couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <>
Subject current user API
Date Tue, 17 Feb 2009 01:37:42 GMT
Users log into Couch with basic auth (or via other channels) which
aren't necessarily available to in-browser JavaScript. In Sofa's
validation function I worked around the problem with an ugly hack.

The clean way to do this would be with an API endpoint like

GET /_user_info

to let client apps know which user they are logged in as.

I think this is OK to do, from a security standpoint, but I'm not sure
if there's an idiomatic way to do it.

There is some old discussion about similar problems here:

I also put out a call on Twitter: "anyone know of a
standardy way of letting JSONP clients know which user they are logged
in as?"

Maybe someone here has been down this road before. I know I've seen
prior art on JSON user info formats but I can't seem to find with

Chris Anderson

View raw message