[
https://issues.apache.org/jira/browse/COUCHDB-1504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14644370#comment-14644370
]
Alexander Shorin commented on COUCHDB-1504:
-------------------------------------------
/_session is used to initiate Cookie auth, discard Cookie auth and get
information about authenticated user. If you uses Basic or OAuth method, you
have no need to POST to this endpoint as both of them doesn't creates or
assumes to have some session token.
I'd like to close this as Won't fix. [~janl], [~rnewson] what would you say?
> POST to _session using OAuth yields 401
> ---------------------------------------
>
> Key: COUCHDB-1504
> URL: https://issues.apache.org/jira/browse/COUCHDB-1504
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Affects Versions: 1.2
> Environment: OS X 10.6.8, couchdb built via build-couchdb w/
> couchdb_browserid & geocouch plugins
> Reporter: Jim Klo
> Labels: oauth, session
>
> create a user that has OAuth consumer key, secret, token, and token secret
> fields:
> {
> "_id": "org.couchdb.user:[email protected]",
> "_rev": "2-c82b774940546d812f459df92c8e0e00",
> "type": "user",
> "name": "[email protected]",
> "roles": [
> "browserid"
> ],
> "salt": "3daafe56a143d8fa08ced7cccfdb2a70",
> "browserid": true,
> "oauth": {
> "consumer_keys": {
> "[email protected]": "XBE+cC2eUPxHMrd2CWQfEVZ/ELgHCQZg"
> },
> "tokens": {
> "node_sign_token": "iQ0Xm7FTAOokDNvlVPV352ac4Vtg5gSj"
> }
> }
> }
> create a valid oauth 1.0 form post with url encoded content:
> curl -H'Content-Type: application/x-www-form-urlencoded' -d
> 'oauth_consumer_key=jim.klo%40gmail.com&oauth_token=node_sign_token&oauth_version=1.0&oauth_timestamp=1340752816&oauth_nonce=dT2fqv&oauth_signature_method=HMAC-SHA1&oauth_signature=hNSttzb9jMdy%2FhmI2pYBQmmeouI%3D
> ' -k 'https://jim-klos-macbook-pro.local/_session'
> return is:
> {"error":"unauthorized","reason":"Name or password is incorrect."}
> log shows this:
> [Tue, 26 Jun 2012 23:20:19 GMT] [debug] [<0.15281.2>] 'POST' /_session {1,0}
> from "127.0.0.1"
> Headers: [{'Accept',"application/json"},
> {'Accept-Charset',"ISO-8859-1,utf-8;q=0.7,*;q=0.3"},
> {'Accept-Encoding',"gzip,deflate,sdch"},
> {'Accept-Language',"en-US,en;q=0.8"},
> {'Connection',"close"},
> {'Content-Length',"212"},
> {'Content-Type',"application/x-www-form-urlencoded"},
> {'Cookie',"AuthSession="},
> {'Host',"jim-klos-macbook-pro.local"},
> {"Origin","chrome-extension://iaekhlnnfliepcojnmcjmfnceejmkpbn"},
> {'User-Agent',"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8)
> AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5"},
> {'X-Forwarded-For',"127.0.0.1"},
> {"X-Forwarded-Ssl","on"},
> {"X-Real-Ip","127.0.0.1"}]
> [Tue, 26 Jun 2012 23:20:19 GMT] [debug] [<0.15281.2>] OAuth Params: []
> [Tue, 26 Jun 2012 23:20:19 GMT] [debug] [<0.15281.2>] Attempt Login:
> [Tue, 26 Jun 2012 23:20:19 GMT] [info] [<0.15281.2>] 127.0.0.1 - - POST
> /_session 401
> [Tue, 26 Jun 2012 23:20:19 GMT] [debug] [<0.15281.2>] httpd 401 error
> response:
> {"error":"unauthorized","reason":"Name or password is incorrect."}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
