Hi Matti, thank you very much! That was all I needed to know!
Regards Martin > Am 09.03.2016 um 21:17 schrieb Matti Eerola <[email protected]>: > > Hi > >> 1. "Authorization: Bearer TOKEN_HERE“, what is „Bearer“ ? Is it the user >> name? Or just a constant name, which helps the plugin to work? > > It's a constant name that is defined in OAuth 2.0 RFC: > https://tools.ietf.org/html/rfc6750 > I don't know why it's also used with JWT. You can read more about how JWT is > usually sent to server from here: > https://jwt.io/introduction/#how-do-json-web-tokens-work- > >> 2. What does the „username_claim“ configuration parameter do? There are to >> options mentioned, „name“ and „sub“, but what does these options do? > > The couch_wt_auth plugin creates a user context for the CouchDB. The user > context is created with a username and list of roles. The configuration > parameters 'username_claim' and 'roles_claim' specify what JWT claim/property > is mapped to username and roles. For example JWT could contain this payload: > { > "sub": "1234567890", > "name": "John Doe", > "roles": ["_admin", "dev"], > "admin": true > } > When couch_wt_auth is configured with username_claim=sub (sub is the default > value) then CouchDB user context username is "1234567890". If couch_wt_auth > is configured with username_claim=name then CouchDB user context username is > "John Doe". More information about different JWT claims: > https://tools.ietf.org/html/rfc7519#section-4.1 > > I hope this helps. If you have any questions, I will be happy to answer them. > > Thanks, > Matti Eerola > > > On Tue, 8 Mar 2016 08:27:22 +0100 > Martin Rudolph <[email protected]> wrote: > >> Hi everybody, >> >> we like to use couch_wt_auth for authentication, but before we’d like to use >> it some questions came up on how everything works. I hope somebody could >> answer these questions here. >> >> 1. "Authorization: Bearer TOKEN_HERE“, what is „Bearer“ ? Is it the user >> name? Or just a constant name, which helps the plugin to work? >> 2. What does the „username_claim“ configuration parameter do? There are to >> options mentioned, „name“ and „sub“, but what does these options do? >> >> I hope someone could help to understand this plugin better, so we are able >> to use it! >> >> Regards >> >> Martin >> >> >> > > > -- > Matti Eerola <[email protected]>
