search

pouchdb-community / pouchdb-authentication

User authentication plugin for PouchDB and CouchDB.
Apache License 2.0
774 stars 118 forks source link

Problem with Cloudant #95

Closed quedicesebas closed 8 years ago

quedicesebas commented 8 years ago

I always getting the 403 error. This is my user documment in _users:

{ "_id": "3ae2b004f63f76a1d936b0cce2e96d2c", "_rev": "3-77f93ee6a9e99d6769dc528c0bcb82bf", "value": { "rev": "3-77f93ee6a9e99d6769dc528c0bcb82bf" }, "key": "3ae2b004f63f76a1d936b0cce2e96d2c", "doc": { "_id": "3ae2b004f63f76a1d936b0cce2e96d2c", "_rev": "3-77f93ee6a9e99d6769dc528c0bcb82bf", "name": "admin", "roles": [ "_reader", "_writer" ], "type": "user", "password": "37d6c5Qe" } }

I'm calling db.login('admin', '37d6c5Qe')

nolanlawson commented 8 years ago

I don't believe pouchdb-authentication supports Cloudant. I'm told they were working on adding support, but last I heard it's not in yet. You can contact Cloudant customer support for more help.

quedicesebas commented 8 years ago

Yes, I make a suppport request, I will come back here.

Kluskey commented 8 years ago

@sebrojas14 Any updates?

numerized commented 8 years ago

So, after playing a bit with cloudant Ionic2 and pouchdb-authentication I can tell you that they are 100% compatible.

The error is happening because Cloudant don't use the _user database as we expect.

When you signup a new user with db.signup() on cloudant database as remote, the user is created in the _user database but no entry is created into the permission schema inside the remote database.

Cloudant manage users differently by generating API keys and checking granted roles.

The catch is to add a this username manually in the Permissions schema of the database through cloudant console and tick grant levels where the actual user should have been granted by the signup method. The error instantly disappear and you can connect and read / write / replicate if ticked.

The way cloudant is actually creating users different than pouchdb-authentication, is to generate an API key for the database of your choice like explained here : https://docs.cloudant.com/authorization.html

At the bottom of the previous link it's mentioned that is possible to use the _user database to manage users. I'll check that in a couple of hours and report here :

ENABLING THE _USERS DATABASE WITH CLOUDANT You can use the _users database to manage roles in Cloudant. However, you must turn off Cloudant security for those roles first. To do this, PUT a JSON document to the _security endpoint of the database. For example, https://.cloudant.com//_security.

Lucky enough you can use nodejs-cloudant to do it for you : https://github.com/cloudant/nodejs-cloudant#generate-an-api-key

It could be nice that pouchdb-authentication could create api keys from a cloudant perspective but I think I'll use nodejs-cloudant