I'm trying to figure this OAuth bit out too.

I'm a bit confused though by your statement Adam (and maybe I'm being a bit naive), but that doesn't quite jive with me.. 

is the resultant replicator doc something like this?

{
"source": "widgets",
        "target": "https://www.example.com/couchdb/widgets",
        "oauth": {
"consumer_secret": "...",
"consumer_key": "...",
                "token_secret": "...",
"token": "....",
"signature_method": "..."
}
}

or is it?

{
"source": "widgets",
        "target": {
"what field is this?": "https://www.example.com/couchdb/widgets",
         "auth": {
"oauth": {
"consumer_secret": "...",
"consumer_key": "...",
                "token_secret": "...",
"token": "....",
"signature_method": "..."
}
}
}
}

If the latter is correct; what's the key name for specifying the url for the db?

if it's the former, is oauth only used on the 'remote' endpoint whether it's source or target?

or am I just way off base?

Thanks,

Jim Klo
Senior Software Engineer
Center for Software Engineering
SRI International

On May 18, 2012, at 6:05 PM, Adam Kocoloski wrote:

On May 18, 2012, at 8:54 PM, Jens Alfke wrote:

There's a small bit in the wiki* that hints at a replication JSON parameter to set custom headers. One of the examples of a _replicate request shows the body:

{"source":{"url":"https://example.net:5984/db","headers":{"Authorization":"Basic Ym9iQGV4YW1wbGUuY29tOnBhc3N3b3Jk"}}, "target":"local-db"}

There's no further explanation; could someone clarify whether the 'headers' property can be used to add arbitrary HTTP headers to the requests sent by the replicator?

Yepper, that's all there is to it.

A few paragraphs later is the statement:

Using a JSON hash (instead of a plain string) may also be used to specify OAuth (by adding a "oauth" field to the hash).

I don't understand this at all ('oauth' isn't an HTTP header, so does this mean to add it as a top-level property in the _replicate body? Or somewhere else? And what should its contents be?

I'd like to know how OAuth is used to authenticate to CouchDB, but there's almost nothing about it in the wiki.

I had to read the code for this one.  It looks like e.g. source.auth.oauth would be a JSON object with "consumer_secret", "consumer_key", "token_secret", and "token" fields (and an optional "signature_method" field).  The Authorization header would be computed by the replicator for each request using this information.  I'm no OAuth expert, though.  Cheers,

Adam

óJens

* http://wiki.apache.org/couchdb/Replication