Revision history [back]

To utilize an Auth0 JWT Token for authentication with CouchDB, you can follow these steps:

1. Create an Auth0 application with the required scopes, such as openid, profile, and email.

2. Generate an access token from Auth0, which contains the required fields, such as sub (user ID), name, email, and exp (expiration time).

3. Create a user account in CouchDB with the same sub field value as in the JWT token.

4. Create a new security _doc in the _users database, with the following content:

{
  "_id": "org.couchdb.user:<username>",
  "name": "<username>",
  "type": "user",
  "roles": [],
  "password_scheme": "bcrypt",
  "password": "<bcrypt hash of your choosing>",
  "derived_key": "<derived key based on your choosing>",
  "salt": "<salt for your choosing>",
  "iterations": 10,
  "iterations": "<algorithm name>"
}

Note: Base64 encode the derived_key, salt and password before placing into the JSON.

1. Add the role of the user to the roles field of the _users security _doc.

2. Create a new database in CouchDB, which will be secured by the created user account.

3. Set the security permission for the database, such as "member":["org.couchdb.user:<username>"].

4. Use the Authorization header of the HTTP request to authenticate the user with CouchDB, using the Bearer token of the generated Auth0 access token.

If the username contains a unique character such as "@" or ".", you may need to encode it using the percent-encoding method before placing it into _doc. For example, john.doe@example.com should be encoded as john.doe%40example.com.