On Tue, Feb 2, 2010 at 6:57 AM, Benoit Chesneau <[email protected]> wrote: > Hi all, > > I've just pushed on jira my proxy authentification handler. This code > is used behind aimpl.org and works well. > > https://issues.apache.org/jira/browse/COUCHDB-636 > > This handler allows creation of a userCtx objec from a user > authenticated remotly. The client just pass specific headers to > CouchDB and the handler create the userCtx. Headers name can be > defined in local.ini. By thefault they are : > > * X-Auth-CouchDB-UserName : username, (x_auth_username in > couch_httpd_auth section) > * X-Auth-CouchDB-Roles : user roles, list of roles separated by a > comma (x_auth_roles in couch_httpd_auth section) > * X-Auth-CouchDB-Token : token to authenticate the authorization > (x_auth_token in couch_httpd_auth section). This token is an hmac-sha1 > created from secret key and username. The secret key should be the > same in the client and couchdb node. secret key is the secret key in > couch_httpd_auth section of ini. This token is optional if secret key > isn't defined.
This token should be optional even if the secret key is defined (the secret is defined by default but people might want to skip the headers signing stuff if they are in a simple environment.) > > What do you think about including it in 0.11 ? This is fine by me -- the patch is pretty isolated, and disabled by default, so I don't see it causing any instability. > > - benoƮt > -- Chris Anderson http://jchrisa.net http://couch.io
