From commits-return-2829-apmail-couchdb-commits-archive=couchdb.apache.org@couchdb.apache.org Tue Jul 28 11:39:46 2009 Return-Path: Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: (qmail 7716 invoked from network); 28 Jul 2009 11:39:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 28 Jul 2009 11:39:46 -0000 Received: (qmail 67580 invoked by uid 500); 28 Jul 2009 11:41:03 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 67517 invoked by uid 500); 28 Jul 2009 11:41:03 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 67508 invoked by uid 500); 28 Jul 2009 11:41:02 -0000 Delivered-To: apmail-incubator-couchdb-commits@incubator.apache.org Received: (qmail 67505 invoked by uid 99); 28 Jul 2009 11:41:02 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Jul 2009 11:41:02 +0000 X-ASF-Spam-Status: No, hits=-1998.5 required=10.0 tests=ALL_TRUSTED,NORMAL_HTTP_TO_IP,WEIRD_PORT X-Spam-Check-By: apache.org Received: from [140.211.11.130] (HELO eos.apache.org) (140.211.11.130) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Jul 2009 11:40:50 +0000 Received: from eos.apache.org (localhost [127.0.0.1]) by eos.apache.org (Postfix) with ESMTP id A126C118BF for ; Tue, 28 Jul 2009 11:40:29 +0000 (GMT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Apache Wiki To: couchdb-commits@incubator.apache.org Date: Tue, 28 Jul 2009 11:40:29 -0000 Message-ID: <20090728114029.23069.10810@eos.apache.org> Subject: [Couchdb Wiki] Update of "Authentication and Authorization" by Eric Casteleijn X-Virus-Checked: Checked by ClamAV on apache.org Dear Wiki user, You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification. The following page has been changed by Eric Casteleijn: http://wiki.apache.org/couchdb/Authentication_and_Authorization The comment on the change is: Added example of OAuth authentication. ------------------------------------------------------------------------------ couch_http to accept a list of authentication handlers instead of a single authentication handler. + Steps to get OAuth authentication working (with the patch installed): + + 1. in default.d create a file oauth.ini, with contents: + + {{{ + [oauth_consumer_secrets] + example.com = sekr1t + [oauth_token_secrets] + user1 = tokensekr1t + [oauth_token_users] + user1 = admin_user + }}} + + 1. In Couchdb, create a user document in _users with username = "admin_user", and add the "_admin" role to its "roles" list. + 1. In default.ini, change the authentication_handlers line to: + {{{ + authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler} + }}} + 1. Install Leah Culver's version of the python oauth library: http://github.com/leah/python-oauth/tree/master + 1. Run the following command from the command line (should be one long line): + {{{ + python -c "URL='http://127.0.0.1:5984/_session';KEY='example.com';TOKEN='user1';SECRET='tokensekr1t';import oauth,httplib;consumer=oauth.OAuthConsumer(KEY,'sekr1t');token=oauth.OAuthToken(TOKEN,SECRET);rq=oauth.OAuthRequest.from_consumer_and_token(consumer,token=token,http_method='GET',http_url=URL,parameters={});rq.sign_request(oauth.OAuthSignatureMethod_HMAC_SHA1(),consumer,token); con=httplib.HTTPConnection('localhost:5984'); con.request('GET',URL,headers=rq.to_header()); print con.getresponse().read()" + }}} + + If all is well, you should see this response: + {{{ + {"ok":true,"name":"admin_user","roles":["_admin"]} + }}} == Authorization use cases ==