Reputation: 386
Getting a 401 response on couchdb authentication
I've spent the last day or two pulling my hair out over this, so I thought I'd share the answer.
Problem: When trying to get an authentication cookie from the client side (using some http library or another), you get a 401 Unauthorised response. Even though you know the username and password are correct and you're doing it exactly how it's done in all the examples. Well my friend, your issue is that you expect things to make sense.
Upvotes: 1
Views: 650
Answers (1)
Reputation: 386
Turns out that if you have the require_valid_user set to true in the couch db config, and then don't include those credentials with an authentication request (even if the credentials you're authenticating are valid!) couch will reject it out of hand. So you've two options really,
Keep require_valid_user true and do your authentication on your own server where you can wack in the admin username and password as a part of the url (like so url = http://admin:password@url:5984). And then authenticate your credentials and pass back the ensuing cookie you get from that. (Make sure in subsequent requests straight from the client to the db you include withCredentials:true, so the browser sends the cookie with the request).
Say screw it and don't require a valid user with each request, and instead authenticate on the design doc and database security level only. I can't vouch for how secure this is, as I haven't done it.
Upvotes: 2
Related Questions
- Users can't be authenticated for _session
- CouchDB error -Malformed AuthSession cookie -- version 2,2
- PouchDB and Cookie Authentication with CouchDB not actually logging in the user
- CouchDB cookie authentication with HTTPS
- Angular with CouchDB Cookie Authentication 401
- Calls to CouchDB's _session always return 200
- how to make couch db authentication work
- Impossible to retrieve AuthSession cookie Couchdb via javascript
- CouchDB _session authentication is failing
- CouchDB Authentication