Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 10E05E4B2 for ; Fri, 8 Feb 2013 10:17:49 +0000 (UTC) Received: (qmail 48716 invoked by uid 500); 8 Feb 2013 10:17:47 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 48024 invoked by uid 500); 8 Feb 2013 10:17:40 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 47966 invoked by uid 99); 8 Feb 2013 10:17:38 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Feb 2013 10:17:38 +0000 X-ASF-Spam-Status: No, hits=-0.6 required=5.0 tests=FROM_12LTRDOM,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [91.195.24.3] (HELO mail.open.bg) (91.195.24.3) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Feb 2013 10:17:29 +0000 Received: from [78.83.22.128] (port=38674 helo=localhost.localdomain) by mail.open.bg with esmtpsa (Cipher SSL3.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) id 1U3l11-0008IA-Nf by authid with login for ; Fri, 08 Feb 2013 12:17:07 +0200 Date: Fri, 8 Feb 2013 12:17:06 +0200 From: svilen To: user@couchdb.apache.org Subject: replication on touchdb and authentication Message-ID: <20130208121706.5320cd2e@svilendobrev.com> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.13; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org g'day i'm trying to replicate a per-user database to/from touchdb on mobile device. And i can't figure out how to do the authentication. On server side, each user owns a database. same on mobile device (in case there are more users). The only thing working on both android and ios seems to be the remote target/source url to contain user+pasw inside like http://user:passw@remote:5984/dbname which means user/psw will stay in the replicator database.. and/or require user to login each time, or store them elsewhere too. which isn't good for usability/security. so i wanted to do cookie-based /_session authentication, but i don't see where to put the cookie (eventually obtained by manualy POSTing on server/_session). it was suggested by Robert Newson that it can go into target : > You can use cookie auth for the replication using this little known > API variant; > "target": {"url" : "http://host:port/db", > "headers":{"cookie":"AuthSession=foo"}} but looking at the source for both android/ios, the target/source is just a single string. next is oauth-like authentication but i don't understand how to use it at all. any pointers for either way? or should i forget token-authenticated-replication for now? ciao svilen