Base on Couchbase recommendation for custom authentication (Currently not using any OAuth, etc).
I have the following different set-ups, however I’m getting side-effects and overall not getting the session cookie, when set-up properly.
- Ideal setup (does not return session cookie):
iOS App (Client-side) making POST request on port :3000/signup, gets routed by Node.js AppServer to port :4985 for request to CB Admin API endpoint /_user/ for creating a user. *Succeeds with 201.
Now, I have client-side sign in let’s say “user1” by POST request on port :3000/login, gets routed by appServer again to port :4985 for admin API endpoint /_session for authenticating a user. *Succeeds with 200. Does not return Cookie, or information in the response to use to attach to replication of sync-gateway.
Then, on subsequent request, username had to be valid, but “password” did not have to be and gets *Succeeds with 200 since “user1” session is active. Any valid username & password enter will replace current session.
NOTE: However, when I use Postman to make a direct post request to :4985 without going through the app server, a proper cookie session is returned with valid fields exactly as shown in cb documentations for Custom Authentication. However, this does not utilizes the app server, which is recommended.
- Non-Ideal uses public API, but gets cookie.
iOS App (Client-side) making POST request on port :3000/signup, gets routed by Node.js AppServer to port :4985 for request to CB Admin API endpoint /_user/ for creating a user. *Succeeds with 201.
Now, I have client-side sign in let’s say “user1” by POST request on port :4984/_session, *Succeeds with 200. returns Cookie, or information in the response to use to attach to replication of sync-gateway.
Then, on subsequent request, username & password did not have to be valid and gets *Succeeds with 200 since “user1” session is active. Any valid username & password enter will replace current session.