incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jens Alfke <>
Subject Re: How does OAuth support, or custom headers, work in the replicator?
Date Mon, 21 May 2012 16:49:41 GMT

On May 20, 2012, at 4:02 AM, Martin Higham wrote:

> - The fields in the replication structure are fine if you want CouchDB to
> replicate to CouchDB, but I think in your case you want to OAuth requests
> from a client to CouchDB so you will want to sign each request yourself.

Not quite: I'm implementing what is effectively a client-side CouchDB server*. It has its
own replicator, which may need to authenticate to the remote server it's replicating with.
I'm trying to implement OAuth for that. So it's actually a combination of the two — the
replicator obviously acts as a client to the remote server, but TouchDB implements most of
the CouchDB REST API for the local app to interact with, and that extends to the schema of
replication documents.

So I think my new question is: Given the fields "consumer_secret", "consumer_key", "token_secret",
"token" and "signature_method", how do I use them to sign a request? I'm an OAuth dummy but
fairly knowledgeable about security/crypto, so a link to the right spec or section thereof
would suffice :)


View raw message