You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2022/09/29 06:16:43 UTC

[GitHub] [couchdb] VladimirCores opened a new issue, #4190: OpenID Connect to authenticate with 3rd party service, JWT issuer API

VladimirCores opened a new issue, #4190:
URL: https://github.com/apache/couchdb/issues/4190

   ## Summary
   1. As a user of CouchDB I would like to have an option to specify 3rd party authentication providers with OpenID connect (OAuth2.0 - Client ID / Secret) and use them to create user account with further auto login option, 2FA, Link . I would like to have user data and the way of accessing data in one place. 
   
   2. Also, recently added JWT support brought new possibilities of accessing data from CouchDB, however it still require some manual tuning of access (JWT extension with role or adding sub to allowed users). Generation of JWT require separate service to run, which register user, track them, keep its data, and provide OAuth2.0 service with 3rd parties, and require maintanance. It would be good to have, or I would be happy to know how to implement by myself, a special service (design document) inside CouchDB that generate JWT with additional information from CouchDB.  
   
   ## Desired Behaviour
   1. OpenID Connect - additional settings in local.ini file that specify service provider (maybe URL) / Client ID / Client Secret. The signin/signup would be with special / additional keys specifying which OAuth provider to use (as string "google" or "github"). Then CouchDB would open iframe (or navigate user to separate tab) where service's application request user to grant access to the profile, then information from the service will be sent to CouchDB and user created with data from service (openid, email, profile).
   2. I don't know, yet, how technically it should work, still learning, but it would be good to have an API that issued JWT for registered users, with optional renew of access_token using refresh_token. 
   
   I really like the way CouchDB works, the concept of "design documents" (instead of SQL to collect and process data, without middleman), and I wish the DB is progressing.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org