Yes, I have read that document (and recently submitted a PR with
corrections to it!). But that doesn't address OAuth at all. And my
understanding is that even CouchDB's limited OAuth support only allows
CouchDB to be treated as an auth provider, and doesn't allow CouchDB to
act as an OAuth client at all, which is what I would need.
-- Jonathan
On 08/30/2015 09:08 AM, Andy Wenk wrote:
Hi Jonathan,
just quick: did you already read
http://docs.couchdb.org/en/latest/api/server/authn.html
especially
http://docs.couchdb.org/en/latest/api/server/authn.html#proxy-authentication
http://docs.couchdb.org/en/latest/api/server/authn.html#oauth-authentication
?
All the best
Andy
On 27 August 2015 at 19:06, Jonathan Hall <[email protected]> wrote:
I'm working on a hybrid mobile/web app and find the prospect of using
CouchDB quite promising. The biggest obstacle I'm facing at the moment is
how to handle authentication.
I realize that CouchDB supports its own users database, which undoubtedly
I will need to utilize (especially since I'll need to create one database
per user of my app, for permission segmentation).
But I want my app to allow logins via Facebook and Google (at minimum).
What is the most common way to accomplish this with a CouchDB app?
I figure I must have a server process somewhere that is has administrative
privileges to Couchdb, and handles the OAuth2 auth requests, creates new
users, etc, and hands the CouchDB credentials (or cookie) to the app client.
Is this indeed the best approach? Are there third party libraries or
services that handle this for me? I don't mind paying for such a service
(my dev time is worth more than monthly subscription fees in most cases).
I've been looking at various third party services such as OAuth.io, Amazon
Cognito, and even Firebase, to help with some of this. I'm honestly a bit
overwhelmed with the options and trying to parse marketing materials to
decide if any of these services are granular enough to even help me. I'd
really like to stick with CouchDB, to avoid the vendor lock-in that would
come with a more complete solution like Firebase.
I realize the question is a bit open-ended. I hope that's not problematic
to getting a general/overview answer.
I can divulge specific app details if it becomes relevant to the answer.
Thanks for your time!
-- Jonathan
