couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Kocoloski <kocol...@apache.org>
Subject Re: How does OAuth support, or custom headers, work in the replicator?
Date Sat, 19 May 2012 01:05:58 GMT
On May 18, 2012, at 8:54 PM, Jens Alfke wrote:

> There's a small bit in the wiki* that hints at a replication JSON parameter to set custom
headers. One of the examples of a _replicate request shows the body:
> 
>> {"source":{"url":"https://example.net:5984/db","headers":{"Authorization":"Basic
Ym9iQGV4YW1wbGUuY29tOnBhc3N3b3Jk"}}, "target":"local-db"}
> 
> There's no further explanation; could someone clarify whether the 'headers' property
can be used to add arbitrary HTTP headers to the requests sent by the replicator?

Yepper, that's all there is to it.

> A few paragraphs later is the statement:
> 
>> Using a JSON hash (instead of a plain string) may also be used to specify OAuth (by
adding a "oauth" field to the hash).
> 
> I don't understand this at all ('oauth' isn't an HTTP header, so does this mean to add
it as a top-level property in the _replicate body? Or somewhere else? And what should its
contents be?
> 
> I'd like to know how OAuth is used to authenticate to CouchDB, but there's almost nothing
about it in the wiki.

I had to read the code for this one.  It looks like e.g. source.auth.oauth would be a JSON
object with "consumer_secret", "consumer_key", "token_secret", and "token" fields (and an
optional "signature_method" field).  The Authorization header would be computed by the replicator
for each request using this information.  I'm no OAuth expert, though.  Cheers,

Adam

> —Jens
> 
> * http://wiki.apache.org/couchdb/Replication


Mime
View raw message