Hi Jens, - CouchDB supports OAuth 1.0, not 2.0
- The fields in the replication structure are fine if you want CouchDB to replicate to CouchDB, but I think in your case you want to OAuth requests from a client to CouchDB so you will want to sign each request yourself. - We use the OAuthConsumer library to authenticate requests fromIOS to CouchDB. Our fork (https://github.com/ocastastudios/oauthconsumer) has a some bug fixes as the library creator doesn't seem to be maintaining it. - The CouchDB wiki contains the details on configuring OAuth on the server ( http://wiki.apache.org/couchdb/Link_Collection_Authentication_and_Authorization ) - CouchDB doesn't give you any way to get the tokens from the server to the client so this has to be application specific. Martin On 19 May 2012 19:59, Jens Alfke <j...@couchbase.com> wrote: > > On May 18, 2012, at 6:05 PM, Adam Kocoloski wrote: > > > I had to read the code for this one. It looks like e.g. > source.auth.oauth would be a JSON object with "consumer_secret", > "consumer_key", "token_secret", and "token" fields (and an optional > "signature_method" field). The Authorization header would be computed by > the replicator for each request using this information. > > Does anyone here know more about OAuth? I'm implementing the MAC > authorization scheme* that OAuth uses, but the parameters it takes don't > seem to match up with what's listed above. The parameters I need to compute > the Authorization header are {key, key identifier, issue time}. > > (This is for the purpose of implementing OAuth support in TouchDB, by the > way.) > > —Jens > > * http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-00 > >
