Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 98710 invoked from network); 2 Nov 2010 01:34:35 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 2 Nov 2010 01:34:35 -0000 Received: (qmail 41633 invoked by uid 500); 2 Nov 2010 01:35:05 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 41591 invoked by uid 500); 2 Nov 2010 01:35:05 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 41583 invoked by uid 99); 2 Nov 2010 01:35:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Nov 2010 01:35:05 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of douglas.linder@gmail.com designates 209.85.161.52 as permitted sender) Received: from [209.85.161.52] (HELO mail-fx0-f52.google.com) (209.85.161.52) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Nov 2010 01:34:59 +0000 Received: by fxm12 with SMTP id 12so5334449fxm.11 for ; Mon, 01 Nov 2010 18:34:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=zpPM8TNXqoO1RWafaOJIAtvjSO44tninFXeXTJQI4cE=; b=jvNX/XO+ja2AKrnb5+SNlTTOfroVPi4Wn2sVPI54swVfwUz9fvIXk12F0B3cqxj8gn JKsU0t+HBkEDj4emefj6EhVq56efTReNukoTlJpmbiY4W2JlWGkKM/U0/tBmV+sKDw4O VGQffjB01VxqDWZG8FrPFCz0sVBTl9w8j8Qfg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=WdP9bOvetPbnyKoW7viD7TqKEdEyHJs3uMe12SeDnf76sLgvQPOEy/c3opk7uHyB4C VxxtjpDetMsqefzmySrhDYwH16SYxI15aSsfxv0OKdximk+o2Q9tE7IriUR0z78GonLe Q4IpDIp7noEnMY9N0r4bC8clbgB+U/Qq5ROP0= MIME-Version: 1.0 Received: by 10.223.104.198 with SMTP id q6mr9799756fao.13.1288661675423; Mon, 01 Nov 2010 18:34:35 -0700 (PDT) Received: by 10.223.102.75 with HTTP; Mon, 1 Nov 2010 18:34:35 -0700 (PDT) Date: Tue, 2 Nov 2010 09:34:35 +0800 Message-ID: Subject: OAuth example From: Doug To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=001636c5b5a26638dd049407ed8b --001636c5b5a26638dd049407ed8b Content-Type: text/plain; charset=UTF-8 Can anyone point me in the right direction to see an oauth example? I've seen this page: http://wiki.apache.org/couchdb/Authentication_and_Authorization ...but that doesn't seem to be anything useful. Web oauth typically works like this: 1) Get a request token. 2) Send the user to a login page and pass the request token. 3) User gets redirected back to a separate url with an authorised request token. 4) Send the authorised request token in and get an access token. 5+) Send all requests signed by the access token. I've reviewed the code here: https://issues.apache.org/jira/browse/COUCHDB-420 ...and it looks like it does actually check for validly signed requests, but I don't really get how to: 1) Get a request token. 2) Authorise it. 3) Get an access token. 4) Mark a request as signed via oauth. I might have misunderstood, but the example seems to assume that you already know what you access token is before you start and just skipped over steps 1-3. Anyone actually managed to get this to work from a desktop / web app, instead of just that one specific python example? ~ Doug. --001636c5b5a26638dd049407ed8b--