[jira] [Commented] (COUCHDB-1825) Add support for 3-legged OAuth

[Pauli Price (JIRA)]

    [ 
https://issues.apache.org/jira/browse/COUCHDB-1825?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13679792#comment-13679792
 ] 

Pauli Price commented on COUCHDB-1825:
--------------------------------------

This illustrates the expected use case: http://stackoverflow.com/a/17020335

Substitute CouchDB for his java backend, and it's the same thing. Excerpted:

"... My stack is java in the backend exposing a REST api for both autentication 
and business logic. The client is a backbone.js application. I explicitely 
decided NOT to use sessions at all. It is completely stateless. This of course 
means that the user must be re-authenticated at every request.

When the user logs in through a slightly modified OAuth endpoint, it gets a 
token that must be passed at every request. Cookie works in this case as they 
are handled automatically by the browser. If not passed as cookie, the backend 
expect it as a parameter. The frontend communicates using the REST endpoints. 
It's a single-page application, full client side, this means that the backend 
serves a page that is basically empty, that include few JS files that are the 
application itself. No other pageload occurs. Logout is done by simply deleting 
the cookie or not sending the authToken, the server cannot and doesn't have to 
"forget" about the user. Token are nice as they can be invalidated, both 
expilcitely or by changing the password. I've chosen this approach as it made 
it easy to develop desktop app and browser plugin for my webapp without 
touching a single line of backend code."

                
> Add support for 3-legged OAuth
> ------------------------------
>
>                 Key: COUCHDB-1825
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1825
>             Project: CouchDB
>          Issue Type: New Feature
>            Reporter: Pauli Price
>
> see: 
> https://github.com/apache/couchdb/blob/master/share/www/script/test/oauth_users_db.js
>  - line 100
> See related tickets:
> https://issues.apache.org/jira/browse/COUCHDB-420 - OAuth authentication 
> support (2-legged initially) and cookie-based authentication
> https://issues.apache.org/jira/browse/COUCHDB-438 - Add per database (OAuth) 
> authentication to couchdb
> https://issues.apache.org/jira/browse/COUCHDB-1238 - CouchDB uses _users db 
> for storing oauth credentials

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira