On Jul 7, 2010, at 12:01 AM, Jason Smith wrote: > When is it appropriate for an authentication module to use the _users > database (or whatever it is configured to be)? > > I am investigating OpenID 2.0 support. A requirent is to store a nonce > to protect against replay attacks. I am evaluating using a database to > store the nonce. (Another option is an ets table but that has it's own > issues.) > > The built-in design document IIRC rejects all non-user documents. So > storing a nonce as a new document type would require changing that > policy in an unclear way.
Does it make sense to add the nonce to the existing user document? That will allow a single lookup instead of multiple lookups. > > Would it be better to create a whole new _openid database for the task? > > Suggestions welcome. Thanks! > > -- > Jason Smith > Couchio Hosting
