incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Ferjancic <michael.ferjan...@gmail.com>
Subject proxy authentication handler
Date Mon, 13 Feb 2012 21:02:09 GMT
Hi guys,

I have to admit that i am fairly new to this topic, especially new to erlang. Currently i
am trying to play around with the various authentication handlers - goal is to have a working
"delegated authentication" on facebook, twitter and such.

1) as far as i understood the oAuth implementation of couchdb is just the opposite i need
- you can use that to create tokens for couch-users, but not to accept twitter accessTokens/secrets
and map that to a couch user
2) i found exactly what i need in datacouch - authentication against twitter with nodejs,
and after that getting the plaintext password from a private couch and use it with _session-API
to create a couch cookie.
3) i modified the sample a little bit and used everyauth to handle the delegated authentication.
I map the userinfos i get from facebook etc. against user profiles in a private db, which
also contains the user passwords (unfortunately still in plaintext). Works perfectly, but.....

Now i am trying to avoid storing the plaintext passwords. I heard about to use proxy_authentification_handler,
but it seems i am too stupid to use it. I made the (as far as i understood) correct entries
in couch_httpd_auth

couch_httpd_auth	auth_cache_size	
50
x
authentication_db	
_users
x
authentication_redirect	
/_utils/session.html
x
require_valid_user	
false
x
secret	
xxxxxxxxxxxx
x
timeout	
43200
x
x_auth_roles	
roles
x
x_auth_token	
token
x
x_auth_username	
uname


and also in httpd
httpd	allow_jsonp	
true
x
authentication_handlers	
{couch_httpd_auth, proxy_authentification_handler},{couch_httpd_auth, cookie_authentication_handler},
{couch_httpd_auth, default_authentication_handler}
x
bind_address	
127.0.0.1
x
default_handler	
{couch_httpd_db, handle_request}
x
port	
5984
x
secure_rewrites	
false
x
vhost_global_handlers	
_utils, _uuids, _session, _oauth, _users

When i now do a GET on http://localhost:5984/_utils/config.html?uname=user1&roles=user
that seems to doesn't lead to anything...

Anybody ever got that thing running? Am i missing something? Or is there any chance to implement
a custom authentication handler without coding erlang?

Thanks for your help
Michael
 
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message