Authentication built-in
One of the great things about using CouchDB is that you get a user system ready to use from the start, letting you hit the ground running.
By default, user information is stored in the \_users database. This database is separate to your app database, and works just like any other, meaning you can restrict who can create, update or delete user documents. You can even replicate user databases between CouchDB instances and share logins, or backup users the same way you would any other data.
Authentication handlers
CouchDB can be extended to use a number of authenticaion handlers including OpenID, BrowserID, Facebook auth, Basic auth more. By default we'll be using cookie-based authentication for our app.
The user document
A user document adheres to the following format:
{
"_id" : "org.couchdb.user:username",
"type" : "user",
"name" : "username",
"roles" : ["staff"],
"password_sha" : "2db96572194bffa1ae9a264dd9561b57a4c3e47a",
"salt" : "08f16aaf9b902c71b83f12b62d74a2c5"
}
The roles can only be set by an admin user. Admin users have the _admin role, allowing them to create and delete database, assign roles, create design documents etc.
Security
Normally, the _users database is public. This means you shouldn't use it for storing private user data if your app is going to be publicly accessible. To store private data, you should either protect the _users database, or create new databases for storing only the private parts of a user's profile.
More info
For more information on how CouchDB manages users, see the CouchDB wiki.
Next
Learn how to authenticate users in your app: The session module