couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pauli Price (JIRA)" <>
Subject [jira] [Commented] (COUCHDB-1825) Add support for 3-legged OAuth
Date Mon, 10 Jun 2013 19:18:21 GMT


Pauli Price commented on COUCHDB-1825:

This illustrates the expected use case:

Substitute CouchDB for his java backend, and it's the same thing. Excerpted:

"... My stack is java in the backend exposing a REST api for both autentication and business
logic. The client is a backbone.js application. I explicitely decided NOT to use sessions
at all. It is completely stateless. This of course means that the user must be re-authenticated
at every request.

When the user logs in through a slightly modified OAuth endpoint, it gets a token that must
be passed at every request. Cookie works in this case as they are handled automatically by
the browser. If not passed as cookie, the backend expect it as a parameter. The frontend communicates
using the REST endpoints. It's a single-page application, full client side, this means that
the backend serves a page that is basically empty, that include few JS files that are the
application itself. No other pageload occurs. Logout is done by simply deleting the cookie
or not sending the authToken, the server cannot and doesn't have to "forget" about the user.
Token are nice as they can be invalidated, both expilcitely or by changing the password. I've
chosen this approach as it made it easy to develop desktop app and browser plugin for my webapp
without touching a single line of backend code."

> Add support for 3-legged OAuth
> ------------------------------
>                 Key: COUCHDB-1825
>                 URL:
>             Project: CouchDB
>          Issue Type: New Feature
>            Reporter: Pauli Price
> see:
- line 100
> See related tickets:
> - OAuth authentication support (2-legged
initially) and cookie-based authentication
> - Add per database (OAuth) authentication
to couchdb
> - CouchDB uses _users db for storing
oauth credentials

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message