On Wed, Jul 7, 2010 at 9:01 AM, Jason Smith <j...@couch.io> wrote: > When is it appropriate for an authentication module to use the _users > database (or whatever it is configured to be)? > > I am investigating OpenID 2.0 support. A requirent is to store a nonce > to protect against replay attacks. I am evaluating using a database to > store the nonce. (Another option is an ets table but that has it's own > issues.) > > The built-in design document IIRC rejects all non-user documents. So > storing a nonce as a new document type would require changing that > policy in an unclear way. > > Would it be better to create a whole new _openid database for the task? > > Suggestions welcome. Thanks! > > -- > Jason Smith > Couchio Hosting >
You don't need to store the nonce per user, just need to make sure it's unique, if I remember. Why not storing it in another db ? - benoit
