Thanks Benoit. Just to clarify my understanding,
a) I have to write a handler in erlang similar to
https://github.com/YasuhiroABE/CouchDB-WebProxy_Auth_Handler/blob/master/couch_httpd_auth.erl
b) I have to include my custom handler in the "*authentication_handlers* "
section of configuration as
{couch_httpd_auth, my_company_custom_cookie_authentication_handler}
If there is a better sample for custom authentication handler, please
recommend
Thanks
-Venu
*
*
On Thu, Jan 19, 2012 at 2:44 PM, Benoit Chesneau <[email protected]>wrote:
> On Thu, Jan 19, 2012 at 11:41 AM, Rao Venugopal <[email protected]> wrote:
> > Hi
> >
> > Is it possible to integrate custom authentication/authorization with
> > couchdb instead of using the couchdb sessions api.
> > At my company, we already have an cookie based authorization service
> > and it is unlikely that we can move from it to couchdb's
> > authentication. Hence, I want to do something along the following
> > lines
> > a) Intercept the GET/POST/PUT/DELETE requests & validate the user's
> > cookie (using the authentication service)
> > b) decrpt the user's user id/email from cookie
> > c) Check against couchdb's "db/_security" to check if the email is in
> > the names collection for either dba admin / reader role
> > i) If the ok,
> > - allow the operation to succeed or do a 301 redirect to
> > couchdb.
> > - Ideal scenario would be if it is possible userid to
> > couchdb
> > so couchdb filters can use it in the following fashion.
> > function(doc, req) {
> > if (doc.username) {
> > if (doc.username == req.userCtx.name) {
> > return true;
> > }
> > }
> > return false;
> >
> > }
> >
> > ii) Else return http 401 not authorized
> > Does couchdb provide for ability to plugin support for this or would
> > I
> > have to write a front end service which serves as a proxy between my
> > remote couchdb server instance and the local couchdb on my
> > smartphone? Has anyone had any success in either of these two
> > scenarios?
> >
> > Thanks
> > -Venu
> >
> > PS : I asked this question at the mobile couchbase group and was
> > advised to ask here
>
> You can indeed add a custom auth handler. Have a look in
> couch_httpd_auth for an example. Then add it to the list of auth
> handler that couchdb can try in the `authentication_handlers` setting
> in your local.ini .
>
> - benoƮt
>
