couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <>
Subject Re: replication on touchdb and authentication
Date Sat, 09 Feb 2013 04:40:55 GMT

On Feb 8, 2013, at 2:17 AM, svilen <> wrote:

> i'm trying to replicate a per-user database to/from touchdb on mobile device

What mobile platform?

> The only thing working on both android and ios seems to be
> the remote target/source url to contain user+pasw inside like
> http://user:passw@remote:5984/dbname
> which means user/psw will stay in the replicator database.. 
> and/or require user to login each time, or store them elsewhere too.
> which isn't good for usability/security.

The Android version of TouchDB is still is a pretty immature state, particularly the replicator,
so your above statement may well be true there.

On iOS you don’t have to hardcode the password; you can use the OS’s secure credential
store to hold it, either temporarily or persistently. This is described on the wiki:

> so i wanted to do cookie-based /_session authentication, but i don't see
> where to put the cookie (eventually obtained by manualy POSTing on
> server/_session). 

This isn’t any different, from the app’s perspective; you still have to provide a username
and password somehow, they’re just sent to the server slightly differently.

Recent builds of TouchDB (now aka Couchbase Lite) include support for the new BrowserID protocol,
which is a single-sign-on system similar to OpenID that lets users log in with any working
email address. Of course the server needs to support it too; IrisCouch’s servers already
do, and they have a plugin for CouchDB on GitHub that you can add if you run your own server.

There’s also OAuth, which TouchDB also supports. OAuth is an ugly mess IMHO and I would
avoid it unless you’re really eager to provide logins via Facebook accounts.

BTW, the mobile-couchbase list is the best place to discuss TouchDB/Couchbase Lite specific

View raw message