Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EE536ED3A for ; Sat, 9 Feb 2013 15:11:33 +0000 (UTC) Received: (qmail 4483 invoked by uid 500); 9 Feb 2013 15:11:32 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 4050 invoked by uid 500); 9 Feb 2013 15:11:27 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 4020 invoked by uid 99); 9 Feb 2013 15:11:26 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Feb 2013 15:11:26 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [91.195.24.3] (HELO mail.open.bg) (91.195.24.3) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Feb 2013 15:11:15 +0000 Received: from [78.83.22.128] (port=48291 helo=localhost.localdomain) by mail.open.bg with esmtpsa (Cipher SSL3.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) id 1U4C4q-0000lG-Vy by authid with login for ; Sat, 09 Feb 2013 17:10:53 +0200 Date: Sat, 9 Feb 2013 17:10:51 +0200 From: svilen To: user@couchdb.apache.org Subject: Re: replication on touchdb and authentication Message-ID: <20130209171051.4b9d9c93@svilendobrev.com> In-Reply-To: References: <20130208121706.5320cd2e@svilendobrev.com> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.13; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org > > i'm trying to replicate a per-user database to/from touchdb on > > mobile device > What mobile platform? both android and ios. maybe one day win8.. > > so i wanted to do cookie-based /_session authentication, but i > > don't see where to put the cookie (eventually obtained by manualy > > POSTing on server/_session).=20 >=20 > This isn=E2=80=99t any different, from the app=E2=80=99s perspective; you= still have > to provide a username and password somehow, they=E2=80=99re just sent to = the > server slightly differently. well i know i can store the passwords, be it secure or not.. but i don't want to. i want to store cookies instead. Like a browser does. And start any replications by authenticating with those. can i do that? > Recent builds of TouchDB (now aka Couchbase Lite) include support for > the new BrowserID protocol, which is a single-sign-on system similar > to OpenID that lets users log in with any working email address. Of > course the server needs to support it too; IrisCouch=E2=80=99s servers > already do, and they have a plugin for CouchDB on GitHub that you can > add if you run your own server. >=20 > There=E2=80=99s also OAuth, which TouchDB also supports. OAuth is an ugly > mess IMHO and I would avoid it unless you=E2=80=99re really eager to prov= ide > logins via Facebook accounts. All those single-sign-on things are good for something and not that good for other.. maybe at later stage. if i can use _session cookies, then it will only depend on server-side login-wrapping-API for translating all the auth methods into couchdb cookies. i want to take the authentication complexity away of couchdb. > BTW, the mobile-couchbase list is the best place to discuss > TouchDB/Couchbase Lite specific issues: > https://groups.google.com/forum/?fromgroups#!forum/mobile-couchbase okay next time i'll ask there=20 svilen