g'day i'm trying to replicate a per-user database to/from touchdb on mobile device. And i can't figure out how to do the authentication. On server side, each user owns a database. same on mobile device (in case there are more users).
The only thing working on both android and ios seems to be the remote target/source url to contain user+pasw inside like http://user:passw@remote:5984/dbname which means user/psw will stay in the replicator database.. and/or require user to login each time, or store them elsewhere too. which isn't good for usability/security. so i wanted to do cookie-based /_session authentication, but i don't see where to put the cookie (eventually obtained by manualy POSTing on server/_session). it was suggested by Robert Newson that it can go into target : > You can use cookie auth for the replication using this little known > API variant; > "target": {"url" : "http://host:port/db";, > "headers":{"cookie":"AuthSession=foo"}} but looking at the source for both android/ios, the target/source is just a single string. next is oauth-like authentication but i don't understand how to use it at all. any pointers for either way? or should i forget token-authenticated-replication for now? ciao svilen
