couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject current user API
Date Tue, 17 Feb 2009 01:37:42 GMT
Users log into Couch with basic auth (or via other channels) which
aren't necessarily available to in-browser JavaScript. In Sofa's
validation function I worked around the problem with an ugly hack.

http://github.com/jchris/sofa/blob/cf322d647b507c36dc4f6936b5f8767ac59c9f68/validate_doc_update.js#L20

The clean way to do this would be with an API endpoint like

GET /_user_info

to let client apps know which user they are logged in as.

I think this is OK to do, from a security standpoint, but I'm not sure
if there's an idiomatic way to do it.

There is some old discussion about similar problems here:
http://groups.google.com/group/oauth-extensions

I also put out a call on Twitter:
http://twitter.com/jchris/status/1217372588 "anyone know of a
standardy way of letting JSONP clients know which user they are logged
in as?"

Maybe someone here has been down this road before. I know I've seen
prior art on JSON user info formats but I can't seem to find with
Google.

-- 
Chris Anderson
http://jchris.mfdz.com

Mime
View raw message