couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernd Mrohs <bernd.mr...@gmail.com>
Subject Authentication with Facebook
Date Tue, 05 Oct 2010 20:00:04 GMT
Hi all,

I really like CouchDB for developing pure JS+HTML+CSS applications. It's
especially great to be able to develop 2-tier applications, i.e. having all
the logic in JS and accessing CouchDB directly.

I hope you can help me with a problem on how to secure my CouchDB that I
want to use for a Facebook project:

- My pure JS Facebook app authenticates with Facebook using oauth, I get
back the access token to authenticate my requests to the Facebook API.
- Now my JS application should access my CouchDB backend, using the UID that
I got from Facebook (logged-in user)

Question:
- How can I make sure that this user (=Facebook UID) can only modify his own
data? I don't have a password to verify.
- How can I make sure that nobody is implementing an own client by going
through my JS code, capturing all relevant info (server address, etc.), and
plays around with the data outside my Facebook app?

So, I need to let CouchDB verify my Facebook token directly with Facebook,
and issue an access token for me to send with further requests to my CouchDB
to authenticate me. This is how you normally would do this when you would
have a middle-tier, right? How to do this with CouchDB?

Many thanks in advance,
Bernd

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message