couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Hall <fli...@flimzy.com>
Subject Re: Options for OAuth with CouchDB
Date Sun, 30 Aug 2015 16:19:15 GMT
Sorry, I hit "send" too soon.

So yes, I have read that document.  And I think I have a pretty good 
understanding of how CouchDB auth works, and how I can "roll my own" 
integration between Facebook/Google/whatever OAuth2 provider and Couch.

I was hoping there was some existing service (or library) which already 
does this heavy lifting for me. It seems like the kind of problem that a 
significant number of CouchDB users are likely to face, so I'm hoping 
there's some sort of established work flow. Or does everyone indeed roll 
their own in this case?

-- Jonathan


On 08/30/2015 09:08 AM, Andy Wenk wrote:
> Hi Jonathan,
>
> just quick: did you already read
> http://docs.couchdb.org/en/latest/api/server/authn.html
>
> especially
>
> http://docs.couchdb.org/en/latest/api/server/authn.html#proxy-authentication
> http://docs.couchdb.org/en/latest/api/server/authn.html#oauth-authentication
>
> ?
>
> All the best
>
> Andy
>
> On 27 August 2015 at 19:06, Jonathan Hall <flimzy@flimzy.com> wrote:
>
>> I'm working on a hybrid mobile/web app and find the prospect of using
>> CouchDB quite promising.  The biggest obstacle I'm facing at the moment is
>> how to handle authentication.
>>
>> I realize that CouchDB supports its own users database, which undoubtedly
>> I will need to utilize (especially since I'll need to create one database
>> per user of my app, for permission segmentation).
>>
>> But I want my app to allow logins via Facebook and Google (at minimum).
>> What is the most common way to accomplish this with a CouchDB app?
>>
>> I figure I must have a server process somewhere that is has administrative
>> privileges to Couchdb, and handles the OAuth2 auth requests, creates new
>> users, etc, and hands the CouchDB credentials (or cookie) to the app client.
>>
>> Is this indeed the best approach?  Are there third party libraries or
>> services that handle this for me? I don't mind paying for such a service
>> (my dev time is worth more than monthly subscription fees in most cases).
>>
>> I've been looking at various third party services such as OAuth.io, Amazon
>> Cognito, and even Firebase, to help with some of this.  I'm honestly a bit
>> overwhelmed with the options and trying to parse marketing materials to
>> decide if any of these services are granular enough to even help me. I'd
>> really like to stick with CouchDB, to avoid the vendor lock-in that would
>> come with a more complete solution like Firebase.
>>
>> I realize the question is a bit open-ended. I hope that's not problematic
>> to getting a general/overview answer.
>>
>> I can divulge specific app details if it becomes relevant to the answer.
>>
>> Thanks for your time!
>>
>> -- Jonathan
>>
>>
>


Mime
View raw message