Hi Camille, The OAuth implementation in CouchDB is very limited (due to constraints in the original development phase). The implementation does not allow fine-grained token-based access to specific contents of one or more databases inside CouchDB, but only the authentication against a CouchDB user in the CouchDB authentication layer. Once a request is auth'd, there is no more OAuth machinery inside CouchDB and you are left with CouchDB's security mechanics:
http://wiki.apache.org/couchdb/Security_Features_Overview http://blog.couchbase.com/whats-new-in-couchdb-1-0-part-4-securityn-stuff Cheers Jan -- On 19 Jul 2011, at 11:07, Camille Harang wrote: > Hi again, > > Le 18/07/2011 15:44, Robert Newson a écrit : >> As also noted on IRC, you are indeed wrong, > > I hope I am, I really tried to find the proper way to fully implement > OAuth authorization layer (tokens, ad hoc grant access in time and > scope: the very essence of OAuth) within the CouchDB intrinsic > techniques and philosophy, but I keep failing. > >> you just don't like the >> granularity > > I don't dislike or like it, but wherever I look it just appears to me > that there is just not enough of it to match the requirements of a > proper implementation of OAuth. But I believe being wrong, I'm sure I > am, I want to use Couch, can anyone point me the right direction? Once I > know it, I will like it. > > Thanks, > > Cheers, > > Camille. > > >> of the operation you are authorized to perform after >> successfully authenticating. :) >> >> B. > > -- > The Good, the Bad and the Ugly under Creative Commons! > https://yooook.net/r/lp1 >
