On Thu, Jan 19, 2012 at 12:25 PM, Rao Venugopal wrote: > Thanks Benoit.  Just to clarify my understanding, > a) I have to write a handler in erlang similar to > https://github.com/YasuhiroABE/CouchDB-WebProxy_Auth_Handler/blob/master/couch_httpd_auth.erl > mmm why not using the proxy auth handler in couch ? Is the intention different ? > > b) I have to include my custom handler in the "*authentication_handlers* " > section of configuration as > {couch_httpd_auth, my_company_custom_cookie_authentication_handler} > > If there is a better sample for custom authentication handler, please > recommend Use the simple one i wrote that is actually in couch named `proxy_authentification_handler` it should help you. > > Thanks > -Venu > > * > * > > > > On Thu, Jan 19, 2012 at 2:44 PM, Benoit Chesneau wrote: > >> On Thu, Jan 19, 2012 at 11:41 AM, Rao Venugopal wrote: >> > Hi >> > >> > Is it possible to integrate custom authentication/authorization with >> > couchdb instead of using the couchdb sessions api. >> > At my company, we already have an cookie based authorization service >> > and it is unlikely that we can move from it to couchdb's >> > authentication.  Hence, I want to do something along the following >> > lines >> > a) Intercept the GET/POST/PUT/DELETE requests & validate the user's >> > cookie (using the authentication service) >> > b) decrpt the user's user id/email from cookie >> > c) Check against couchdb's "db/_security" to check if the email is in >> > the names collection for either dba admin / reader role >> >     i) If the ok, >> >         - allow the operation to succeed or do a 301 redirect to >> > couchdb. >> >         - Ideal scenario would be if it is possible userid to >> > couchdb >> > so couchdb filters can use it in the following fashion. >> >      function(doc, req) { >> >        if (doc.username) { >> >                if (doc.username == req.userCtx.name) { >> >                        return true; >> >                } >> >        } >> >        return false; >> > >> > } >> > >> >   ii) Else return http 401 not authorized >> > Does couchdb provide for ability to plugin support for this or would >> > I >> > have to write a front end service which serves as  a proxy between my >> > remote couchdb server instance and the local couchdb on my >> > smartphone?  Has anyone had any success in either of these two >> > scenarios? >> > >> > Thanks >> > -Venu >> > >> > PS : I asked this question at the mobile couchbase group and was >> > advised to ask here >> >> You can indeed add a custom auth handler. Have a look in >> couch_httpd_auth for an example. Then add it to the list of auth >> handler that couchdb can try in the `authentication_handlers` setting >> in your local.ini . >> >> - benoît >>