Thank you, Robert.
> Le 26 mai 2021 à 17:26, Robert Newson <rnew...@apache.org> a écrit :
>
> Hi,
>
> I can confirm that Cloudant does not enable the proxy authentication handler
> nor supports externalising authentication/authorization decisions in any
> other way. Use either IBM IAM or the CouchDB _users database within your
> account (note that the _users database option is not available for
> Transaction Engine instances).
>
> B.
>
>> On 26 May 2021, at 08:38, Aurélien Bénel <aurelien.be...@utt.fr> wrote:
>>
>> Dear all,
>>
>> I'm totally aware that this list is dedicated to Apache CouchDB and not to
>> IBM Cloudant, but please consider my question as related to Apache CouchDB
>> compatibility with its ecosystem.
>>
>> As stated by Apache CouchDB documentation:
>>
>> "Proxy authentication is very useful in case your application already uses
>> some external authentication service and you don’t want to duplicate users
>> and their roles in CouchDB."
>> Source:
>> https://docs.couchdb.org/en/latest/api/server/authn.html#proxy-authentication
>>
>> Hence a reverse proxy can authenticate a user and send the username (as
>> `X-Auth-CouchDB-UserName` HTTP header) along with a token (as
>> `X-Auth-CouchDB-Token`) generated from this username and a general shared
>> secret (not related with this particular user).
>>
>> As stated:
>>
>> This authentication method allows creation of a User Context Object for
>> remotely authenticated user.
>>
>> This user context can be useful in a `validate_doc_update` function (for
>> authorizations) or in an `update` function (for accounting).
>>
>> Among third party CouchDB hosts, IBM cloudant is one of the most famous.
>> However the product is slightly different, especially concerning security
>> (see:
>> https://cloud.ibm.com/docs/Cloudant?topic=Cloudant-couchdb-and-cloudant).
>>
>> Whereas I am familiar with proxy authentication in Apache CouchDB, I didn't
>> manage to setup a similar feature in Cloudant nor to find documentation
>> about it. In particular, IBM "API keys" (composed by a key and a password)
>> don't seem to be compatible with setting a different username as
>> `X-Auth-CouchDB-UserName`.
>>
>> Does anyone succeeded in setting up (in Cloudant) a user context different
>> from the credentials used for authentication? Or is there a doc anywhere
>> saying that it is not possible?
>>
>> Or, is there a similar hosted service (esp. with free tier) but with proxy
>> authentication enabled?
>>
>>
>> Best regards,
>>
>> Aurélien
>>
>> P.S. My question was asked also on StackOverflow:
>> https://stackoverflow.com/questions/67537968
