pouchdb-community / pouchdb-authentication

User authentication plugin for PouchDB and CouchDB.
Apache License 2.0
775 stars 118 forks source link

Is it true that PouchDB 7 makes this package "pouchdb-authentication" obsolete? #243

Open martinhbramwell opened 6 years ago

martinhbramwell commented 6 years ago

I seem to able to control client access to CouchDB adequately using only PouchDB.

What added benefit would I get from using pouchdb-authentication?

ptitjes commented 6 years ago

@martinhbramwell The benefit of PouchDB Authentication is to be able to login/logout, but also sign up, create and manage users... In any case, this is a layer above PouchDB. You can do all of what PouchDB Authentication does with some HTTP calls. :)

martinhbramwell commented 6 years ago

Hi @ptitjes thank you for your super fast reply.

I was trying to get started with pouchdb-authentication using the example code in the recipe Everybody has to be logged in to do anything. But I got 401 errors no matter what I tried.

I then saw issue #239 "PouchDb 7 : authentication doesn't work anymore" and realized that none of the fixes being discussed used pouchdb-authentication at all! Wtf?

Is it possible your documentation needs to be reviewed in the light of recent changes?

ptitjes commented 6 years ago

Yes, the documentation needs some changes (in the example you used, the Basic Authentication header Authorization in ajaxOpts is now handled by PouchDB Authentication – see #204).

But also, I had no time to explore how the current version 1.1.3 works directly with PouchDB 7. But I started a PR (#238) to make it work with the new fetch APIs. I'm sorry that I'm late but I had no help since PouchDB 7 release. The PR seems to work (it works on node.js) however some of the test targets fail because I fail to correctly include the polyfills for fetch and Promise. If you know how to fix that please help.

martinhbramwell commented 6 years ago

I wish I could help, but I'm trying to learn Couch/Pouch for an already behind schedule project. :-(

leonid-shevtsov commented 5 years ago

To answer the question (as best as I can, after my digging around in the source code):

PouchDB 7 only supports HTTP Basic Auth. pouchdb-authentication implements cookie-based auth. So no, this library is not obsolete.

CouchDB docs say that cookie auth is more efficient than basic auth, but my hunch is that the difference would only be noticeable at scale.

baradhili commented 1 year ago

Just checking - I'm guessing its not possible to use this plugin to enable offline auth to an app? - in other words if I use this, I must be online and able to reach at least one couchdb node?

leonid-shevtsov commented 1 year ago

@baradhili you are correct, this auth is for authenticating against other couchDB nodes. when offline, you can just create a DB and use it, no auth needed until you want to sync it.