Creating replications in objective-c using a session token

nick-couchbase · January 24, 2017, 10:02am

Some help with the objective-c api.

I want to create a replication using an existing session token (rather than a username and password). I can’t quite see from these docs or the API docs how to do this.

Thanks

jamiltz · January 24, 2017, 12:23pm

All authentication related docs are in https://developer.couchbase.com/documentation/mobile/current/guides/authentication/index.html. The one you’re looking for is Custom Authentication I think.

nick-couchbase · February 1, 2017, 5:24pm

Thanks. Following these docs custom auth does work as described. You can pass in a bunch of cookie parameters:

pull?.setCookieName(session["cookie_name"]!, withValue: session["session_id"]!, path: "/", expirationDate: date, secure: false)

But I was hoping to be able to just use a single Authorisation header in the same way as I can do using the rest API. Could someone point me to the objective-c code that does this so I can copy?

jens · February 1, 2017, 7:54pm

HTTP session-based auth doesn’t use the Authorization header, it uses cookies.

nick-couchbase · February 1, 2017, 11:01pm

Hmm, it’s not documented here, I don’t know where I’ve got this from… but I’m creating a replication using basic auth only (this._authHeader = "Basic " + base64.encode(userId + ":" + password) via the REST API. My source and target look like this:

const source = this.databaseName;
const target = {headers: {Authorization: this._authHeader}, url: sgUrl};

jens · February 2, 2017, 1:15am

Then you can just add Cookie to the headers instead of Authorization.

nick-couchbase · February 2, 2017, 8:13am

Will do thanks. But I’m curious now - is using the Authorisation deprecated?

jens · February 2, 2017, 5:38pm

It just depends on whether you use HTTP auth or session/cookie auth. They’re two equally valid types of authentication.

(If you’re not using SSL, you should definitely not use HTTP Basic auth because it exposes the user’s password. Session auth is slightly more secure without SSL, but an eavesdropper can still read the cookie and use it to send their own requests. Basically, nowadays you really need to be using SSL.)

nick-couchbase · February 4, 2017, 8:58am

I am using SSL, I don’t think you even have the option not to in iOS now.

jens · February 5, 2017, 5:51pm

Good!

(You can still bypass SSL in an iOS app, but only by customizing your Info.plist, and it’s a safe bet that Apple’s going to disable that in an upcoming iOS update.)