From user-return-24549-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Fri May 17 16:39:24 2013 Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 71156D353 for ; Fri, 17 May 2013 16:39:24 +0000 (UTC) Received: (qmail 98130 invoked by uid 500); 17 May 2013 16:39:23 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 98092 invoked by uid 500); 17 May 2013 16:39:23 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 98084 invoked by uid 99); 17 May 2013 16:39:23 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 May 2013 16:39:23 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [128.18.84.133] (HELO brightmail-internal4.sri.com) (128.18.84.133) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 May 2013 16:39:14 +0000 X-AuditID: 80125485-b7fd16d00000648e-2e-51965d1b28fd Received: from exchange-hub03.SRI.COM (Unknown_Domain [128.18.87.20]) (using TLS with cipher AES128-SHA (AES128-SHA/128 bits)) (Client did not present a certificate) by brightmail-internal4.sri.com (SRI Internal SMTP Gateway) with SMTP id EC.53.25742.C1D56915; Fri, 17 May 2013 09:38:52 -0700 (PDT) Received: from EXCHANGE-DB08.SRI.COM ([fe80::a11e:7c21:6886:9a20]) by exchange-hub03.SRI.COM ([fe80::8c0e:cf22:fef8:cb20%15]) with mapi id 14.02.0298.004; Fri, 17 May 2013 09:38:50 -0700 From: Jim Klo To: "" Subject: Re: OAuth via _users db Thread-Topic: OAuth via _users db Thread-Index: AQHOUvFCk2HSEyN+3UewfYmd34zyhpkKA0IAgAAGOQA= Date: Fri, 17 May 2013 16:38:50 +0000 Message-ID: References: <004ADBB948A1467DBC9DAD64C2AD1268@gmail.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [192.12.16.226] Content-Type: multipart/signed; boundary="Apple-Mail=_015566EC-0478-434B-B6C8-4512FDEB9A00"; protocol="application/pkcs7-signature"; micalg=sha1 MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrMIsWRmVeSWpSXmKPExsXSIBQuoisTOy3Q4OcxPovOPXvZHBg9Nn44 zhjAGMVlk5Kak1mWWqRvl8CV8fxIG3NBT27F7kfnGRsYbyd1MXJwSAiYSHz+WtPFyAlkiklc uLeerYuRi0NIYAOTxKqTO6GcfYwS6y5fZAepYhOQlzi8/QEziC0iYClxa8FHFhBbWEBBouX8 b3aIuKJEz73TrBC2lcT2q6cZQWwWAVWJzZ3nwWxeoPiM80/B5ggJ1Etcvr8ELM4pECjRfHMG G4jNCHTR91NrmEBsZgFxiVtP5jNBXCoi8fDiaTYIW1Ti5eN/rBC2osS6pr/sIEczC0xhlLhx 8wk7xDJBiZMzn7BMYBSZhWTWLGR1s5DUQRQlSXSdXcMOYWtLLFv4mhnCNpB42vmKFVNcX+LN uzlMELapxOujHxkhbGuJGb8OskHYihJTuh+yL2DkXsUok1SUmZ5RkpuYmaMLi1ATveKiTL3k /NxNjOCoDWndwbhij+EhRgEORiUe3s+u0wKFWBPLiitzDzFKcDArifAe/zg1UIg3JbGyKrUo P76oNCe1+BCjNAeLkjjvN3N+fyGB9MSS1OzU1ILUIpgsEwenVAPj3Oyp6d7Bf7/wnje3Vzd3 SVd4zRKfumzNCcn7evxfHLg3OtQzi2a+ZHL07TRpEgjYY3OSK+X8tt4etfU3ZZJeKLXXeVWv ssubaMjwKOQSY0Qs/2o5m8WJkgy1B5ojTwqfOXHl1rYVtj3CYntXHQiYUmIme7u7meP+cq5s wb0PlJwyH7e7nFJiKc5INNRiLipOBAD4K70K1gIAAA== X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail=_015566EC-0478-434B-B6C8-4512FDEB9A00 Content-Type: multipart/alternative; boundary="Apple-Mail=_479BEF54-7CB2-48EF-A276-FCD4E10D453A" --Apple-Mail=_479BEF54-7CB2-48EF-A276-FCD4E10D453A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 We use it in the same manner=85 I'm not sure I understand the benefit = of using secrets stored in the ini file vs stored in the user document = in _users? We don't do 3-legged but do use it in conjunction with = BrowserID=85 We use BrowserID for developers to create an account and = generate the OAuth secrets to be used with our API and replication. = Effectively we are doing 2-legged OAuth. - JK Jim Klo Senior Software Engineer Center for Software Engineering SRI International t. @nsomnac On May 17, 2013, at 9:16 AM, Martin Higham wrote: > We use OAuth with our apps. The only part that is dynamic is the = creation > and sharing of the personal tokens. We dont need full 3 legged auth as = we > control the ecosystem and embed the pre-generated consumer keys in the = app. >=20 > There is no way that I know of to combine _user & .ini pairs and I'm = not > sure why you'd want to. >=20 > Martin >=20 >=20 > On 16 May 2013 23:21, Jan Krems wrote: >=20 >> Hi, >> I'm currently looking into exposing a couchapp to automated clients = and I >> would like to use OAuth so that the clients can cleanly operate in = the name >> of a given user. Do I see it correctly that there is still no support = for >> 3-legged OAuth? Is there a way to combine token/tokenSecret-pairs = from >> _users with configured consumer/consumerSecret-pairs from local.ini? = Is >> anyone really using OAuth with CouchDB and dynamic (run-time) = configuration? >>=20 >> -Jan >>=20 >>=20 --Apple-Mail=_479BEF54-7CB2-48EF-A276-FCD4E10D453A Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252 We = use it in the same manner=85  I'm not sure I understand the benefit = of using secrets stored in the ini file vs stored in the user document = in _users?  We don't do 3-legged but do use it in conjunction with = BrowserID=85 We use BrowserID for developers to create an account and = generate the OAuth secrets to be used with our API and replication. = Effectively we are doing 2-legged OAuth.

- = JK

Jim Klo
Senior Software Engineer
Center for Software Engineering
SRI = International
t. = @nsomnac

On May 17, 2013, at 9:16 AM, Martin Higham <martin@ocasta.co.uk>
=  wrote:

We use OAuth with our apps. The only part that is dynamic = is the creation
and sharing of the personal tokens. We dont need full = 3 legged auth as we
control the ecosystem and embed the pre-generated = consumer keys in the app.

There is no way that I know of to = combine _user & .ini pairs and I'm not
sure why you'd want = to.

Martin


On 16 May 2013 23:21, Jan Krems <jan.krems@gmail.com> = wrote:

Hi,
I'm currently looking = into exposing a couchapp to automated clients and I
would like to use = OAuth so that the clients can cleanly operate in the name
of a given = user. Do I see it correctly that there is still no support = for
3-legged OAuth? Is there a way to combine token/tokenSecret-pairs = from
_users with configured consumer/consumerSecret-pairs from = local.ini? Is
anyone really using OAuth with CouchDB and dynamic = (run-time) = configuration?

-Jan



=
= --Apple-Mail=_479BEF54-7CB2-48EF-A276-FCD4E10D453A-- --Apple-Mail=_015566EC-0478-434B-B6C8-4512FDEB9A00 Content-Disposition: attachment; filename="smime.p7s" Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ/zCCBO0w ggRWoAMCAQICEDJaYyWeLlo372z82sws71YwDQYJKoZIhvcNAQEFBQAwgdgxCzAJBgNVBAYTAlVT MRowGAYDVQQKExFTUkkgSW50ZXJuYXRpb25hbDEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0 d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9y cGEgKGMpMDIxMDAuBgNVBAsTJ0NsYXNzIDIgT25TaXRlIEluZGl2aWR1YWwgU3Vic2NyaWJlciBD QTEdMBsGA1UEAxMUU1JJIEludGVybmF0aW9uYWwgQ0EwHhcNMTIxMjIyMDAwMDAwWhcNMTMwNjIw MjM1OTU5WjCBwjEaMBgGA1UEChQRU1JJIEludGVybmF0aW9uYWwxKDAmBgNVBAsUH0luZm9ybWF0 aW9uIFRlY2hub2xvZ3kgU2VydmljZXMxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3Np dG9yeS9DUFMgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTkxEjAQBgNVBAMTCUphbWVzIEts bzEeMBwGCSqGSIb3DQEJARYPamltLmtsb0BzcmkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEArcAbsKPrj0OY8eP+7cwOoUFxQcaL/voNDjR7tLexnZxcS97AyPjJokX5B4ayC7Mh oqvbgdFXf74mZIwKtoMIpf3SDopp68M2sTbhII4weZzn1yYLnVB8p1dH3h2hZDS+AHDY3qAchch0 C5aGQ/ahgJDAhgEiJ/NCbyFAboIhrDsyRS3XxyIlegbrYh9JYRaWdgoxZ21cdJG2xDUPyv/cLVam XKexUqXFLIKH7KKFFwAmVBj6BhZsjjgbMlC1AF3yV2TppULrSS1tDQdHWh5dL+Mw+QXS1O49W0hZ 7V1xFEXvqVj8SdGOaCAphVIU6RPAg7AEiAMynx/sdF5UMZsJuQIDAQABo4IBRjCCAUIwCQYDVR0T BAIwADCBrAYDVR0gBIGkMIGhMIGeBgtghkgBhvhFAQcXAjCBjjAoBggrBgEFBQcCARYcaHR0cHM6 Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMC AQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcg VmVyaVNpZ24wCwYDVR0PBAQDAgWgMBEGCWCGSAGG+EIBAQQEAwIHgDBmBgNVHR8EXzBdMFugWaBX hlVodHRwOi8vb25zaXRlY3JsLnZlcmlzaWduLmNvbS9TUklJbnRlcm5hdGlvbmFsSW5mb3JtYXRp b25UZWNobm9sb2d5U2VydmljZXMvTGF0ZXN0Q1JMMA0GCSqGSIb3DQEBBQUAA4GBAMShtqQuVGbd YU5ZlqbBxf9ejMIfFgBIn7wubcTIyCAN2nIiDaAqmgS6eE8QiV6A2AchRz87CTQXDH+lkHaSgMiI MtW+n78v+kOLauCqau5iQ2vOwmBx+ypTVu1yV1JQ8GhwQl8hbHaKsVULtlBnPlbCMCgtf4XDBHOL CDLxEJN5MIIFCjCCBHOgAwIBAgIQFnwAoITZjkQu1m3KBG96NzANBgkqhkiG9w0BAQUFADCBwTEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQLEzNDbGFzcyAyIFB1 YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIxOjA4BgNVBAsTMShjKSAx OTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZl cmlTaWduIFRydXN0IE5ldHdvcmswHhcNMDIwOTIzMDAwMDAwWhcNMTMxMjMxMjM1OTU5WjCB2DEL MAkGA1UEBhMCVVMxGjAYBgNVBAoTEVNSSSBJbnRlcm5hdGlvbmFsMR8wHQYDVQQLExZWZXJpU2ln biBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVy aXNpZ24uY29tL3JwYSAoYykwMjEwMC4GA1UECxMnQ2xhc3MgMiBPblNpdGUgSW5kaXZpZHVhbCBT dWJzY3JpYmVyIENBMR0wGwYDVQQDExRTUkkgSW50ZXJuYXRpb25hbCBDQTCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEAzvnUwmuZmBSSAFVb0qoC0hhUL1a6f+AIHw5UpxW5oRTjsDtUzsCa+6Yg GvKUlisrnI/tPZFrupvHVNQjRj05fhHiABFinwlnCA7J80x3gZlBMwHrgoKYribJ1GTVmc1R0FmA B4KYzBeZjJZiNpqLEsEb0ORdzJYb2/UZazjL/fkCAwEAAaOCAegwggHkMBIGA1UdEwEB/wQIMAYB Af8CAQAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3 dy52ZXJpc2lnbi5jb20vcnBhMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24u Y29tL3BjYTItZzIuY3JsMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEw H6QdMBsxGTAXBgNVBAMTEFByaXZhdGVMYWJlbDItODIwHQYDVR0OBBYEFC1OfgnwbUVBEaxx2j87 9iZKf2RkMIHoBgNVHSMEgeAwgd2hgcekgcQwgcExCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJp U2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9u IEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBh dXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrghEAuS9g zIifoXpGCbhbcGyKrzANBgkqhkiG9w0BAQUFAAOBgQBocPsx9foGtLlCL8coGlfjYx8GhbDYbdQ3 8w0P/BIw4D49KhAocMcivLESZiV8YYYFFx+ozAPtg0j0knx+tcdeDvWmSefavP+aKlRhpAWk5Z+n c34jLXdw9/+6WveM/OQQbPbd8asD6BsLcFlRm68KZY8kk7SjlsP1S6rQBiCX8jGCBHswggR3AgEB MIHtMIHYMQswCQYDVQQGEwJVUzEaMBgGA1UEChMRU1JJIEludGVybmF0aW9uYWwxHzAdBgNVBAsT FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczov L3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTAyMTAwLgYDVQQLEydDbGFzcyAyIE9uU2l0ZSBJbmRp dmlkdWFsIFN1YnNjcmliZXIgQ0ExHTAbBgNVBAMTFFNSSSBJbnRlcm5hdGlvbmFsIENBAhAyWmMl ni5aN+9s/NrMLO9WMAkGBSsOAwIaBQCgggJiMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ KoZIhvcNAQkFMQ8XDTEzMDUxNzE2Mzg1MVowIwYJKoZIhvcNAQkEMRYEFAq97dTjF66lBtDfZqOk IbByVGsJMIH+BgkrBgEEAYI3EAQxgfAwge0wgdgxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFTUkkg SW50ZXJuYXRpb25hbDEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMy VGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDIxMDAuBgNV BAsTJ0NsYXNzIDIgT25TaXRlIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQTEdMBsGA1UEAxMUU1JJ IEludGVybmF0aW9uYWwgQ0ECEDJaYyWeLlo372z82sws71YwggEABgsqhkiG9w0BCRACCzGB8KCB 7TCB2DELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEVNSSSBJbnRlcm5hdGlvbmFsMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93 d3cudmVyaXNpZ24uY29tL3JwYSAoYykwMjEwMC4GA1UECxMnQ2xhc3MgMiBPblNpdGUgSW5kaXZp ZHVhbCBTdWJzY3JpYmVyIENBMR0wGwYDVQQDExRTUkkgSW50ZXJuYXRpb25hbCBDQQIQMlpjJZ4u WjfvbPzazCzvVjANBgkqhkiG9w0BAQEFAASCAQBlHUhuG8eUm7umL6Ol0endfKMfZX5PzL1EwaE5 J1yaxIlgDMb8FkaLlVONZdxlC2MK7o35Dw3lstZ2mbri+JXos6SV6g3L19o9PZMLQROgTV33mipl Fay9fHJDmkTvvO+R0sssES6HcAtEfR9A3cvOXe73Vr3G0Sx+3lT1ftNcpyQQ8V+8QVjQAYBMjeMg UNb91cBUV6sk4aqqkIGroXotyKiM+abggmpitcdYkuxX+rW1cHCR5hxuZYMoTKcu5Y8DkZFUVCM7 iBzHqIiRe5WdyX2vOsf6X0KsbJ8dyBkWiyLXf7h4Uk9ag5HSM2fleyzScQ5idKjSHnaHHPhpTsgH AAAAAAAA --Apple-Mail=_015566EC-0478-434B-B6C8-4512FDEB9A00--