Hello to everyone,
I would like to migrate a REST API and an OAuth2 Authorization server backed by a MySQL database to Couchbase, using Sync Gateway to sync all data from and to mobile apps.
In the current system, users can login using their username, email or phone number.
Every user have an username, which identifies them.
Question 1: Where can I store these information with Sync Gateway?
I read from documentation that I need to write a custom authentication service that runs on the same server as Sync Gateway (so it can connect to the Admin API). This is fine, except for all users registered with a phone number, because the _user model cannot save it, and as far as I know there isn’t a configuration for adding properties to sync gateway user.
One solution I thought is to create from Admin API a document for each user that will be always private, containing private informations like: email, phone number, firebase tokens (for notifications) etc.
When the user try to login (ie with his phone) , the authentication service find the username from this view first, then try to create a session with his user.
Anyone have a better idea?
Question 2: How can I validate the user password?
From Admin API I can create sessions without specifing the user password.
From Public API I can create a session sending username and password, but the cookie is set in the response header and not retrieved by json (I’m making the request from my authorization service).
There is an hidden configuration or Admin API call to check only if the user password is correct? Any workaround?
Question 3: OAuth2 authorization server, how can I migrate it?
The current web app and the mobile apps uses a token based authentication. External clients are using the Authorization Code Grant Type to login on the system (Exactly like Facebook Login).
However, Couchbase Sync Gateway uses a session based authentication, so there are a lot of differences.
Obviously, I need to maintain the service for all external clients, but the only possible solution that i can find is:
Use the old oauth2 server application, editing the database connection so it use the Admin API to connect with Couchbase Sync Gateway. Then create a new API service that wraps the token authentication, find the user connected to it and using Admin API acting in his behalf.
I don’t like this approatch because:
- I don’t know if acting in behalf of a user is possibe and creating a session token for each request is unmaintainable.
- The maintenance work increases, adding couchbase and not removing the old system (We want to change to Coucbase for reducing webservice maintenance).
So there is another way to migrate this kind of authorization server? Anyone have done this migration before?
Any help is appreciated