We use it in the same manner…  I'm not sure I understand the benefit of using secrets stored in the ini file vs stored in the user document in _users?  We don't do 3-legged but do use it in conjunction with BrowserID… We use BrowserID for developers to create an account and generate the OAuth secrets to be used with our API and replication. Effectively we are doing 2-legged OAuth.

- JK

Jim Klo
Senior Software Engineer
Center for Software Engineering
SRI International
t. @nsomnac

On May 17, 2013, at 9:16 AM, Martin Higham <martin@ocasta.co.uk>

We use OAuth with our apps. The only part that is dynamic is the creation
and sharing of the personal tokens. We dont need full 3 legged auth as we
control the ecosystem and embed the pre-generated consumer keys in the app.

There is no way that I know of to combine _user & .ini pairs and I'm not
sure why you'd want to.


On 16 May 2013 23:21, Jan Krems <jan.krems@gmail.com> wrote:

I'm currently looking into exposing a couchapp to automated clients and I
would like to use OAuth so that the clients can cleanly operate in the name
of a given user. Do I see it correctly that there is still no support for
3-legged OAuth? Is there a way to combine token/tokenSecret-pairs from
_users with configured consumer/consumerSecret-pairs from local.ini? Is
anyone really using OAuth with CouchDB and dynamic (run-time) configuration?