couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <>
Subject Re: OAuth for authorization (not authentication)
Date Tue, 19 Jul 2011 09:20:34 GMT
Hi Camille,

The OAuth implementation in CouchDB is very limited (due
to constraints in the original development phase). The
implementation does not allow fine-grained token-based
access to specific contents of one or more databases
inside CouchDB, but only the authentication against a
CouchDB user in the CouchDB authentication layer. Once
a request is auth'd, there is no more OAuth machinery
inside CouchDB and you are left with CouchDB's security


On 19 Jul 2011, at 11:07, Camille Harang wrote:

> Hi again,
> Le 18/07/2011 15:44, Robert Newson a écrit :
>> As also noted on IRC, you are indeed wrong,
> I hope I am, I really tried to find the proper way to fully implement
> OAuth authorization layer (tokens, ad hoc grant access in time and
> scope: the very essence of OAuth) within the CouchDB intrinsic
> techniques and philosophy, but I keep failing.
>> you just don't like the
>> granularity
> I don't dislike or like it, but wherever I look it just appears to me
> that there is just not enough of it to match the requirements of a
> proper implementation of OAuth. But I believe being wrong, I'm sure I
> am, I want to use Couch, can anyone point me the right direction? Once I
> know it, I will like it.
> Thanks,
> Cheers,
> Camille.
>> of the operation you are authorized to perform after
>> successfully authenticating. :)
>> B.
> -- 
> The Good, the Bad and the Ugly under Creative Commons!

View raw message