I have a website on foo.com serving PageA.
PageA has some JQuery within it that requests via XmlHttpRequest some JSON data from a CouchDb instance residing at bar.com.
As I understand it the same origin policy prevents this, but the use of JSONP should circumvent this limitation (CORS will eventually cover this use-case, I believe.)
The server behind foo.com has a trusted connection to the database at bar.com.
Is it possible to have a user authenticate with foo.com using their OAuth credentials (Twitter login, for example), and subsequently be authenticated to use bar.com? (I presume not due to the authentication cookie only being readable by foo.com.)
Given this, is there any way I can authenticate a user to use the CouchDB at bar.com from foo.com using any of the available authentication mechanisms for CouchDB (OAuth, cookie and Basic)?
Edit: could I, for example, return user credentials for bar.com from foo.com (retrieved via its trusted link) which are then set client-side in the XmlHttpRequest HTTP header for basic authentication with bar.com. All done over TLS of course (…or is this a security nightmare?)
I had the same issue regarding same origin policy in xhr. I had a website and I wanted to populate autocomplete content with JSON data from a different server running CouchDB.
There are 2 ways:
As far as sharing a login session from CouchDB and another app server, I don’t know how to do that without resorting to basic HTTP authentication, which isn’t really that secure. It is probably better to let app server act as middle-man b/t client and CouchDB.
Another benefit of an app server middle-man is that a single CouchDB database can have documents for multiple users. By contrast, if the client accesses CouchDB directly, you probably need to create a separate database for each user via filtered replication so that one user cannot view another user’s documents.