On Thu, Jan 19, 2012 at 11:41 AM, Rao Venugopal <venuzr@gmail.com> wrote:
> Hi
>
> Is it possible to integrate custom authentication/authorization with
> couchdb instead of using the couchdb sessions api.
> At my company, we already have an cookie based authorization service
> and it is unlikely that we can move from it to couchdb's
> authentication. Hence, I want to do something along the following
> lines
> a) Intercept the GET/POST/PUT/DELETE requests & validate the user's
> cookie (using the authentication service)
> b) decrpt the user's user id/email from cookie
> c) Check against couchdb's "db/_security" to check if the email is in
> the names collection for either dba admin / reader role
> i) If the ok,
> - allow the operation to succeed or do a 301 redirect to
> couchdb.
> - Ideal scenario would be if it is possible userid to
> couchdb
> so couchdb filters can use it in the following fashion.
> function(doc, req) {
> if (doc.username) {
> if (doc.username == req.userCtx.name) {
> return true;
> }
> }
> return false;
>
> }
>
> ii) Else return http 401 not authorized
> Does couchdb provide for ability to plugin support for this or would
> I
> have to write a front end service which serves as a proxy between my
> remote couchdb server instance and the local couchdb on my
> smartphone? Has anyone had any success in either of these two
> scenarios?
>
> Thanks
> -Venu
>
> PS : I asked this question at the mobile couchbase group and was
> advised to ask here
You can indeed add a custom auth handler. Have a look in
couch_httpd_auth for an example. Then add it to the list of auth
handler that couchdb can try in the `authentication_handlers` setting
in your local.ini .
- benoît
|