social authentication plugin

[nolanlawson]

From @edrex on May 27, 2015 0:49

Two Christmases ago I wrote a simple browser app for collaborative storytelling, Pillowfork, with PouchDB and a pure CouchDB server, using the BrowserID (now Mozilla Persona) plugin for authentication. With social auth and PouchDB sync, CouchDB is comparable to Firebase as a "commodity server-side". If you're curious to try the auth flow in the app, click Respond to this post then Publish.

Is it possible to write new authentication methods for express-pouchdb as plugins? Possibly leveraging existing express middleware? I'd be interested in helping build such a module, but Node servers aren't my usual stomping grounds so could use help sketching out the interfaces. Interest?

PS: The plugin was a pain to build, see this pull request.

Copied from original issue: pouchdb/express-pouchdb#212

[nolanlawson]

I think it would definitely be neat to have support for more authentication than just CouchDB's built-in, especially given how many features it lacks. I would feel more comfortable if this lived in plugin-land rather than in express-pouchdb core, though. Is there anything we could do to make it easier to write as a plugin, or do you know if the Express middleware setup is good enough?

[nolanlawson]

From @edrex on May 29, 2015 0:23

Definitely +1 for making fancy auth a plugin rather than part of the core service.

I'm not fluent with Express, but understand that it works like most any other HTTP middleware system. It looks like some slight modifications would be needed around index.js to make it easy to replace routes/authentication.js with a custom provider.

I'm not far enough down this path to seriously commit to making this happen, just wanted to express interest and get a conversation going.

Also, given everyone's thinly stretched resources (i really deeply appreciate your commitment to continuing to develop PouchDB and would like to help support that wherever possible) we should look for ways to make connections and reuse wherever possible. Can pouchdb/pouch.host integrate with express-pouchdb? It sounds like it started as a Persona authn method and now implements a sort of "persona lite" using emailed signin tokens.

[nolanlawson]

From @edrex on May 29, 2015 0:28

Also wanted to highlight an outcome of my original research that floated up just now:

CouchDB auth wants an email, and so Persona, being fundamentally email-based, is a better fit than other Auth methods which don't guarantee a verified email (I used to work at Janrain, so I'm pretty intimate with all the vagaries of social authn)

[nolanlawson]

This is largely fixed by https://www.npmjs.com/package/superlogin and I believe it's out of scope for pouchdb-server