When is it appropriate for an authentication module to use the _users database (or whatever it is configured to be)?
I am investigating OpenID 2.0 support. A requirent is to store a nonce to protect against replay attacks. I am evaluating using a database to store the nonce. (Another option is an ets table but that has it's own issues.) The built-in design document IIRC rejects all non-user documents. So storing a nonce as a new document type would require changing that policy in an unclear way. Would it be better to create a whole new _openid database for the task? Suggestions welcome. Thanks! -- Jason Smith Couchio Hosting
