You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@couchdb.apache.org by Darío Cravero <da...@uxtemple.com> on 2016/02/22 21:59:32 UTC

Thoughts on including couch_jwt_auth in core?

Hi all,

After today's discussion on Twitter with Jan around how to make
couch_jwt_auth <https://github.com/softapalvelin/couch_jwt_auth> plugin
work in couch -thanks Jan! :)- he suggested I ask
<https://twitter.com/janl/status/700710905420582912> if it might be of
interest to include this in core. Well, here it is :).

What are your thoughts? I think it would be great to be able to ship with
this in couch itself so it's seamless to activate it.

Furthermore, it would be amazing if an alternative to the POST handler in
the _session API
<https://github.com/apache/couchdb-couch/blob/master/src/couch_httpd_auth.erl#L287>
would
be able to return a JWT token instead of setting the AuthSession cookie. I
don't really know Erlang but I'll try to give this a go in the coming days.
In the meantime there's couchdb-jwt-auth-server
<https://github.com/BeneathTheInk/couchdb-jwt-auth-server> which works very
well and will do the trick. Needless to say having this integrated (be it
in core or as a plugin) with couch would be even more amazing as it would
remove one step.

Cheers,
Darío

Re: Thoughts on including couch_jwt_auth in core?

Posted by Alexander Shorin <kx...@gmail.com>.

Hi!

I'm +1 to see JWT auth support in CouchDB.
The code will be need to pass review, IP clearance and else
procedures, but the idea is good in anyway.
--
,,,^..^,,,


On Mon, Feb 22, 2016 at 11:59 PM, Darío Cravero <da...@uxtemple.com> wrote:
> Hi all,
>
> After today's discussion on Twitter with Jan around how to make
> couch_jwt_auth <https://github.com/softapalvelin/couch_jwt_auth> plugin
> work in couch -thanks Jan! :)- he suggested I ask
> <https://twitter.com/janl/status/700710905420582912> if it might be of
> interest to include this in core. Well, here it is :).
>
> What are your thoughts? I think it would be great to be able to ship with
> this in couch itself so it's seamless to activate it.
>
> Furthermore, it would be amazing if an alternative to the POST handler in
> the _session API
> <https://github.com/apache/couchdb-couch/blob/master/src/couch_httpd_auth.erl#L287>
> would
> be able to return a JWT token instead of setting the AuthSession cookie. I
> don't really know Erlang but I'll try to give this a go in the coming days.
> In the meantime there's couchdb-jwt-auth-server
> <https://github.com/BeneathTheInk/couchdb-jwt-auth-server> which works very
> well and will do the trick. Needless to say having this integrated (be it
> in core or as a plugin) with couch would be even more amazing as it would
> remove one step.
>
> Cheers,
> Darío