Hi Jonathan, just quick: did you already read http://docs.couchdb.org/en/latest/api/server/authn.html
especially http://docs.couchdb.org/en/latest/api/server/authn.html#proxy-authentication http://docs.couchdb.org/en/latest/api/server/authn.html#oauth-authentication ? All the best Andy On 27 August 2015 at 19:06, Jonathan Hall <[email protected]> wrote: > I'm working on a hybrid mobile/web app and find the prospect of using > CouchDB quite promising. The biggest obstacle I'm facing at the moment is > how to handle authentication. > > I realize that CouchDB supports its own users database, which undoubtedly > I will need to utilize (especially since I'll need to create one database > per user of my app, for permission segmentation). > > But I want my app to allow logins via Facebook and Google (at minimum). > What is the most common way to accomplish this with a CouchDB app? > > I figure I must have a server process somewhere that is has administrative > privileges to Couchdb, and handles the OAuth2 auth requests, creates new > users, etc, and hands the CouchDB credentials (or cookie) to the app client. > > Is this indeed the best approach? Are there third party libraries or > services that handle this for me? I don't mind paying for such a service > (my dev time is worth more than monthly subscription fees in most cases). > > I've been looking at various third party services such as OAuth.io, Amazon > Cognito, and even Firebase, to help with some of this. I'm honestly a bit > overwhelmed with the options and trying to parse marketing materials to > decide if any of these services are granular enough to even help me. I'd > really like to stick with CouchDB, to avoid the vendor lock-in that would > come with a more complete solution like Firebase. > > I realize the question is a bit open-ended. I hope that's not problematic > to getting a general/overview answer. > > I can divulge specific app details if it becomes relevant to the answer. > > Thanks for your time! > > -- Jonathan > > -- Andy Wenk Hamburg - Germany RockIt! GPG fingerprint: C044 8322 9E12 1483 4FEC 9452 B65D 6BE3 9ED3 9588 https://people.apache.org/keys/committer/andywenk.asc
