forked from NickColley/getting-started-todo
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Modified to use Auth0 and couch_jwt_auth
- Loading branch information
Showing
6 changed files
with
70 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,12 @@ | ||
pouchdb-getting-started-todo | ||
pouchdb-getting-started-todo (Using auth0 and couch_jwt_auth) | ||
============================ | ||
|
||
The source repository for the getting started tutorial for PouchDB | ||
|
||
This sample is modified to support Auth0 login and CouchDB [couch_jwt_auth plugin](https://github.com/softapalvelin/couch_jwt_auth). Auth0 login generates JSON Web Token and then the token is added to all requests to CouchDB. couch_jwt_auth validates the token and creates a CouchDB user context for the user if the token is valid. There's no need to add the user to CouchDB users database. | ||
|
||
This sample requires that you have added a Auth0 rule that adds 'roles' claim to the token. The roles claim is used by couch_jwt_auth to add roles to CouchDB user context. Sample code for the rule can be found from the [auth0-rule-sample.js](https://github.com/softapalvelin/getting-started-todo/blob/master/auth0-rule-sample.js). Now you can use roles to restrict access to "todos" database to only users with the role "worker". | ||
|
||
You must configure CouchDB to use couch_jwt_auth for authentication. Add {couch_jwt_auth, jwt_authentication_handler} to httpd > authentication_handlers configuration. Then configure couch_jwt_auth with the correct information from Auth0. Look [couchdb-sample-local.ini](https://github.com/softapalvelin/getting-started-todo/blob/master/couchdb-sample-local.ini) for sample configuration. | ||
|
||
Note: The sample uses Auth0 Popup Mode. It may require some extra configuration in Auth0 console. For example, authentication with Google requires that you obtain Google ClientID and configure it in the [connections menu](https://manage.auth0.com/#/connections/social). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
function (user, context, callback) { | ||
// add roles to user info | ||
user.roles = ["worker"]; | ||
|
||
// add scope for JWT request so the roles is returned in the token | ||
var scopeMapping = { | ||
roles: ["roles"] | ||
}; | ||
context.jwtConfiguration.scopes = scopeMapping; | ||
callback(null, user, context); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
; ADD couch_jwt_auth TO AUTHENTICATION HANDLERS LIKE THIS: | ||
;[httpd] | ||
; authentication_handlers = ... {couch_jwt_auth, jwt_authentication_handler} ... | ||
|
||
[jwt_auth] | ||
hs_secret = AUTH0_CLIENT_SECRET | ||
validated_claims = iss,aud | ||
; iss claim example: "https://domain123.eu.auth0.com/" | ||
validate_claim_iss = ["YOUR_AUTH0_DOMAIN"] | ||
validate_claim_aud = ["AUTH0_CLIENT_ID"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters