> On Nov 1, 2014, at 9:47 AM, Jeremy Kelley <[email protected]> wrote: > > I went down this route a while but I will recommend against it if you are > going to have any other methods of accessing the data in couch base. > > Instead I have written an api that pulls the user record with stored > encrypted password from couchbase, verifies identity and then using the admin > port of the sync gateway creates a session and returns that to the app. The > app then uses that session to sync.
That's one way of doing it. The basic recipe for custom authentication is discussed in the Sync Gateway documentation. You can write your own username/password store, or you can use LDAP or whatever. > I found that trusting the user record in sync gateway to be the authority on > user identification was onerous for users to access data from other places > (web, etc) Can you explain? There's a REST API for accessing user accounts, and it's pretty easy to authenticate a username/password pair by e.g. making a "GET /db" request with basic auth or "POST /db/_session" to create a session cookie. —Jens -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/62BD5762-B0DE-4520-B33A-C9F9FD31AF5C%40couchbase.com. For more options, visit https://groups.google.com/d/optout.
