couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: Couchdb + custom authentication
Date Thu, 19 Jan 2012 19:44:08 GMT
On Thu, Jan 19, 2012 at 11:41 AM, Rao Venugopal <venuzr@gmail.com> wrote:
> Hi
>
> Is it possible to integrate custom authentication/authorization with
> couchdb instead of using the couchdb sessions api.
> At my company, we already have an cookie based authorization service
> and it is unlikely that we can move from it to couchdb's
> authentication.  Hence, I want to do something along the following
> lines
> a) Intercept the GET/POST/PUT/DELETE requests & validate the user's
> cookie (using the authentication service)
> b) decrpt the user's user id/email from cookie
> c) Check against couchdb's "db/_security" to check if the email is in
> the names collection for either dba admin / reader role
>     i) If the ok,
>         - allow the operation to succeed or do a 301 redirect to
> couchdb.
>         - Ideal scenario would be if it is possible userid to
> couchdb
> so couchdb filters can use it in the following fashion.
>      function(doc, req) {
>        if (doc.username) {
>                if (doc.username == req.userCtx.name) {
>                        return true;
>                }
>        }
>        return false;
>
> }
>
>   ii) Else return http 401 not authorized
> Does couchdb provide for ability to plugin support for this or would
> I
> have to write a front end service which serves as  a proxy between my
> remote couchdb server instance and the local couchdb on my
> smartphone?  Has anyone had any success in either of these two
> scenarios?
>
> Thanks
> -Venu
>
> PS : I asked this question at the mobile couchbase group and was
> advised to ask here

You can indeed add a custom auth handler. Have a look in
couch_httpd_auth for an example. Then add it to the list of auth
handler that couchdb can try in the `authentication_handlers` setting
in your local.ini .

- benoît

Mime
View raw message