incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Higham <mar...@ocasta.co.uk>
Subject Re: Authentication
Date Thu, 10 Jun 2010 14:17:38 GMT
The best I found was
http://wiki.apache.org/couchdb/Authentication_and_Authorization but that's
not much to go on.

I've therefore spend a little time trying to understand what and how it
works. The oauth.ini file contains all the keys, tokens and secrets. Within
that there are three sections

[oauth_consumer_secrets]
defines the oauth_consumer key/secret pairs (client credentials) for any
oauth clients you want to allow to connect

[oauth_token_users]
Maps oauth access tokens to CouchDB usernames

[oauth_token_secrets]
Maps oauth access tokens to their respective secret.

Luckily in 0.11 all of these can be changed and set via the _config api. Try
from Futon to find the exact calls

If the client has its client credentials and a user's access token and
secret then using standard oauth libraries any request can be oauth signed
and authenticated (as the example in the wiki demonstrates)

There are two _oauth special URLs _oauth/request_token and _oauth/authorize
but I remain to be convinced that these work. I have only got calls
to _oauth/request_token to return a valid response when signing the request
with the client and access keys/secrets and the test cases do the same.

There is nothing in place (or at least I haven't found it) to assist in key,
token or secret creation or to support the full three-legged authentication
where a user is required to authorise a client to authenticate on their
behalf.

Martin





On 10 June 2010 14:18, Markus Wolf <m.wolf@hotornot.de> wrote:

> Hi,
>
> is there some documentation on how to configure the oauth in couchdb?
> We would like to create some kind of single sign on for our app which
> uses couchdb.
>
> Regards
> Markus
> --
> Markus Wolf
> Entwicklung
>
> FaceValue Media GmbH
> Max-Brauer-Allee 34
> 22765 Hamburg
> Fon: +49 (0) 40 1888899-73
> Fax: +49 (0) 40 1888899-873
> E-Mail: m.wolf@hotornot.de
>
> http://www.HOTorNOT.de - Europe's #1 rating site
> Sitz der Gesellschaft: Breslauer Strasse 39
> 65830 Kriftel
>
> Amtsgericht Frankfurt/M HRB 54159, UST-ID: DE 223646709
> Geschäftsführung: Frank Böhmer
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message