Login/Register
Couchdb external authentication
Asked Answered
Solved laravelauthenticationcouchdbpouchdb
K

1

9

I am developing a family of utility apps where each app could be available on desktop, mobile and the web. After some research I decided to go with pouchdb on the client and couchdb on the server to provide offline sync.

A user would be able to create an account on the web (A Laravel Spark app) to manage their app subscriptions/payments and also access the web versions of the apps. On mobile and desktop the user would sign into each app using their credentials to unlock functionality.

I am planning on taking a database per user approach in couchdb with filtered replication (based on the app the files belong to). The basic requirement is for the user can sign in once in the apps and then securely replicate to couchdb forevermore (until sign out).

What would be the best approach to take for authentication with couchdb given the use case outlined below?

  • Proxy all requests via Laravel for authentication
  • On account creation in the Laravel app create a couchdb user with a randomly generated password and when the user signs in on the app return this password authenticate future requests (are there limits on the number of users created)?
  • Use the Laravel app as an oauth server and make requests to couchdb direct using an oauth token.
  • Something else?
Koreykorff answered 16/8, 2016 at 6:6 Comment(0)
K
6

In the end I found the best approach to proxy all requests to CouchDB through Laravel, utilising the Passport package for API authentication.

To do this I hooked into the Spark::createUsersWith() function in the SparkServiceProvider to set up a CouchDB database on user registration via the following steps:

  1. Generate a couchdb specific username and save it in the user record.
  2. Create a couchdb database with the same name as that generated in step 1.
  3. Add a design document to the database with a filter for app specific syncing.
  4. Add a security document to only allow read/writes from the database owner (created in subsequent step).
  5. Create a CouchDB user with the username generated in step 1.

The user can then log into the app using their username and password to receive an OAuth2 password grant token.

All syncing requests are then made with the auth token to my sync proxy controller detailed in this gist.

To save a search PouchDB can be set up to send the OAuth token automatically as follows: 

this._remoteDB = new PouchDB(url, {
    ajax : {
        headers : {
            "Authorization" : "Bearer " + localStorage.getItem("token")
        }
    }
});
Koreykorff answered 27/10, 2017 at 5:6 Comment(1)
Thank you @Koreykorff for sharing this info. Was curious if you there is anything that you'd like to add to your answer after 5 years. I am going for a similar approach using Node.js.Backache

© 2022 - 2024 — McMap. All rights reserved.