I have nearly finished a very simple custom authentication web app which receives and checks a Google authentication token and once verified, attempts to create a new session for that user using the Sync Gateway admin REST interface. As expected, the user does not currently exist, so I am required to create that user before requesting the session again.
The problem that I have is through my testing using cURL it seems that Sync Gateway requires a password to be entered for the user. Although this actually makes total sense to me, in my scenario I am not in possession of the users password as authentication is being handled by Google. What are other peoples experience when using custom authentication, where you don’t necessarily want to handle passwords through Sync Gateway?