Custom authentication through Google - user registration

#1

I have nearly finished a very simple custom authentication web app which receives and checks a Google authentication token and once verified, attempts to create a new session for that user using the Sync Gateway admin REST interface. As expected, the user does not currently exist, so I am required to create that user before requesting the session again.

The problem that I have is through my testing using cURL it seems that Sync Gateway requires a password to be entered for the user. Although this actually makes total sense to me, in my scenario I am not in possession of the users password as authentication is being handled by Google. What are other peoples experience when using custom authentication, where you don’t necessarily want to handle passwords through Sync Gateway?

#2

Hi @RKing,

As long as the user password is hard to guess it should be fine.
When creating a user via sync gateway, you can provide a random password.
And when creating the session on the admin port, the password can be omitted.

Here are two slides describing the authentication flow with Twitter’s login API: https://www.icloud.com/keynote/AwBUCAESEK0Jzi9QXaKd83AA--de9QMaKZeEjK6D5QIom4Enesskm3ubJHJL8Q-OhDVwabaLZmn-7mWAtOINv3hIMCUCAQEEIF2mGHWQhIr2RJS5xed0w9VCdNB-o8lln7PQxYPLM1CP#custom_authentication

James