You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by Apache Wiki <wi...@apache.org> on 2009/07/28 13:40:29 UTC

[Couchdb Wiki] Update of "Authentication and Authorization" by Eric Casteleijn

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The following page has been changed by Eric Casteleijn:
http://wiki.apache.org/couchdb/Authentication_and_Authorization

The comment on the change is:
Added example of OAuth authentication.

------------------------------------------------------------------------------
  couch_http to accept a list of authentication handlers instead of a single
  authentication handler.
  
+ Steps to get OAuth authentication working (with the patch installed):
+ 
+  1. in default.d create a file oauth.ini, with contents:
+   
+   {{{ 
+ [oauth_consumer_secrets]
+ example.com = sekr1t
+ [oauth_token_secrets]
+ user1 = tokensekr1t
+ [oauth_token_users]
+ user1 = admin_user
+ }}}
+ 
+  1. In Couchdb, create a user document in _users with username = "admin_user", and add the "_admin" role to its "roles" list.
+  1. In default.ini, change the authentication_handlers line to:
+   {{{
+ authentication_handlers = {couch_httpd_oauth, oauth_authentication_handler}
+ }}}
+  1. Install Leah Culver's version of the python oauth library: http://github.com/leah/python-oauth/tree/master
+  1. Run the following command from the command line (should be one long line):
+   {{{
+ python -c "URL='http://127.0.0.1:5984/_session';KEY='example.com';TOKEN='user1';SECRET='tokensekr1t';import oauth,httplib;consumer=oauth.OAuthConsumer(KEY,'sekr1t');token=oauth.OAuthToken(TOKEN,SECRET);rq=oauth.OAuthRequest.from_consumer_and_token(consumer,token=token,http_method='GET',http_url=URL,parameters={});rq.sign_request(oauth.OAuthSignatureMethod_HMAC_SHA1(),consumer,token); con=httplib.HTTPConnection('localhost:5984'); con.request('GET',URL,headers=rq.to_header()); print con.getresponse().read()"
+ }}}
+ 
+ If all is well, you should see this response:
+  {{{
+ {"ok":true,"name":"admin_user","roles":["_admin"]}
+ }}}
  
  == Authorization use cases ==