Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CouchApp user registration

Tags:

oauth

couchdb

couchapp

I'm building a standalone couchdb application. These are called couchapps. The idea is that the database itself is served on port 80 and returns HTML and works as the actual website. This is a very powerful idea and I'm entirely amazed by this new concept of having your code live inside your database.

But I'm having some issues with user registration. The one built into couchdb allows for cookies to be set and makes it really easy to plug it into your website. But there's several quite important things missing that my app requires in order to say that it has a "proper" user registration system.

  1. There's no signup verification. No email is sent, no captcha is displayed. This means that anyone could spam your _users database and create as many new users as they please.

  2. If a user forgets their password there's no facility to help them recover it.

Any idea how I could overcome these issues without doing any hardcore Erlang development at a lower level (not an Erlang guy)? It would also be great if anybody knew if I could be using OAuth to authenticate against Twitter or GitHub accounts and have that integrate seemlessly with how couchdb data is handled (inside validate_doc_update functions).

Thank you

like image 457
Luca Matteis Avatar asked Dec 01 '11 13:12

Luca Matteis

1 Answers

While the built in user database can work, I would not recommend it for the workflow you describe. Here are some other options:

Browser ID

I would really recommend using BrowserID. IrisCouch has provided a plugin to couchdb here:

https://github.com/iriscouch/browserid_couchdb

This will take care of the normal registration workflow.

If you want to take it a step further and have your users "Fairly Anonymous", you can follow the example of this couchapp called "Mingle"

https://github.com/thedod/Mingle

Twitter Integration

Max Ogden's "DataCouch" project has a log in via twitter, although it is using some Node external processors to make it work. See here:

https://github.com/maxogden/datacouch/blob/master/processors/auth/twitterauth.js

Facebook integration

https://github.com/ocastalabs/CouchDB-Facebook-Authentication

OpenID

https://github.com/mcaprari/couchdb-openid

I dont think you can use the oauth purely with Couch, as this post suggests:

http://bennolan.com/2011/01/11/couchdb-oath.html

so the closest you will get there is following what Datacouch has done.

Hope these suggestions help.

like image 72
Ryan Ramage Avatar answered Oct 24 '22 02:10

Ryan Ramage
Sign in to Comment

Related questions

How Does Twitter's OAuth System Work?
Clear webView cookies (Swift)
Could not deserialize key data on decoding JWT python
Parse.com API security concerns
Authenticate JIRA REST API using OAuth with Node.JS
Dynamically append OWIN JWT resource server Application clients (audiences)
Google Cloud Console: Invalid redirect URI
angular-ui replace'?' with '#' on redirect from facebook oauth
Create OAuth Signature with HMAC-SHA1 Encryption returns HTTP 401
Facebook: sending an iOS access token server side and signing with App Secret
CakePHP OAuth with Google
Adding a query parameter to the Instagram auth redirect_uri doesn't work?
How should I implement OAuth for an application? [closed]
What is the right way to sign POST requests with OAuth-Signpost and Apache HttpComponents?
API and Application authentication using Devise, Doorkeeper and OAuth2 token
Return error on invalid or expired token
LinkedIn OAuth redirect login returning "No 'Access-Control-Allow-Origin' header is present on the requested resource" error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!