Return-Path: 
 <user-return-10920-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org>
Delivered-To: apmail-couchdb-user-archive@www.apache.org
Received: (qmail 63073 invoked from network); 10 Jun 2010 14:18:08 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 10 Jun 2010 14:18:08 -0000
Received: (qmail 26713 invoked by uid 500); 10 Jun 2010 14:18:06 -0000
Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org
Received: (qmail 26684 invoked by uid 500); 10 Jun 2010 14:18:06 -0000
Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@couchdb.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@couchdb.apache.org>
List-Post: <mailto:user@couchdb.apache.org>
List-Id: <user.couchdb.apache.org>
Reply-To: user@couchdb.apache.org
Delivered-To: mailing list user@couchdb.apache.org
Received: (qmail 26676 invoked by uid 99); 10 Jun 2010 14:18:06 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jun 2010 14:18:06 +0000
X-ASF-Spam-Status: No, hits=2.2 required=10.0
	tests=FREEMAIL_FROM,HTML_MESSAGE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of martinh@gmail.com designates
 209.85.161.52 as permitted sender)
Received: from [209.85.161.52] (HELO mail-fx0-f52.google.com) (209.85.161.52)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jun 2010 14:17:59 +0000
Received: by fxm4 with SMTP id 4so1607745fxm.11
        for <user@couchdb.apache.org>; Thu, 10 Jun 2010 07:17:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:sender:received
         :in-reply-to:references:date:x-google-sender-auth:message-id:subject
         :from:to:content-type;
        bh=q6ayslt3nB2Y+u/R28cNLxJHK6DGm/iEVDzkDIG1aD4=;
        b=U/ZIpbDGMVhyvcAJyjO8HWda6nhIh04ktzEAtYAVyNPTs0uEgkWjJWrXDuBYo9PXMm
         3Rpdj/+cXAxJPzQE++tkyx49HZfFhg8udgozBG/wzTRz2dMSPNSENk8gP6mxVGg9lxob
         lqpdWtyoVeXjy0bVddRJNCcqX7Y8C0ixUKvoc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type;
        b=IVbwD+YmcXu5320Vj6MWyHXhYj3G/oVPiO04fbPr04AIHHJjQw9Xa+k80ITvaed7YW
         zdUmui4zVK3SFXXgsrjfLTUs2bZEpXrsH/2+k+XdBzsaJ/TLtRqEo9Gy3KwpqKJSV02R
         Y5+/BVTXOBQpZUKyW6ttURacjiG2sTX46qqX4=
MIME-Version: 1.0
Received: by 10.204.47.21 with SMTP id l21mr189090bkf.134.1276179458743; Thu,
	10 Jun 2010 07:17:38 -0700 (PDT)
Sender: martinh@gmail.com
Received: by 10.204.66.204 with HTTP; Thu, 10 Jun 2010 07:17:38 -0700 (PDT)
In-Reply-To: <4C10E630.5090902@hotornot.de>
References: <4C10E630.5090902@hotornot.de>
Date: Thu, 10 Jun 2010 15:17:38 +0100
X-Google-Sender-Auth: Gq0rHFl90LdQXPqBACdbzn8tUi4
Message-ID: <AANLkTimLk-SkZ4KqxU3IOifFYHkYsViXnLr6nhwp3UIF@mail.gmail.com>
Subject: Re: Authentication
From: Martin Higham <martin@ocasta.co.uk>
To: user@couchdb.apache.org
Content-Type: multipart/alternative; boundary=0016e6da7aef4ee5c30488adaf05
X-Virus-Checked: Checked by ClamAV on apache.org

--0016e6da7aef4ee5c30488adaf05
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

The best I found was
http://wiki.apache.org/couchdb/Authentication_and_Authorization but that's
not much to go on.

I've therefore spend a little time trying to understand what and how it
works. The oauth.ini file contains all the keys, tokens and secrets. Within
that there are three sections

[oauth_consumer_secrets]
defines the oauth_consumer key/secret pairs (client credentials) for any
oauth clients you want to allow to connect

[oauth_token_users]
Maps oauth access tokens to CouchDB usernames

[oauth_token_secrets]
Maps oauth access tokens to their respective secret.

Luckily in 0.11 all of these can be changed and set via the _config api. Tr=
y
from Futon to find the exact calls

If the client has its client credentials and a user's access token and
secret then using standard oauth libraries any request can be oauth signed
and authenticated (as the example in the wiki demonstrates)

There are two _oauth special URLs _oauth/request_token and _oauth/authorize
but I remain to be convinced that these work. I have only got calls
to _oauth/request_token to return a valid response when signing the request
with the client and access keys/secrets and the test cases do the same.

There is nothing in place (or at least I haven't found it) to assist in key=
,
token or secret creation or to support the full three-legged authentication
where a user is required to authorise a client to authenticate on their
behalf.

Martin





On 10 June 2010 14:18, Markus Wolf <m.wolf@hotornot.de> wrote:

> Hi,
>
> is there some documentation on how to configure the oauth in couchdb?
> We would like to create some kind of single sign on for our app which
> uses couchdb.
>
> Regards
> Markus
> --
> Markus Wolf
> Entwicklung
>
> FaceValue Media GmbH
> Max-Brauer-Allee 34
> 22765 Hamburg
> Fon: +49 (0) 40 1888899-73
> Fax: +49 (0) 40 1888899-873
> E-Mail: m.wolf@hotornot.de
>
> http://www.HOTorNOT.de - Europe's #1 rating site
> Sitz der Gesellschaft: Breslauer Strasse 39
> 65830 Kriftel
>
> Amtsgericht Frankfurt/M HRB 54159, UST-ID: DE 223646709
> Gesch=E4ftsf=FChrung: Frank B=F6hmer
>

--0016e6da7aef4ee5c30488adaf05--