From 5f8d2db9bba73e033a8e3b63a52b9dea06d91554 Mon Sep 17 00:00:00 2001 From: spMatti Date: Tue, 1 Sep 2015 14:26:21 +0300 Subject: [PATCH] Modified to use Auth0 and couch_jwt_auth --- README.md | 10 +++++++++- auth0-rule-sample.js | 11 +++++++++++ couchdb-sample-local.ini | 10 ++++++++++ index.html | 7 +++++++ js/app.js | 23 +++++++++++++++++++++-- style/base.css | 12 ++++++++++++ 6 files changed, 70 insertions(+), 3 deletions(-) create mode 100755 auth0-rule-sample.js create mode 100755 couchdb-sample-local.ini mode change 100755 => 100644 index.html mode change 100755 => 100644 js/app.js mode change 100755 => 100644 style/base.css diff --git a/README.md b/README.md index 5f6ac17..bd0819a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,12 @@ -pouchdb-getting-started-todo +pouchdb-getting-started-todo (Using auth0 and couch_jwt_auth) ============================ The source repository for the getting started tutorial for PouchDB + +This sample is modified to support Auth0 login and CouchDB [couch_jwt_auth plugin](https://github.com/softapalvelin/couch_jwt_auth). Auth0 login generates JSON Web Token and then the token is added to all requests to CouchDB. couch_jwt_auth validates the token and creates a CouchDB user context for the user if the token is valid. There's no need to add the user to CouchDB users database. + +This sample requires that you have added a Auth0 rule that adds 'roles' claim to the token. The roles claim is used by couch_jwt_auth to add roles to CouchDB user context. Sample code for the rule can be found from the [auth0-rule-sample.js](https://github.com/softapalvelin/getting-started-todo/blob/master/auth0-rule-sample.js). Now you can use roles to restrict access to "todos" database to only users with the role "worker". + +You must configure CouchDB to use couch_jwt_auth for authentication. Add {couch_jwt_auth, jwt_authentication_handler} to httpd > authentication_handlers configuration. Then configure couch_jwt_auth with the correct information from Auth0. Look [couchdb-sample-local.ini](https://github.com/softapalvelin/getting-started-todo/blob/master/couchdb-sample-local.ini) for sample configuration. + +Note: The sample uses Auth0 Popup Mode. It may require some extra configuration in Auth0 console. For example, authentication with Google requires that you obtain Google ClientID and configure it in the [connections menu](https://manage.auth0.com/#/connections/social). diff --git a/auth0-rule-sample.js b/auth0-rule-sample.js new file mode 100755 index 0000000..bb2aca5 --- /dev/null +++ b/auth0-rule-sample.js @@ -0,0 +1,11 @@ +function (user, context, callback) { + // add roles to user info + user.roles = ["worker"]; + + // add scope for JWT request so the roles is returned in the token + var scopeMapping = { + roles: ["roles"] + }; + context.jwtConfiguration.scopes = scopeMapping; + callback(null, user, context); +} diff --git a/couchdb-sample-local.ini b/couchdb-sample-local.ini new file mode 100755 index 0000000..13be94e --- /dev/null +++ b/couchdb-sample-local.ini @@ -0,0 +1,10 @@ +; ADD couch_jwt_auth TO AUTHENTICATION HANDLERS LIKE THIS: +;[httpd] +; authentication_handlers = ... {couch_jwt_auth, jwt_authentication_handler} ... + +[jwt_auth] + hs_secret = AUTH0_CLIENT_SECRET + validated_claims = iss,aud +; iss claim example: "https://domain123.eu.auth0.com/" + validate_claim_iss = ["YOUR_AUTH0_DOMAIN"] + validate_claim_aud = ["AUTH0_CLIENT_ID"] diff --git a/index.html b/index.html old mode 100755 new mode 100644 index 6e09d2f..a0a1d74 --- a/index.html +++ b/index.html @@ -8,6 +8,12 @@ + + + + + +
@@ -21,6 +27,7 @@

todos