When is it appropriate for an authentication module to use the _users
database (or whatever it is configured to be)?
I am investigating OpenID 2.0 support. A requirent is to store a nonce
to protect against replay attacks. I am evaluating using a database to
store the nonce. (Another option is an ets table but that has it's own
issues.)
The built-in design document IIRC rejects all non-user documents. So
storing a nonce as a new document type would require changing that
policy in an unclear way.
Would it be better to create a whole new _openid database for the task?
Suggestions welcome. Thanks!
--
Jason Smith
Couchio Hosting
|