I am working on an Android app which uses Couchbase Lite and Sync Gateway. I'm authenticating against the Sync Gateway using basic HTTP authentication.
Is there a way to validate a user's credentials without triggering a replication? I believe I could have a front-end web service that would use the Admin REST API to attempt to create a session, but I'd prefer to avoid this and have the client talk directly to the Sync Gateway.
After some testing, I have found that there is a session API available on the non-admin port, which works for testing an account:
curl -H "Content-type: application/json" -X POST \
http://localhost:4984/mydatabase/_session --data \
"{\"name\":\"myuserid\",\"password\":\"mypassword\"}"
This doesn't generate a session, but it does validate the user credentials, returning the following:
{
"authentication_handlers":["default","cookie"],
"ok":true,
"userCtx":{"channels":{"!":1,"channel1":1,"channel2":1},"name":"myuserid"}
}
On an incorrect password, it returns:
{"error":"Unauthorized","reason":"Invalid login"}
On an unrecognised user ID, the server immediately closes the connection without returning anything.