The CouchDB OAuth implementation is a partial implementation that supports the OAuth signing of requests where the client has it's client credentials and knows the user's access token.
There are two _oauth special URLs _oauth/request_token and _oauth/authorize but I don't think these are fully implemented. I have only got calls to _oauth/request_token to return a valid response when signing the request with the client and access keys/secrets and the test cases do the same. There is nothing in place (or at least I haven't found it) to assist in key, token or secret creation or to support the full three-legged authentication where a user is required to authorise a client to authenticate on their behalf. Martin On 2 November 2010 01:34, Doug <[email protected]> wrote: Can anyone point me in the right direction to see an oauth example? > > I've seen this page: > http://wiki.apache.org/couchdb/Authentication_and_Authorization > > ...but that doesn't seem to be anything useful. > > Web oauth typically works like this: > > 1) Get a request token. > 2) Send the user to a login page and pass the request token. > 3) User gets redirected back to a separate url with an authorised request > token. > 4) Send the authorised request token in and get an access token. > > 5+) Send all requests signed by the access token. > > I've reviewed the code here: > https://issues.apache.org/jira/browse/COUCHDB-420 > > ...and it looks like it does actually check for validly signed requests, > but > I don't really get how to: > > 1) Get a request token. > > 2) Authorise it. > > 3) Get an access token. > > 4) Mark a request as signed via oauth. > > I might have misunderstood, but the example seems to assume that you > already > know what you access token is before you start and just skipped over steps > 1-3. > > Anyone actually managed to get this to work from a desktop / web app, > instead of just that one specific python example? > > ~ > Doug. >
