From user-return-23472-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org  Sun Feb 17 04:36:49 2013
Return-Path: <user-return-23472-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
X-Original-To: apmail-couchdb-user-archive@www.apache.org
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A2EA8E58C
	for <apmail-couchdb-user-archive@www.apache.org>; Sun, 17 Feb 2013 04:36:49 +0000 (UTC)
Received: (qmail 75408 invoked by uid 500); 17 Feb 2013 04:36:48 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 75122 invoked by uid 500); 17 Feb 2013 04:36:48 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 75098 invoked by uid 99); 17 Feb 2013 04:36:47 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 17 Feb 2013 04:36:47 +0000
X-ASF-Spam-Status: No, hits=2.8 required=5.0
	tests=HTML_FONT_FACE_BAD,HTML_MESSAGE,PLING_QUERY,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: local policy)
Received: from [128.18.84.133] (HELO brightmail-internal4.sri.com) (128.18.84.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 17 Feb 2013 04:36:39 +0000
X-AuditID: 80125485-b7fc16d00000612f-b8-51205e40ddcb
Received: from exchange-hub01.SRI.COM (exchange-hub01.SRI.COM [128.18.23.153])
	(using TLS with cipher AES128-SHA (AES128-SHA/128 bits))
	(Client did not present a certificate)
	by brightmail-internal4.sri.com (SRI Internal SMTP Gateway) with SMTP id 4F.63.24879.04E50215; Sat, 16 Feb 2013 20:36:16 -0800 (PST)
Received: from EXCHANGE-DB08.SRI.COM ([fe80::a11e:7c21:6886:9a20]) by
 exchange-hub01.SRI.COM ([2002:8012:1799::8012:1799]) with mapi id
 14.02.0298.004; Sat, 16 Feb 2013 20:36:08 -0800
From: Jim Klo <jim.klo@sri.com>
To: "<user@couchdb.apache.org>" <user@couchdb.apache.org>
Subject: Re: Help! 2-legged OAuth Example Anyone?
Thread-Topic: Help! 2-legged OAuth Example Anyone?
Thread-Index: AQHODEVMbRNzjrR/zEOKn9BpBSxHsJh9eBGG
Date: Sun, 17 Feb 2013 04:36:08 +0000
Message-ID: <296CE25D-70E0-4E79-8C85-EE6AAA562EDE@sri.com>
References: <CALhfc-U3GnzRXZyAhYd=iQU3+aDaEvX3mvihooW4EupbsfNt_A@mail.gmail.com>
In-Reply-To: <CALhfc-U3GnzRXZyAhYd=iQU3+aDaEvX3mvihooW4EupbsfNt_A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative;
	boundary="_000_296CE25D70E04E798C85EE6AAA562EDEsricom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpikeLIzCtJLcpLzFFi42JpEBKfqesQpxBocG6qqUXnnr1sDoweGz8c
	ZwxgjOKySUnNySxLLdK3S+DKuHjoPGNBh3HF3UMn2RoYV+p0MXJySAiYSEzeu4gdwhaTuHBv
	PVsXIxeHkMBOJonG3UdZIZzdjBLT52xjBaliE5CXOLz9ATOILSJgKXFrwUeWLkYODmEBQ4nZ
	37NATBEBI4meO4Uw5r/VMSDFLAKqEv0nnjCC2LwCVhIvfjSBDRESCJBY/+AaO0g5p0CgxM/d
	HiBhRqBrvp9awwRiMwuIS9x6Mp8J4koBiSV7zjND2KISLx//Y4WoiZNYuectE8R4QYmTM5+w
	TGAUnoWkfRaSsllIyiDiOhILdn9ig7C1JZYtfM0MY5858JgJWXwBI/sqRpmkosz0jJLcxMwc
	XVh8mOgVF2XqJefnbmIEx0xI6w7GFXsMDzEKcDAq8fBelFAIFGJNLCuuzD3EKMHBrCTCu04M
	KMSbklhZlVqUH19UmpNafIhRmoNFSZz3mzm/v5BAemJJanZqakFqEUyWiYNTqoGxbVv3i5em
	3o1NZq7Hl0a8rN9c2GeZ+b2k/GXzffV1+87c2xo0+X/9urQlDsV6WsKmMS+6fL9emMnzsdVa
	9Lby1JM8kkE5Vp6Wz9y3HX63is8jISa4aknPNEcvNjtFtctFu8Q6/9p++dTHuCT1w8u6/Xmn
	GCeeLFORcvuvmOJkr8S58meTQaYSS3FGoqEWc1FxIgBf2tYIlQIAAA==
X-Virus-Checked: Checked by ClamAV on apache.org

--_000_296CE25D70E04E798C85EE6AAA562EDEsricom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I have a simple couchapp for managing user tokens and secrets here:
 https://github.com/LearningRegistry/LearningRegistry/blob/master/couchdb/a=
pps/kanso/oauth-key-management.json

Albeit it does use the BrowserID plugin for CouchDB.

It is specific to our use case however feel free to fork and modify.

There's also, in the same GH project some code the connects with Python via=
 2-legged OAuth.

Also, I have a Chrome Extension that does all the OAuth client stuff in JS:
https://github.com/jimklo/TheCollector

- Jim

Sent from my iPhone

On Feb 16, 2013, at 4:58 AM, "Mike Harding" <mikeyharding@gmail.com<mailto:=
mikeyharding@gmail.com>> wrote:

Hi All,

I'm using CouchDB 1.2.1 and I want to leverage 2-legged OAuth.

What I want to do is allow a external consumer application to create a
_users document (account) and provide the developer of the consumer app
with a consumer key and secret to protect requests.

I just cant for the life of me get my head around how I create a _user
document for the developer of the consumer application that includes the
allocated consumer key and secret and then can use the _users
authentication and authorization API to validate signed requests.

there is a bit of description here
http://wiki.apache.org/couchdb/Link_Collection_Authentication_and_Authoriza=
tionabout
the structure of the _user document for an oauth user but I dont see
any practicial examples (ideally in php) that show how I can use the
integrated OAuth to authenticate consumer app requests.

Any help would be much appreciated.

Thanks

M

--_000_296CE25D70E04E798C85EE6AAA562EDEsricom_--