couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: OAuth for authorization (not authentication)
Date Tue, 19 Jul 2011 09:20:34 GMT
Hi Camille,

The OAuth implementation in CouchDB is very limited (due
to constraints in the original development phase). The
implementation does not allow fine-grained token-based
access to specific contents of one or more databases
inside CouchDB, but only the authentication against a
CouchDB user in the CouchDB authentication layer. Once
a request is auth'd, there is no more OAuth machinery
inside CouchDB and you are left with CouchDB's security
mechanics:

  http://wiki.apache.org/couchdb/Security_Features_Overview
  http://blog.couchbase.com/whats-new-in-couchdb-1-0-part-4-securityn-stuff

Cheers
Jan
-- 




On 19 Jul 2011, at 11:07, Camille Harang wrote:

> Hi again,
> 
> Le 18/07/2011 15:44, Robert Newson a écrit :
>> As also noted on IRC, you are indeed wrong,
> 
> I hope I am, I really tried to find the proper way to fully implement
> OAuth authorization layer (tokens, ad hoc grant access in time and
> scope: the very essence of OAuth) within the CouchDB intrinsic
> techniques and philosophy, but I keep failing.
> 
>> you just don't like the
>> granularity
> 
> I don't dislike or like it, but wherever I look it just appears to me
> that there is just not enough of it to match the requirements of a
> proper implementation of OAuth. But I believe being wrong, I'm sure I
> am, I want to use Couch, can anyone point me the right direction? Once I
> know it, I will like it.
> 
> Thanks,
> 
> Cheers,
> 
> Camille.
> 
> 
>> of the operation you are authorized to perform after
>> successfully authenticating. :)
>> 
>> B.
> 
> -- 
> The Good, the Bad and the Ugly under Creative Commons! https://yooook.net/r/lp1
> 


Mime
View raw message