couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Ferjancic <michael.ferjan...@gmail.com>
Subject proxy authentication handler
Date Thu, 23 Feb 2012 18:19:47 GMT
Guys? Anyone?

> Hi guys,
> 
> I have to admit that i am fairly new to this topic, especially new to erlang. Currently
i am trying to play around with the various authentication handlers - goal is to have a working
"delegated authentication" on facebook, twitter and such.
> 
> 1) as far as i understood the oAuth implementation of couchdb is just the opposite i
need - you can use that to create tokens for couch-users, but not to accept twitter accessTokens/secrets
and map that to a couch user
> 2) i found exactly what i need in datacouch - authentication against twitter with nodejs,
and after that getting the plaintext password from a private couch and use it with _session-API
to create a couch cookie.
> 
> Now i am trying to avoid storing the plaintext passwords. I heard about to use proxy_authentification_handler,
but it seems i am either too unexperiences or even too stupid to use it. I made the (as far
as i understood) correct entries in couch_httpd_auth
> 
> couch_httpd_auth	auth_cache_size	
> 50
> x
> authentication_db	
> _users
> x
> authentication_redirect	
> /_utils/session.html
> x
> require_valid_user	
> false
> x
> secret	
> xxxxxxxxxxxx
> x
> timeout	
> 43200
> x
> x_auth_roles	
> roles
> x
> x_auth_token	
> token
> x
> x_auth_username	
> uname
> 
> 
> and also in httpd
> httpd	allow_jsonp	
> true
> x
> authentication_handlers	
> {couch_httpd_auth, proxy_authentification_handler},{couch_httpd_auth, cookie_authentication_handler},
{couch_httpd_auth, default_authentication_handler}
> x
> bind_address	
> 127.0.0.1
> x
> default_handler	
> {couch_httpd_db, handle_request}
> x
> port	
> 5984
> x
> secure_rewrites	
> false
> x
> vhost_global_handlers	
> _utils, _uuids, _session, _oauth, _users
> 
> When i now do a GET on http://localhost:5984/_utils/config.html?uname=user1&roles=user
that seems to doesn't lead to anything...
> 
> Anybody ever got that thing running? Am i missing something? Or is there any chance to
implement a custom authentication handler without coding erlang?
> 
> Thanks a lot for your help
> Michael
>  


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message