+1 to remove oauth. Keen to see new authn and authz options for couchdb but that's a separate topic.
> On 11 Sep 2015, at 17:38, Jan Lehnardt <j...@apache.org> wrote: > > Let’s keep things separate. > > I propose moving broken oAuth support from 2.0. I’m prepared to do the > legwork, it shouldn’t take long. > > If someone steps in and fixes oAuth for 2.0 VERY SOON, I’d be okay with > keeping it. > > At this point, we are not discussing additional features for 2.0. > > If we get JWT, it goes into 2.1. > > Best > Jan > -- > > > >> On 11 Sep 2015, at 16:50, Klaus Trainer <klaus_trai...@posteo.de> wrote: >> >> Hi everybody! >> >>> On 09/10/2015 08:20 PM, Alexander Shorin wrote: >>> Seems like there are no much options. >>> >>> I disagree that it's very poor. The only flaws it has is the lack of >>> RSA support (our implementation) and open security issues (as auth >>> protocol). But is there any good alternative? >> >> A good alternative would be to support JSON Web Token (JWT) [1]. >> Somebody has already done some work for CouchDB 1.6. in this regard [2]. >> They managed to outsource authentication to Auth0, while validating JWTs >> issued by Auth0, and creating respective CouchDB sessions with username >> and roles assigned from the JWT [3, 4]. >> >> In addition to what's been done in [2], I'd like CouchDB to be able to >> issue JWTs as well, which then could also be used by other applications >> for authentication and authorization. >> >> In contrast to OAuth 1.0a (which is implemented in CouchDB), JWT is >> conceptionally much simpler. It is easy to set up on servers, and easy >> to use for clients (e.g. in the browsers). >> >> Regarding implementing JWT in CouchDB: I'd like to volunteer and can >> allocate time for that. >> >> What do you think about supporting JWT? >> >> >> [1] https://tools.ietf.org/html/rfc7519 >> [2] https://github.com/softapalvelin/couch_jwt_auth >> [3] https://github.com/softapalvelin/getting-started-todo >> [4] https://auth0.com/ > > -- > Professional Support for Apache CouchDB: > http://www.neighbourhood.ie/couchdb-support/ >
