couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: [PROPOSAL] Remove oAuth for 2.0
Date Fri, 11 Sep 2015 16:38:38 GMT
Let’s keep things separate.

I propose moving broken oAuth support from 2.0. I’m prepared to do the legwork, it shouldn’t
take long.

If someone steps in and fixes oAuth for 2.0 VERY SOON, I’d be okay with keeping it.

At this point, we are not discussing additional features for 2.0.

If we get JWT, it goes into 2.1.

Best
Jan
--



> On 11 Sep 2015, at 16:50, Klaus Trainer <klaus_trainer@posteo.de> wrote:
> 
> Hi everybody!
> 
> On 09/10/2015 08:20 PM, Alexander Shorin wrote:
>> Seems like there are no much options.
>> 
>> I disagree that it's very poor. The only flaws it has is the lack of
>> RSA support (our implementation) and open security issues (as auth
>> protocol). But is there any good alternative?
> 
> A good alternative would be to support JSON Web Token (JWT) [1].
> Somebody has already done some work for CouchDB 1.6. in this regard [2].
> They managed to outsource authentication to Auth0, while validating JWTs
> issued by Auth0, and creating respective CouchDB sessions with username
> and roles assigned from the JWT [3, 4].
> 
> In addition to what's been done in [2], I'd like CouchDB to be able to
> issue JWTs as well, which then could also be used by other applications
> for authentication and authorization.
> 
> In contrast to OAuth 1.0a (which is implemented in CouchDB), JWT is
> conceptionally much simpler. It is easy to set up on servers, and easy
> to use for clients (e.g. in the browsers).
> 
> Regarding implementing JWT in CouchDB: I'd like to volunteer and can
> allocate time for that.
> 
> What do you think about supporting JWT?
> 
> 
> [1] https://tools.ietf.org/html/rfc7519
> [2] https://github.com/softapalvelin/couch_jwt_auth
> [3] https://github.com/softapalvelin/getting-started-todo
> [4] https://auth0.com/
> 

--
Professional Support for Apache CouchDB:
http://www.neighbourhood.ie/couchdb-support/


Mime
View raw message