incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Higham <mar...@ocasta.co.uk>
Subject Re: OAuth request_token
Date Mon, 13 Feb 2012 08:51:52 GMT
CouchDB supports authorisation via OAuth signed requests but does not yet
support full, 3-legged OAuth. In order to sign the request you will either
have to hard code the OAuth token/secret into the client or find some other
way to securely extract them.



On 11 February 2012 12:37, Stephan Uhle <stephan.uhle@gmx.net> wrote:

> Hey everybody,
>
> I'm trying to understand (and use) OAuth authentication with couchdb. The
> documentation on this is missing... :(
> Using google and the couchdb sources, I found out, that the couchdb oauth
> authentication urls are:
>
> _oauth/request_token
> _oauth/authorize
> _oauth/access_token
>
> I have configured an oauth consumer and token like this:
>
> [oauth_consumer_secrets]
> localhost = sekr1t
> [oauth_token_secrets]
> user1 = step
> [oauth_token_users]
> user1 = step
>
> So now, I want to obtain a request token by calling the
> _oauth/request_token url:
>
> curl --header 'Authorization:OAuth
> realm="",oauth_consumer_key="localhost",oauth_token="user1",oauth_version="1.0",oauth_timestamp="1328962239",oauth_nonce="J0S4c1",oauth_signature_method="HMAC-SHA1",oauth_signature="2Y9kL3K9Y9aRDD3MgLlNe3g4Q94%3D"'
> http://localhost:5984/_oauth/request_token
>
> the response is:
>
> oauth_token=requestkey&oauth_token_secret=requestsecret
>
> Obviously, the request token is not being generated.
> Does this mean, the oauth authentication is not yet (fully) implemented?
> Or am I missing something important?
>
> Thanks,
> Stephan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message