Jens - the API docs were definitely helpful in me implementing this. I may open source portions of my api server to help others once I can catch my breath.
The short version is that I ended up having user records in the sync gateway but then also a user object (accompanying views) in couchbase. If the sync gateway was going to use the same user object in the shadow db, that'd be one thing I suppose. It just got odd to have my API pulling a record from couchbase then trying to auth to the sync gateway, even if my infrastructure I was sync'ing to wasn't on the same network as the gateway. By moving to my user object being the authoritative information about the user, then using the admin api to create a sync session, it just seems to have cleaned that up. I don't feel that I'm describing my situation properly at the moment. Crunched for time a bit right now. I'll know in a week or two if this change makes more sense as I complete more pieces of my infrastructure. -j On Mon, Nov 3, 2014 at 1:02 PM, Jens Alfke <[email protected]> wrote: > > On Nov 1, 2014, at 9:47 AM, Jeremy Kelley <[email protected]> wrote: > > I went down this route a while but I will recommend against it if you are > going to have any other methods of accessing the data in couch base. > > Instead I have written an api that pulls the user record with stored > encrypted password from couchbase, verifies identity and then using the > admin port of the sync gateway creates a session and returns that to the > app. The app then uses that session to sync. > > > That's one way of doing it. The basic recipe for custom authentication is > discussed in the Sync Gateway documentation. You can write your own > username/password store, or you can use LDAP or whatever. > > I found that trusting the user record in sync gateway to be the authority on > user identification was onerous for users to access data from other places > (web, etc) > > > Can you explain? There's a REST API for accessing user accounts, and it's > pretty easy to authenticate a username/password pair by e.g. making a "GET > /db" request with basic auth or "POST /db/_session" to create a session > cookie. > > —Jens > > -- > You received this message because you are subscribed to the Google Groups > "Couchbase Mobile" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/mobile-couchbase/62BD5762-B0DE-4520-B33A-C9F9FD31AF5C%40couchbase.com. > > For more options, visit https://groups.google.com/d/optout. -- The Christian ideal has not been tried and found wanting; it has been found difficult and left untried – G. K. Chesterton -- You received this message because you are subscribed to the Google Groups "Couchbase Mobile" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/mobile-couchbase/CAN8S9i%2B7AN8%2B7GA7PoqMZCGtrx_4zQpp3ZrMyfGtx8ds4EmYig%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
