Re: How does OAuth support, or custom headers, work in the replicator?

Mon, 21 May 2012 14:29:12 -0700 

I'm trying to figure this OAuth bit out too.

I'm a bit confused though by your statement Adam (and maybe I'm being a bit 
naive), but that doesn't quite jive with me.. 

is the resultant replicator doc something like this?

{
        "source": "widgets",
        "target": "https://www.example.com/couchdb/widgets";,
        "oauth": {
                "consumer_secret": "...",
                "consumer_key": "...",
                "token_secret": "...",
                "token": "....",
                "signature_method": "..."
        }
}

or is it?

{
        "source": "widgets",
        "target": {
                        "what field is this?": 
"https://www.example.com/couchdb/widgets";,
                        "auth": {
                                "oauth": {
                                        "consumer_secret": "...",
                                        "consumer_key": "...",
                                        "token_secret": "...",
                                        "token": "....",
                                        "signature_method": "..."
                                }
                        }
        }
}

If the latter is correct; what's the key name for specifying the url for the db?

if it's the former, is oauth only used on the 'remote' endpoint whether it's 
source or target?

or am I just way off base?

Thanks,

Jim Klo
Senior Software Engineer
Center for Software Engineering
SRI International

On May 18, 2012, at 6:05 PM, Adam Kocoloski wrote:

> On May 18, 2012, at 8:54 PM, Jens Alfke wrote:
> 
>> There's a small bit in the wiki* that hints at a replication JSON parameter 
>> to set custom headers. One of the examples of a _replicate request shows the 
>> body:
>> 
>>> {"source":{"url":"https://example.net:5984/db","headers":{"Authorization":"Basic
>>>  Ym9iQGV4YW1wbGUuY29tOnBhc3N3b3Jk"}}, "target":"local-db"}
>> 
>> There's no further explanation; could someone clarify whether the 'headers' 
>> property can be used to add arbitrary HTTP headers to the requests sent by 
>> the replicator?
> 
> Yepper, that's all there is to it.
> 
>> A few paragraphs later is the statement:
>> 
>>> Using a JSON hash (instead of a plain string) may also be used to specify 
>>> OAuth (by adding a "oauth" field to the hash).
>> 
>> I don't understand this at all ('oauth' isn't an HTTP header, so does this 
>> mean to add it as a top-level property in the _replicate body? Or somewhere 
>> else? And what should its contents be?
>> 
>> I'd like to know how OAuth is used to authenticate to CouchDB, but there's 
>> almost nothing about it in the wiki.
> 
> I had to read the code for this one.  It looks like e.g. source.auth.oauth 
> would be a JSON object with "consumer_secret", "consumer_key", 
> "token_secret", and "token" fields (and an optional "signature_method" 
> field).  The Authorization header would be computed by the replicator for 
> each request using this information.  I'm no OAuth expert, though.  Cheers,
> 
> Adam
> 
>> —Jens
>> 
>> * http://wiki.apache.org/couchdb/Replication
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to