1 | initial version |
To utilize an Auth0 JWT Token for authentication with CouchDB, you can follow these steps:
Create an Auth0 application with the required scopes, such as openid
, profile
, and email
.
Generate an access token from Auth0, which contains the required fields, such as sub
(user ID), name
, email
, and exp
(expiration time).
Create a user account in CouchDB with the same sub
field value as in the JWT token.
Create a new security _doc
in the _users
database, with the following content:
{
"_id": "org.couchdb.user:<username>",
"name": "<username>",
"type": "user",
"roles": [],
"password_scheme": "bcrypt",
"password": "<bcrypt hash of your choosing>",
"derived_key": "<derived key based on your choosing>",
"salt": "<salt for your choosing>",
"iterations": 10,
"iterations": "<algorithm name>"
}
Note: Base64 encode the derived_key
, salt
and password
before placing into the JSON.
Add the role of the user to the roles
field of the _users
security _doc
.
Create a new database in CouchDB, which will be secured by the created user account.
Set the security permission for the database, such as "member":["org.couchdb.user:<username>"]
.
Use the Authorization
header of the HTTP request to authenticate the user with CouchDB, using the Bearer token of the generated Auth0 access token.
If the username contains a unique character such as "@" or ".", you may need to encode it using the percent-encoding method before placing it into _doc
. For example, john.doe@example.com
should be encoded as john.doe%40example.com
.