On Thu, Jan 19, 2012 at 11:41 AM, Rao Venugopal <[email protected]> wrote: > Hi > > Is it possible to integrate custom authentication/authorization with > couchdb instead of using the couchdb sessions api. > At my company, we already have an cookie based authorization service > and it is unlikely that we can move from it to couchdb's > authentication. Hence, I want to do something along the following > lines > a) Intercept the GET/POST/PUT/DELETE requests & validate the user's > cookie (using the authentication service) > b) decrpt the user's user id/email from cookie > c) Check against couchdb's "db/_security" to check if the email is in > the names collection for either dba admin / reader role > i) If the ok, > - allow the operation to succeed or do a 301 redirect to > couchdb. > - Ideal scenario would be if it is possible userid to > couchdb > so couchdb filters can use it in the following fashion. > function(doc, req) { > if (doc.username) { > if (doc.username == req.userCtx.name) { > return true; > } > } > return false; > > } > > ii) Else return http 401 not authorized > Does couchdb provide for ability to plugin support for this or would > I > have to write a front end service which serves as a proxy between my > remote couchdb server instance and the local couchdb on my > smartphone? Has anyone had any success in either of these two > scenarios? > > Thanks > -Venu > > PS : I asked this question at the mobile couchbase group and was > advised to ask here
You can indeed add a custom auth handler. Have a look in couch_httpd_auth for an example. Then add it to the list of auth handler that couchdb can try in the `authentication_handlers` setting in your local.ini . - benoît
