You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was wondering if someone might be able to help me to understand how the proxy authentication flow is in CouchDB is intended to be used?
From my understanding, it seems like it should be possible to use it to reuse an authentication token from an external source in place of a user login, but I can't quite figure out exactly how to implement this in practice.
For instance:
Using react-google-login, I am able to log the user in and get an Auth token associated with the user's google ID.
I can then set-up an API method that accepts the token, and uses something like google-auth, to verify the token on the back-end.
At this point, It seems like it would be sufficient to return a CouchDB cookie token to the front-end, which could then be used for subsequent CouchDB queries.
The problem is, in order to generate the cookie token, one needs both a username and password, so I'm not really saving the user any effort with the Google login step.
With the proxy auth approach, I understand that If I hash the user's username with the secret key from the couch_httpd_auth section, I am able to retrieve docs in the user's database, however, this seems to be static (depends on the secret key in the CouchDB + user's name), and doesn't seem to allow for use of externally-generated tokens such as the one I retrieved from Google.
It seems likely that I am just misunderstanding how the proxy auth flow is meant to work.
If anyone has any advice or can point out where I am mistaken, It would be greatly appreciated.
It may also be worth expanding the section in the docs to give a more explicit example of how the flow is intended to communicate with a third-party OpenID, etc. auth service, if time permits
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Greetings!
I was wondering if someone might be able to help me to understand how the proxy authentication flow is in CouchDB is intended to be used?
From my understanding, it seems like it should be possible to use it to reuse an authentication token from an external source in place of a user login, but I can't quite figure out exactly how to implement this in practice.
For instance:
The problem is, in order to generate the cookie token, one needs both a username and password, so I'm not really saving the user any effort with the Google login step.
With the proxy auth approach, I understand that If I hash the user's username with the secret key from the
couch_httpd_authsection, I am able to retrieve docs in the user's database, however, this seems to be static (depends on the secret key in the CouchDB + user's name), and doesn't seem to allow for use of externally-generated tokens such as the one I retrieved from Google.It seems likely that I am just misunderstanding how the proxy auth flow is meant to work.
If anyone has any advice or can point out where I am mistaken, It would be greatly appreciated.
It may also be worth expanding the section in the docs to give a more explicit example of how the flow is intended to communicate with a third-party OpenID, etc. auth service, if time permits
Thanks for all of your efforts on CouchDB!
Keith
Beta Was this translation helpful? Give feedback.
All reactions