couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Higham <>
Subject Re: How does OAuth support, or custom headers, work in the replicator?
Date Sun, 20 May 2012 11:02:11 GMT
Hi Jens,

- CouchDB supports OAuth 1.0, not 2.0

- The fields in the replication structure are fine if you want CouchDB to
replicate to CouchDB, but I think in your case you want to OAuth requests
from a client to CouchDB so you will want to sign each request yourself.

- We use the OAuthConsumer library to authenticate requests fromIOS to
CouchDB. Our fork ( has a
some bug fixes as the library creator doesn't seem to be maintaining it.

- The CouchDB wiki contains the details on configuring OAuth on the server (

- CouchDB doesn't give you any way to get the tokens from the server to the
client so this has to be application specific.


On 19 May 2012 19:59, Jens Alfke <> wrote:

> On May 18, 2012, at 6:05 PM, Adam Kocoloski wrote:
> > I had to read the code for this one.  It looks like e.g.
> source.auth.oauth would be a JSON object with "consumer_secret",
> "consumer_key", "token_secret", and "token" fields (and an optional
> "signature_method" field).  The Authorization header would be computed by
> the replicator for each request using this information.
> Does anyone here know more about OAuth? I'm implementing the MAC
> authorization scheme* that OAuth uses, but the parameters it takes don't
> seem to match up with what's listed above. The parameters I need to compute
> the Authorization header are {key,  key identifier, issue time}.
> (This is for the purpose of implementing OAuth support in TouchDB, by the
> way.)
> —Jens
> *

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message