pouchdb-community / pouchdb-authentication

User authentication plugin for PouchDB and CouchDB.
Apache License 2.0
775 stars 118 forks source link

Authentication not work with pouchdb 7.2.1 #264

Open slmarcos opened 4 years ago

slmarcos commented 4 years ago

Hello, I am trying to use authentication in pouchDb 7.2.1. The login is successful but when starting the synchronization I receive the following message: "You are not authorized to access this db".

I followed the steps described in the documentation. And I didn't find any configuration flaws.

Thanks.

SinanGabel commented 4 years ago

If you are using couchdb 3.0 or later then see the previous Issue #263 for a solution.

shaohli2021 commented 4 years ago

I'm currently having the same issue, did you end up finding out what the problem was?

slmarcos commented 4 years ago

Hello @shaohli2021 , I didn't have the opportunity to test the @SinanGabel solution, I'm currently connecting using basic user and password authentication.

amustapha commented 4 years ago

I also faced this issue, however it turned out not to be a couchdb/pouchdb issue but a browser related problem.

PouchDB Authentication returns set-cookie header on successful authentication which isn't honored by newer browsers. Here's why: https://web.dev/samesite-cookies-explained/

In production, your app should would work if your CouchDB is hosted on the same root domain, e.g x.couch.com, y.couch.com. However if they're on entirely different domains, you might have to modify your request response headers. If it doesn't work in development mode, you can turn off the behavior on Google chrome by Navigating to: chrome://flags/#same-site-by-default-cookies Disable: "SameSite by default cookies" and "Enable removing SameSite=None cookies"

As of today, it google chrome is the only browser that has this implemented (version 80+)

SinanGabel commented 4 years ago

PS samesite cookies, one can do the following:

(1) In couchdb local.ini configuration set:

[couch_httpd_auth] same_site = None

(2) In your reverse proxy you will need to make a change too, for nginx web server one can add:

proxy_cookie_path / "/; HTTPOnly; Secure";

komorebi-san commented 3 years ago

I am using Google Chrome 90 and facing this issue. I have disable the "Enable removing SameSite=None cookies" but still it doesnt work..

burotica49 commented 2 years ago

Hello,

I have the same problem with pouchDB authentication and VueJS. Everything works fine except on Safari and iOS.

In couchdb local.ini configuration, i add:

[couch_httpd_auth] same_site = None

this.remote.login returns me the correct information, but this.remote.getsession returns me an empty userCtx.

I tested with Axios, when I query the getsession userCtx empty

Best regard