Hi, I can confirm that Cloudant does not enable the proxy authentication handler nor supports externalising authentication/authorization decisions in any other way. Use either IBM IAM or the CouchDB _users database within your account (note that the _users database option is not available for Transaction Engine instances).
B. > On 26 May 2021, at 08:38, Aurélien Bénel <[email protected]> wrote: > > Dear all, > > I'm totally aware that this list is dedicated to Apache CouchDB and not to > IBM Cloudant, but please consider my question as related to Apache CouchDB > compatibility with its ecosystem. > > As stated by Apache CouchDB documentation: > > "Proxy authentication is very useful in case your application already uses > some external authentication service and you don’t want to duplicate users > and their roles in CouchDB." > Source: > https://docs.couchdb.org/en/latest/api/server/authn.html#proxy-authentication > > Hence a reverse proxy can authenticate a user and send the username (as > `X-Auth-CouchDB-UserName` HTTP header) along with a token (as > `X-Auth-CouchDB-Token`) generated from this username and a general shared > secret (not related with this particular user). > > As stated: > > This authentication method allows creation of a User Context Object for > remotely authenticated user. > > This user context can be useful in a `validate_doc_update` function (for > authorizations) or in an `update` function (for accounting). > > Among third party CouchDB hosts, IBM cloudant is one of the most famous. > However the product is slightly different, especially concerning security > (see: > https://cloud.ibm.com/docs/Cloudant?topic=Cloudant-couchdb-and-cloudant). > > Whereas I am familiar with proxy authentication in Apache CouchDB, I didn't > manage to setup a similar feature in Cloudant nor to find documentation about > it. In particular, IBM "API keys" (composed by a key and a password) don't > seem to be compatible with setting a different username as > `X-Auth-CouchDB-UserName`. > > Does anyone succeeded in setting up (in Cloudant) a user context different > from the credentials used for authentication? Or is there a doc anywhere > saying that it is not possible? > > Or, is there a similar hosted service (esp. with free tier) but with proxy > authentication enabled? > > > Best regards, > > Aurélien > > P.S. My question was asked also on StackOverflow: > https://stackoverflow.com/questions/67537968
