couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <>
Subject Re: Merge in new authentication code
Date Sat, 25 Aug 2012 08:46:57 GMT
On Aug 25, 2012 3:27 AM, "Jason Smith" <> wrote:
> Hi, developers.
> At Iris Couch, we have used two third-party CouchDB extensions for a
> very long time. I would like to merge both of them into master. They
> provide alternative ways to create a CouchDB user and to log in to
> CouchDB.
> Both mechanisms use a third-party authenticator which basically tells
> CouchDB that the person is who they say they are. Both mechanisms then
> create a local CouchDB _users document. So you can set a .password
> value and have both types of authentication.
> ## Mozilla Persona
> Written by Randall, used in production here for a year. This is
> hands-down the easiest way for developers to add logins to their Couch
> apps. See
> ## CouchDB-XO_Auth
> Created by Ocasta, this is basically a general OAuth implementation.
> It already works against Facebook and I am now making sure it works
> with GitHub too. It has the same autovivication feature for
> newly-authenticated users.

These extensions are nice but I don't think they should be part of the
couchdb distribution.

In my opinion we should keep the couchdb simple and only target core
features which are imo Document oriented, Views, CouchApps . (couchapps
and views could be also considered as core features extensions).  Which
doesn't mean we shouldn't support new addons, and for me the best way to
do that is to ease their installation and management in couch and
provide tools to make your own distribution.

Also, adding these addons in couch will slow down the development of such
extensions. Fix would only happen when couch is released which is imo
bad. Especially for the 2 extensions you mention since theyr are moving
target (persona is not yet a stable protocol nor widely used and the
other connect to proprietary oauth extensions which can be changed ahen
the commercial entity want). Keeping them out the core distribution is
better for them.

Maybe as sub-projects? Not sure it worth the admin stuff.

- benoit

View raw message