You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "Paul Hammant (JIRA)" <ji...@apache.org> on 2015/12/23 01:42:46 UTC
[jira] [Created] (COUCHDB-2919) Redirect to hosted login (set
cookie) redirect to referer
Paul Hammant created COUCHDB-2919:
-------------------------------------
Summary: Redirect to hosted login (set cookie) redirect to referer
Key: COUCHDB-2919
URL: https://issues.apache.org/jira/browse/COUCHDB-2919
Project: CouchDB
Issue Type: Wish
Components: HTTP Interface
Reporter: Paul Hammant
Redirect is a common authentication mechanism. (http://paulhammant.com/2011/11/22/google-accounts-architectural-meaning/) A skinny design for CouchDB could be to allow a redirect from a site, set a cookie on success, then redirect back to a referrer URL. Subsequent XHR GETs/PUTs to CouchDB would use the cookie just fine.
in the configuration, as for CORS, CouchDB could allow a whitelist of allowed referrers for a redirected login experience. Ask if you want me to explain more (sequence diagrams, etc).
Maybe a https://localhost:5984/_is_authenticated would help UIs determine whether a redirect should be offered to the end user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)