ -182,7 +180,41 @@ func CreateAccessToken(user models.User, roles, scopes []string, hostName, nonce
 		"login_method":  loginMethod,
 		"allowed_roles": strings.Split(user.Roles, ","),
 	}
+	// check for the extra access token script
+	accessTokenScript, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyCustomAccessTokenScript)
+	if err != nil {
+		log.Debug("Failed to get custom access token script: ", err)
+		accessTokenScript = ""
+	}
+	if accessTokenScript != "" {
+		resUser := user.AsAPIUser()
+		userBytes, _ := json.Marshal(&resUser)
+		var userMap map[string]interface{}
+		json.Unmarshal(userBytes, &userMap)
+		vm := otto.New()
+		claimBytes, _ := json.Marshal(customClaims)
+		vm.Run(fmt.Sprintf(`
+			var user = %s;
+			var tokenPayload = %s;
+			var customFunction = %s;
+			var functionRes = JSON.stringify(customFunction(user, tokenPayload));
+		`, string(userBytes), string(claimBytes), accessTokenScript))

+		val, err := vm.Get("functionRes")
+		if err != nil {
+			log.Debug("error getting custom access token script: ", err)
+		} else {
+			extraPayload := make(map[string]interface{})
+			err = json.Unmarshal([]byte(fmt.Sprintf("%s", val)), &extraPayload)
+			if err != nil {
+				log.Debug("error converting accessTokenScript response to map: ", err)
+			} else {
+				for k, v := range extraPayload {
+					customClaims[k] = v
+				}
+			}
+		}
+	}
 	token, err := SignJWTToken(customClaims)
 	if err != nil {
 		return "", 0, err
@@ -345,14 +377,11 @@ func CreateIDToken(user models.User, roles []string, hostname, nonce, atHash, cH
 	if err != nil {
 		expiryBound = time.Minute * 30
 	}
-
 	expiresAt := time.Now().Add(expiryBound).Unix()
-
 	resUser := user.AsAPIUser()
 	userBytes, _ := json.Marshal(&resUser)
 	var userMap map[string]interface{}
 	json.Unmarshal(userBytes, &userMap)
-
 	claimKey, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyJwtRoleClaim)
 	if err != nil {
 		claimKey = "roles"
@@ -376,7 +405,6 @@ func CreateIDToken(user models.User, roles []string, hostname, nonce, atHash, cH
 	}

 	// split nonce to see if its authorization code grant method
-
 	if cHash != "" {
 		customClaims["at_hash"] = atHash
 		customClaims["c_hash"] = cHash
@@ -384,13 +412,11 @@ func CreateIDToken(user models.User, roles []string, hostname, nonce, atHash, cH
 		customClaims["nonce"] = nonce
 		customClaims["at_hash"] = atHash
 	}
-
 	for k, v := range userMap {
 		if k != "roles" {
 			customClaims[k] = v
 		}
 	}
-
 	// check for the extra access token script
 	accessTokenScript, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyCustomAccessTokenScript)
 	if err != nil {
@@ -399,7 +425,6 @@ func CreateIDToken(user models.User, roles []string, hostname, nonce, atHash, cH
 	}
 	if accessTokenScript != "" {
 		vm := otto.New()
-
 		claimBytes, _ := json.Marshal(customClaims)
 		vm.Run(fmt.Sprintf(`
 			var user = %s;
Author	SHA1	Message	Date
Lakhan Samani	cdcdc444b2	[server]: fix support for neondb Update gorm/postgres driver version 1.4.7	2023-02-10 10:39:53 +05:30
Lakhan Samani	330f35f2fc	Merge pull request #322 from authorizerdev/fix/use-scopes-as-string [server] use scope string instead of string array in tokens	2023-02-08 09:41:17 +05:30
Lakhan Samani	70242debe1	[server] fix scope response type + add extra claims to access token	2023-02-08 09:39:08 +05:30
Lakhan Samani	4018da6697	[server] use scope string instead of string array in tokens	2023-02-07 01:13:03 +05:30
Lakhan Samani	a73c6ee49e	Merge pull request #319 from authorizerdev/fix/arangodb-connection	2023-02-06 21:32:32 +05:30
Lakhan Samani	c23fb1bb32	[server] update arangodb version for test 3.10.3	2023-02-06 20:39:22 +05:30
Lakhan Samani	270853a6a3	[server] add support for arangodb cert, username, password Adding support for db username, password and ca cert will enable users to connect arangodb cloud platform	2023-02-06 18:14:19 +05:30
Lakhan Samani	2d0346ff23	[server] remove unused error condition for couchbase	2023-02-05 11:03:26 +05:30
Lakhan Samani	4b26e1ce85	[server] fix bucket creation for couchbase Run create bucket query only if bucket is not found. Required while running couchbase cloud version	2023-02-05 11:01:20 +05:30
Lakhan Samani	8212e81023	[server] common util for couchbase syntax	2023-02-02 13:06:18 +05:30
Lakhan Samani	642581eefd	[server] Add COUCHBASE_BUCKET_RAM_QUOTA Resolves #317	2023-02-02 12:43:17 +05:30
Lakhan Samani	b7357dde21	[server] fix primary index creation for couchbase	2023-02-02 12:28:52 +05:30
Lakhan Samani	a1df2ce31f	[server] use encryption_key for couchbase env as hash is reserved keyword	2023-01-31 11:18:20 +05:30
Lakhan Samani	748761926d	[server] fix make command	2023-01-25 05:19:01 +05:30
Lakhan Samani	d632195ba5	Merge pull request #315 from authorizerdev/feat/couchbase feat: add couchbase provider	2023-01-19 23:32:20 +05:30
Lakhan Samani	25970f80e1	[app] update authorizer-react	2023-01-19 23:30:54 +05:30
Lakhan Samani	a52b7c86e7	[server] add couchbase to all db test	2023-01-19 23:29:48 +05:30
Lakhan Samani	504d0f34d7	[server] add couchbase envs	2023-01-19 23:28:21 +05:30
Lakhan Samani	44879f1a8f	feat: add couchbase provider	2023-01-18 01:38:00 +05:30
Lakhan Samani	b39f0b87fd	Merge pull request #313 from authorizerdev/feat/add-get-user Add get user api for admin	2023-01-05 20:17:48 +05:30
Lakhan Samani	b2423140e2	Add get user api for admin	2023-01-05 20:16:41 +05:30