CouchDB supports authorisation via OAuth signed requests but does not yet support full, 3-legged OAuth. In order to sign the request you will either have to hard code the OAuth token/secret into the client or find some other way to securely extract them.
On 11 February 2012 12:37, Stephan Uhle <stephan.u...@gmx.net> wrote: > Hey everybody, > > I'm trying to understand (and use) OAuth authentication with couchdb. The > documentation on this is missing... :( > Using google and the couchdb sources, I found out, that the couchdb oauth > authentication urls are: > > _oauth/request_token > _oauth/authorize > _oauth/access_token > > I have configured an oauth consumer and token like this: > > [oauth_consumer_secrets] > localhost = sekr1t > [oauth_token_secrets] > user1 = step > [oauth_token_users] > user1 = step > > So now, I want to obtain a request token by calling the > _oauth/request_token url: > > curl --header 'Authorization:OAuth > realm="",oauth_consumer_key="localhost",oauth_token="user1",oauth_version="1.0",oauth_timestamp="1328962239",oauth_nonce="J0S4c1",oauth_signature_method="HMAC-SHA1",oauth_signature="2Y9kL3K9Y9aRDD3MgLlNe3g4Q94%3D"' > http://localhost:5984/_oauth/request_token > > the response is: > > oauth_token=requestkey&oauth_token_secret=requestsecret > > Obviously, the request token is not being generated. > Does this mean, the oauth authentication is not yet (fully) implemented? > Or am I missing something important? > > Thanks, > Stephan
