CouchDB, JWKS and PEM public keys
Depending on how deep you authenticate, you might be tasked maintaining a user base in _users
(and welcome to "I forgot my password" hell). The standing recommendation is to implement a single source of identity using a directory as Identity Provider (IdP). My favorite NoSQL database can be configured to trust JWT signed by known IdPs, so let's do that.
Some assembly required
CouchDB can be configured in three ways: Edit the respective ini file, use the Fauxton UI or use the REST API. I like the later since I'm comfortable with curl and Bruno (not a fan of Postman anymore). The steps are:
- configure a client on your identity provider
- enable JWT authentication
- specify what claims are mandatory
- specify how to map roles
- add trustedd public keys
- restart your node
Read more
Posted by Stephan H Wissel on 30 July 2025 | Comments (0) | categories: CouchDB JWT