summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVivien Kraus <vivien@planete-kraus.eu>2020-12-06 19:43:34 +0100
committerVivien Kraus <vivien@planete-kraus.eu>2021-06-05 16:59:09 +0200
commit96e285ade425b3113333bb4becb04f6799c14d2c (patch)
tree739da41d3ce62c033fae4bef93fd958c05f050c5
parente8203adba5685123457e2333940b16f4a753ba3d (diff)
Implement Solid oidc provider confirmation
Diffstat
-rw-r--r--doc/webid-oidc.texi5
-rw-r--r--po/fr.po239
-rw-r--r--po/webid-oidc.pot235
-rw-r--r--src/scm/webid-oidc/Makefile.am6
-rw-r--r--src/scm/webid-oidc/errors.scm13
-rw-r--r--src/scm/webid-oidc/provider-confirmation.scm70
-rw-r--r--tests/Makefile.am3
-rw-r--r--tests/provider-confirmation.scm40
8 files changed, 374 insertions, 237 deletions
diff --git a/doc/webid-oidc.texi b/doc/webid-oidc.texi
index edea16d..850e2be 100644
--- a/doc/webid-oidc.texi
+++ b/doc/webid-oidc.texi
@@ -826,6 +826,11 @@ The token request forgot to put an authorization code.
The token request forgot to put a refresh token with the request.
@end deftp
+@deftp {exception type} &unconfirmed-provider @var{subject} @var{provider}
+@var{provider} is not confirmed by @var{subject} as an identity
+provider.
+@end deftp
+
@node GNU Free Documentation License
@appendix GNU Free Documentation License
diff --git a/po/fr.po b/po/fr.po
index 561e910..d1b20d9 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -126,101 +126,101 @@ msgstr "Utilisation : generate-random [NOMBRE D'OCTETS]\n"
msgid "Usage: generate-key [NUMBER OF BITS | CURVE]\n"
msgstr "Utilisation : generate-key [NOMBRE DE BITS | COURBE]\n"
-#: src/scm/webid-oidc/errors.scm:829
+#: src/scm/webid-oidc/errors.scm:839
msgid "that’s how it is"
msgstr "c’est comme ça"
-#: src/scm/webid-oidc/errors.scm:834
+#: src/scm/webid-oidc/errors.scm:844
#, scheme-format
msgid "the value ~s is not a base64 string (because ~a)"
msgstr "la valeur ~s n’est pas une chaîne base64 (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:837
+#: src/scm/webid-oidc/errors.scm:847
#, scheme-format
msgid "the value ~s is not JSON (because ~a)"
msgstr "la valeur ~s n’est pas du JSON (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:840
+#: src/scm/webid-oidc/errors.scm:850
#, scheme-format
msgid "the value ~s is not Turtle (because ~a)"
msgstr "la valeur ~s n’est pas du Turtle (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:843
+#: src/scm/webid-oidc/errors.scm:853
#, scheme-format
msgid "the value ~s does not identify an elleptic curve"
msgstr "la valeur ~s n’identifie pas une courbe elliptique"
-#: src/scm/webid-oidc/errors.scm:848
+#: src/scm/webid-oidc/errors.scm:858
#, scheme-format
msgid "the value ~s does not identify a JWK (because ~a)"
msgstr "la valeur ~s n’identifie pas une JWK (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:850
+#: src/scm/webid-oidc/errors.scm:860
#, scheme-format
msgid "the value ~s does not identify a JWK"
msgstr "la valeur ~s n’identifie pas une JWK"
-#: src/scm/webid-oidc/errors.scm:855
+#: src/scm/webid-oidc/errors.scm:865
#, scheme-format
msgid "the value ~s does not identify a public JWK (because ~a)"
msgstr "la valeur ~s n’identifie pas une JWK publique (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:857
+#: src/scm/webid-oidc/errors.scm:867
#, scheme-format
msgid "the value ~s does not identify a public JWK"
msgstr "la valeur ~s n’identifie pas une JWK publique"
-#: src/scm/webid-oidc/errors.scm:862
+#: src/scm/webid-oidc/errors.scm:872
#, scheme-format
msgid "the value ~s does not identify a private JWK (because ~a)"
msgstr "la valeur ~s n’identifie pas une JWK privée (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:864
+#: src/scm/webid-oidc/errors.scm:874
#, scheme-format
msgid "the value ~s does not identify a private JWK"
msgstr "la valeur ~s n’identifie pas une JWK privée"
-#: src/scm/webid-oidc/errors.scm:869
+#: src/scm/webid-oidc/errors.scm:879
#, scheme-format
msgid "the value ~s does not identify a JWKS (because ~a)"
msgstr "la valeur ~s n’identifie pas un JWKS (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:871
+#: src/scm/webid-oidc/errors.scm:881
#, scheme-format
msgid "the value ~s does not identify a JWKS"
msgstr "la valeur ~s n’identifie pas un JWKS"
-#: src/scm/webid-oidc/errors.scm:874
+#: src/scm/webid-oidc/errors.scm:884
#, scheme-format
msgid "the value ~s does not identify a hash algorithm"
msgstr "la valeur ~s n’identifie pas un algorithme de hachage"
-#: src/scm/webid-oidc/errors.scm:877
+#: src/scm/webid-oidc/errors.scm:887
#, scheme-format
msgid "the value ~s is not an alist or misses key ~s"
msgstr "la valeur ~s n’est pas une alist ou il manque la clé ~s"
-#: src/scm/webid-oidc/errors.scm:880
+#: src/scm/webid-oidc/errors.scm:890
#, scheme-format
msgid "the value ~s is not a JWS header (because ~a)"
msgstr "la valeur ~s n’est pas un header JWS (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:883
+#: src/scm/webid-oidc/errors.scm:893
#, scheme-format
msgid "the value ~s is not a JWS payload (because ~a)"
msgstr "la valeur ~s n’est pas un contenu JWS (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:886
+#: src/scm/webid-oidc/errors.scm:896
#, scheme-format
msgid "the value ~s is not a JWS (because ~a)"
msgstr "la valeur ~s n’est pas un JWS (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:889
+#: src/scm/webid-oidc/errors.scm:899
#, scheme-format
msgid "the string ~s cannot be split in 3 parts with ~s"
msgstr "la chaîne ~s ne peut pas être découpée en 3 parties avec ~s"
-#: src/scm/webid-oidc/errors.scm:892
+#: src/scm/webid-oidc/errors.scm:902
#, scheme-format
msgid ""
"all key candidates failed to verify signature ~s with algorithm ~s and "
@@ -229,17 +229,17 @@ msgstr ""
"aucune clé candidate n’a pu vérifier la signature ~s avec l’algorithme ~s et "
"le contenu ~a (il y en avait ~a : ~s)"
-#: src/scm/webid-oidc/errors.scm:895
+#: src/scm/webid-oidc/errors.scm:905
#, scheme-format
msgid "I cannot decode JWS ~a (because ~a)"
msgstr "je n’ai pas pu décoder le JWS encodé par ~a (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:898
+#: src/scm/webid-oidc/errors.scm:908
#, scheme-format
msgid "I cannot encode JWS ~a (because ~a)"
msgstr "je n’ai pas pu encoder le JWS ~a (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:901
+#: src/scm/webid-oidc/errors.scm:911
#, scheme-format
msgid ""
"the server request unexpectedly failed with code ~a and reason phrase ~s"
@@ -247,338 +247,338 @@ msgstr ""
"la requête au serveur a échoué de façon inattendue avec un code ~a et une "
"raison ~s"
-#: src/scm/webid-oidc/errors.scm:906
+#: src/scm/webid-oidc/errors.scm:916
#, scheme-format
msgid "the header ~a should not have the value ~s"
msgstr "l’en-tête ~a ne devrait pas avoir la valeur ~s"
-#: src/scm/webid-oidc/errors.scm:908
+#: src/scm/webid-oidc/errors.scm:918
#, scheme-format
msgid "the header ~a should be present"
msgstr "l’en-tête ~a devrait être présent"
-#: src/scm/webid-oidc/errors.scm:911
+#: src/scm/webid-oidc/errors.scm:921
#, scheme-format
msgid "the server response wasn't expected: ~s (because ~a)"
msgstr "la réponse du serveur est inattendue : ~s (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:917
+#: src/scm/webid-oidc/errors.scm:927
#, scheme-format
msgid "the value ~s is not an OIDC configuration (because ~a)"
msgstr "la valeur ~s n’est pas une configuration OIDC (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:922
+#: src/scm/webid-oidc/errors.scm:932
#, scheme-format
msgid "the webid field is incorrect: ~s"
msgstr "le champ webid est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:923
+#: src/scm/webid-oidc/errors.scm:933
msgid "the webid field is missing"
msgstr "le champ webid est manquant"
-#: src/scm/webid-oidc/errors.scm:927
+#: src/scm/webid-oidc/errors.scm:937
#, scheme-format
msgid "the sub field is incorrect: ~s"
msgstr "le champ sub est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:928
+#: src/scm/webid-oidc/errors.scm:938
msgid "the sub field is missing"
msgstr "le champ sub est manquant"
-#: src/scm/webid-oidc/errors.scm:932
+#: src/scm/webid-oidc/errors.scm:942
#, scheme-format
msgid "the iss field is incorrect: ~s"
msgstr "le champ iss est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:933
+#: src/scm/webid-oidc/errors.scm:943
msgid "the iss field is missing"
msgstr "le champ iss est manquant"
-#: src/scm/webid-oidc/errors.scm:937
+#: src/scm/webid-oidc/errors.scm:947
#, scheme-format
msgid "the aud field is incorrect: ~s"
msgstr "le champ aud est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:938
+#: src/scm/webid-oidc/errors.scm:948
msgid "the aud field is missing"
msgstr "le champ aud est manquant"
-#: src/scm/webid-oidc/errors.scm:942
+#: src/scm/webid-oidc/errors.scm:952
#, scheme-format
msgid "the iat field is incorrect: ~s"
msgstr "le champ iat est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:943
+#: src/scm/webid-oidc/errors.scm:953
msgid "the iat field is missing"
msgstr "le champ iat est manquant"
-#: src/scm/webid-oidc/errors.scm:947
+#: src/scm/webid-oidc/errors.scm:957
#, scheme-format
msgid "the exp field is incorrect: ~s"
msgstr "le champ exp est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:948
+#: src/scm/webid-oidc/errors.scm:958
msgid "the exp field is missing"
msgstr "le champ exp est manquant"
-#: src/scm/webid-oidc/errors.scm:952
+#: src/scm/webid-oidc/errors.scm:962
#, scheme-format
msgid "the cnf/jkt field is incorrect: ~s"
msgstr "le champ cnf/jkt est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:953
+#: src/scm/webid-oidc/errors.scm:963
msgid "the cnf/jkt field is missing"
msgstr "le champ cnf/jkt est manquant"
-#: src/scm/webid-oidc/errors.scm:957
+#: src/scm/webid-oidc/errors.scm:967
#, scheme-format
msgid "the client-id field is incorrect: ~s"
msgstr "le champ client-id est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:958
+#: src/scm/webid-oidc/errors.scm:968
msgid "the client-id field is missing"
msgstr "le champ client-id est manquant"
-#: src/scm/webid-oidc/errors.scm:962
+#: src/scm/webid-oidc/errors.scm:972
#: src/scm/webid-oidc/authorization-page-unsafe.scm:133
#, scheme-format
msgid "the redirect_uris field is incorrect: ~s"
msgstr "le champ redirect_uris est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:963
+#: src/scm/webid-oidc/errors.scm:973
#: src/scm/webid-oidc/authorization-page-unsafe.scm:134
msgid "the redirect_uris field is missing"
msgstr "le champ redirect_uris est manquant"
-#: src/scm/webid-oidc/errors.scm:967
+#: src/scm/webid-oidc/errors.scm:977
#, scheme-format
msgid "the typ field is incorrect: ~s"
msgstr "le champ typ est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:968
+#: src/scm/webid-oidc/errors.scm:978
msgid "the typ field is missing"
msgstr "le champ typ est manquant"
-#: src/scm/webid-oidc/errors.scm:972
+#: src/scm/webid-oidc/errors.scm:982
#, scheme-format
msgid "the jwk field is incorrect: ~s (because ~a)"
msgstr "le champ jwk est incorrect : ~s (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:974
+#: src/scm/webid-oidc/errors.scm:984
msgid "the jwk field is missing"
msgstr "le champ jwk est manquant"
-#: src/scm/webid-oidc/errors.scm:978
+#: src/scm/webid-oidc/errors.scm:988
#, scheme-format
msgid "the jti field is incorrect: ~s"
msgstr "le champ jti est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:979
+#: src/scm/webid-oidc/errors.scm:989
msgid "the jti field is missing"
msgstr "le champ jti est manquant"
-#: src/scm/webid-oidc/errors.scm:983
+#: src/scm/webid-oidc/errors.scm:993
#, scheme-format
msgid "the nonce field is incorrect: ~s"
msgstr "le champ nonce est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:984
+#: src/scm/webid-oidc/errors.scm:994
msgid "the nonce field is missing"
msgstr "le champ nonce est manquant"
-#: src/scm/webid-oidc/errors.scm:988
+#: src/scm/webid-oidc/errors.scm:998
#, scheme-format
msgid "the htm field is incorrect: ~s"
msgstr "le champ htm est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:989
+#: src/scm/webid-oidc/errors.scm:999
msgid "the htm field is missing"
msgstr "le champ htm est manquant"
-#: src/scm/webid-oidc/errors.scm:993
+#: src/scm/webid-oidc/errors.scm:1003
#, scheme-format
msgid "the htu field is incorrect: ~s"
msgstr "le champ htu est incorrect : ~s"
-#: src/scm/webid-oidc/errors.scm:994
+#: src/scm/webid-oidc/errors.scm:1004
msgid "the htu field is missing"
msgstr "le champ htu est manquant"
-#: src/scm/webid-oidc/errors.scm:996
+#: src/scm/webid-oidc/errors.scm:1006
#, scheme-format
msgid "~s is not an access token (because ~a)"
msgstr "~s n’est pas un jeton d’accès (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:999
+#: src/scm/webid-oidc/errors.scm:1009
#, scheme-format
msgid "~s is not an access token header (because ~a)"
msgstr "~s n’est pas un en-tête de jeton d’accès (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1002
+#: src/scm/webid-oidc/errors.scm:1012
#, scheme-format
msgid "~s is not an access token payload (because ~a)"
msgstr "~s n’est pas un contenu de jeton d’accès (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1005
+#: src/scm/webid-oidc/errors.scm:1015
#, scheme-format
msgid "~s is not a DPoP proof (because ~a)"
msgstr "~s n’est pas une preuve DPoP (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1008
+#: src/scm/webid-oidc/errors.scm:1018
#, scheme-format
msgid "~s is not a DPoP proof header (because ~a)"
msgstr "~s n’est pas un en-tête de preuve DPoP (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1011
+#: src/scm/webid-oidc/errors.scm:1021
#, scheme-format
msgid "~s is not a DPoP proof payload (because ~a)"
msgstr "~s n’est pas un contenu de preuve DPoP (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1014
+#: src/scm/webid-oidc/errors.scm:1024
#, scheme-format
msgid "I cannot fetch the issuer configuration of ~a (because ~a)"
msgstr ""
"je n’ai pas pu récupérer la configuration de l’émetteur ~a (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1021
+#: src/scm/webid-oidc/errors.scm:1031
#, scheme-format
msgid "I cannot fetch the JWKS of ~a at ~a (because ~a)"
msgstr "je n’ai pas pu récupérer le JWKS de ~a à ~a (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1032
+#: src/scm/webid-oidc/errors.scm:1042
#, scheme-format
msgid "the HTTP method is signed for ~s, but ~s was requested"
msgstr "la méthode HTTP a été signée pour ~s, mais ~s a été demandé"
-#: src/scm/webid-oidc/errors.scm:1035
+#: src/scm/webid-oidc/errors.scm:1045
#, scheme-format
msgid "the HTTP uri is signed for ~a, but ~a was requested"
msgstr "l’uri HTTP a été signé pour ~a, mais ~a a été demandé"
-#: src/scm/webid-oidc/errors.scm:1038
+#: src/scm/webid-oidc/errors.scm:1048
#, scheme-format
msgid "the date is ~a, but the DPoP proof is signed in the future at ~a"
msgstr "la date est ~a, mais la preuve DPoP a été signée dans le futur à ~a"
-#: src/scm/webid-oidc/errors.scm:1042
+#: src/scm/webid-oidc/errors.scm:1052
#, scheme-format
msgid "the date is ~a, but the DPoP proof was signed too long ago at ~a"
msgstr ""
"la date est ~a, mais la preuve DPoP a été signée il y a trop longtemps à ~a"
-#: src/scm/webid-oidc/errors.scm:1051
+#: src/scm/webid-oidc/errors.scm:1061
#, scheme-format
msgid "the key ~s does not hash to ~a"
msgstr "la clé ~s ne donne pas un hash de ~a"
-#: src/scm/webid-oidc/errors.scm:1053
+#: src/scm/webid-oidc/errors.scm:1063
#, scheme-format
msgid "the key confirmation of ~s failed (because ~a)"
msgstr "la confirmation de clé de ~s a échoué (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1055
+#: src/scm/webid-oidc/errors.scm:1065
#, scheme-format
msgid "the key confirmation of ~s failed"
msgstr "la confirmation de la clé ~s a échoué"
-#: src/scm/webid-oidc/errors.scm:1057
+#: src/scm/webid-oidc/errors.scm:1067
#, scheme-format
msgid "the jti ~s has already been found (because ~a)"
msgstr "le jti ~s a déjà été trouvé (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1060
+#: src/scm/webid-oidc/errors.scm:1070
#, scheme-format
msgid "I cannot decode ~s as an access token (because ~a)"
msgstr "je n’ai pas pu décoder ~s comme jeton d’accès (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1063
+#: src/scm/webid-oidc/errors.scm:1073
#, scheme-format
msgid "I cannot encode ~s as an access token with key ~s (because ~a)"
msgstr ""
"je n’ai pas pu encoder ~s comme un jeton d’accès avec la clé ~s (parce que "
"~a)"
-#: src/scm/webid-oidc/errors.scm:1066
+#: src/scm/webid-oidc/errors.scm:1076
#, scheme-format
msgid "I cannot decode ~s as a DPoP proof (because ~a)"
msgstr "je n’ai pas pu décoder ~s comme preuve DPoP (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1069
+#: src/scm/webid-oidc/errors.scm:1079
#, scheme-format
msgid "I cannot encode ~s as a DPoP proof (because ~a)"
msgstr "je n’ai pas pu encoder ~s comme une preuve DPoP (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1072
+#: src/scm/webid-oidc/errors.scm:1082
#, scheme-format
msgid "I could not fetch a RDF graph at ~a (because ~a)"
msgstr "je n’ai pas pu récupérer de graphe RDF à ~a (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1075
+#: src/scm/webid-oidc/errors.scm:1085
#, scheme-format
msgid "~s is not a client manifest (because ~a)"
msgstr "~s n’est pas un manifeste client (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1078
+#: src/scm/webid-oidc/errors.scm:1088
#, scheme-format
msgid "~s does not authorize redirection URI ~a"
msgstr "~s n’autorise pas l’URI de redirection ~a"
-#: src/scm/webid-oidc/errors.scm:1081
+#: src/scm/webid-oidc/errors.scm:1091
msgid "I cannot serve a public manifest"
msgstr "je ne peux pas servir un manifeste public"
-#: src/scm/webid-oidc/errors.scm:1083
+#: src/scm/webid-oidc/errors.scm:1093
#, scheme-format
msgid "~a does not have a client manifest registration triple"
msgstr "~a n’a pas de triplet d’enregistrement de manifeste client"
-#: src/scm/webid-oidc/errors.scm:1086
+#: src/scm/webid-oidc/errors.scm:1096
#, scheme-format
msgid "the client manifest at ~a is advertised for ~a"
msgstr "le manifeste client ~a est publié pour ~a"
-#: src/scm/webid-oidc/errors.scm:1089
+#: src/scm/webid-oidc/errors.scm:1099
#, scheme-format
msgid "I could not fetch the client manifest of ~a (because ~a)"
msgstr "je n’ai pas pu récupérer le manifeste client de ~a (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1092
+#: src/scm/webid-oidc/errors.scm:1102
#, scheme-format
msgid "~s is not an authorization code (because ~a)"
msgstr "~s n’est pas un code d’autorisation (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1095
+#: src/scm/webid-oidc/errors.scm:1105
#, scheme-format
msgid "~s is not an authorization code header (because ~a)"
msgstr "~s n’est pas un en-tête de code d’autorisation (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1098
+#: src/scm/webid-oidc/errors.scm:1108
#, scheme-format
msgid "~s is not an authorization code payload (because ~a)"
msgstr "~s n’est pas un contenu de code d’autorisation (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1101
+#: src/scm/webid-oidc/errors.scm:1111
#, scheme-format
msgid "the current time is ~a, and the authorization code expired at ~a"
msgstr ""
"la date est actuellement ~a, et le code d’autorisation a expiré à la date ~a"
-#: src/scm/webid-oidc/errors.scm:1105
+#: src/scm/webid-oidc/errors.scm:1115
#, scheme-format
msgid "I cannot decode ~s as an authorization code (because ~a)"
msgstr "je n’ai pas pu décoder ~s comme un code d’autorisation (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1108
+#: src/scm/webid-oidc/errors.scm:1118
#, scheme-format
msgid "I cannot encode ~s as an authorization code (because ~a)"
msgstr "je n’ai pas pu encoder ~s comme un code d’autorisation (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1111
+#: src/scm/webid-oidc/errors.scm:1121
#, scheme-format
msgid "there is no such refresh token as ~s"
msgstr "il n’y a pas de jeton de rafraîchissement ~s"
-#: src/scm/webid-oidc/errors.scm:1114
+#: src/scm/webid-oidc/errors.scm:1124
#, scheme-format
msgid ""
"the refresh token is bound to a key confirmed as ~s, but it is used with key "
@@ -587,45 +587,45 @@ msgstr ""
"Le jeton de rafraîchissement est lié à une clé confirmée par ~s, mais il est "
"utilisé avec la clé ~s"
-#: src/scm/webid-oidc/errors.scm:1117
+#: src/scm/webid-oidc/errors.scm:1127
#, scheme-format
msgid "I cannot decode ~s as an ID token (because ~a)"
msgstr "je n’ai pas pu décoder ~s comme jeton d’identité (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1120
+#: src/scm/webid-oidc/errors.scm:1130
#, scheme-format
msgid "I cannot encode ~s as an ID token (because ~a)"
msgstr "je n’ai pas pu encoder ~s comme un jeton d’identité (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1123
+#: src/scm/webid-oidc/errors.scm:1133
#, scheme-format
msgid "the grant type ~s is not supported"
msgstr "le type d’octroi ~s n’est pas supporté "
-#: src/scm/webid-oidc/errors.scm:1126
+#: src/scm/webid-oidc/errors.scm:1136
msgid "there is no authorization code in the request"
msgstr "il n’y a pas de code d’autorisation dans la requête"
-#: src/scm/webid-oidc/errors.scm:1128
+#: src/scm/webid-oidc/errors.scm:1138
msgid "there is no refresh token in the request"
msgstr "il n’y a pas de jeton de rafraîchissement dans la requête"
-#: src/scm/webid-oidc/errors.scm:1130
+#: src/scm/webid-oidc/errors.scm:1140
#, scheme-format
msgid "~s is not an ID token (because ~a)"
msgstr "~s n’est pas un jeton d’identité (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1133
+#: src/scm/webid-oidc/errors.scm:1143
#, scheme-format
msgid "~s is not an ID token header (because ~a)"
msgstr "~s n’est pas un en-tête de jeton d’identité (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1136
+#: src/scm/webid-oidc/errors.scm:1146
#, scheme-format
msgid "~s is not an ID token payload (because ~a)"
msgstr "~s n’est pas un contenu de jeton d’identité (parce que ~a)"
-#: src/scm/webid-oidc/errors.scm:1139
+#: src/scm/webid-oidc/errors.scm:1149
#, scheme-format
msgid ""
"I couldn’t set the locale to ~s as an approximation of the client locale ~s"
@@ -633,66 +633,71 @@ msgstr ""
"je n’ai pas pu définir la locale à ~s comme approximation de la locale du "
"client ~s"
-#: src/scm/webid-oidc/errors.scm:1144
+#: src/scm/webid-oidc/errors.scm:1152
+#, scheme-format
+msgid "~s does not admit ~s as an identity provider"
+msgstr "~s n’admet pas ~s comme fournisseur d’identité"
+
+#: src/scm/webid-oidc/errors.scm:1157
msgid "that’s it"
msgstr "c’est tout"
-#: src/scm/webid-oidc/errors.scm:1148
+#: src/scm/webid-oidc/errors.scm:1161
#, scheme-format
msgid "~a and ~a"
msgstr "~a et ~a"
-#: src/scm/webid-oidc/errors.scm:1151
+#: src/scm/webid-oidc/errors.scm:1164
#, scheme-format
msgid "~a, ~a"
msgstr "~a, ~a"
-#: src/scm/webid-oidc/errors.scm:1155
+#: src/scm/webid-oidc/errors.scm:1168
#, scheme-format
msgid "the signature ~a does not match key ~s with payload ~a"
msgstr "la signature ~a ne correspond pas à la clé ~s avec le contenu ~a"
-#: src/scm/webid-oidc/errors.scm:1158
+#: src/scm/webid-oidc/errors.scm:1171
msgid "there is an undefined variable"
msgstr "il y a une variable non définie"
-#: src/scm/webid-oidc/errors.scm:1160
+#: src/scm/webid-oidc/errors.scm:1173
#, scheme-format
msgid "the origin is ~a"
msgstr "l’origine est ~a"
-#: src/scm/webid-oidc/errors.scm:1163
+#: src/scm/webid-oidc/errors.scm:1176
#, scheme-format
msgid "a message is attached: ~a"
msgstr "un message est attaché : ~a"
-#: src/scm/webid-oidc/errors.scm:1166
+#: src/scm/webid-oidc/errors.scm:1179
#, scheme-format
msgid "the values ~s are problematic"
msgstr "les valeurs ~s sont problématiques"
-#: src/scm/webid-oidc/errors.scm:1169
+#: src/scm/webid-oidc/errors.scm:1182
msgid "there is a kind and args"
msgstr "il y a un type et des arguments"
-#: src/scm/webid-oidc/errors.scm:1171
+#: src/scm/webid-oidc/errors.scm:1184
msgid "there is an assertion failure"
msgstr "il y a un échec d’assertion"
-#: src/scm/webid-oidc/errors.scm:1173
+#: src/scm/webid-oidc/errors.scm:1186
#, scheme-format
msgid "the program quits with code ~a"
msgstr "le programme quitte avec le code ~a"
-#: src/scm/webid-oidc/errors.scm:1176
+#: src/scm/webid-oidc/errors.scm:1189
msgid "the program cannot recover from this exception"
msgstr "le programme ne peut pas récupérer après cette exception"
-#: src/scm/webid-oidc/errors.scm:1178
+#: src/scm/webid-oidc/errors.scm:1191
msgid "there is an error"
msgstr "il y a une erreur"
-#: src/scm/webid-oidc/errors.scm:1180
+#: src/scm/webid-oidc/errors.scm:1193
#, scheme-format
msgid "Unhandled exception type ~a."
msgstr "Type d’exception non pris en charge ~a."
@@ -1085,10 +1090,6 @@ msgstr ""
"toujours ajuster ses permissions."
#, scheme-format
-#~ msgid "~s does not admit ~s as an identity provider"
-#~ msgstr "~s n’admet pas ~s comme fournisseur d’identité"
-
-#, scheme-format
#~ msgid ""
#~ "~a is neither an identity provider (because ~a) nor a webid (because ~a)"
#~ msgstr ""
diff --git a/po/webid-oidc.pot b/po/webid-oidc.pot
index c5b6815..def4d61 100644
--- a/po/webid-oidc.pot
+++ b/po/webid-oidc.pot
@@ -122,560 +122,565 @@ msgstr ""
msgid "Usage: generate-key [NUMBER OF BITS | CURVE]\n"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:829
+#: src/scm/webid-oidc/errors.scm:839
msgid "that’s how it is"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:834
+#: src/scm/webid-oidc/errors.scm:844
#, scheme-format
msgid "the value ~s is not a base64 string (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:837
+#: src/scm/webid-oidc/errors.scm:847
#, scheme-format
msgid "the value ~s is not JSON (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:840
+#: src/scm/webid-oidc/errors.scm:850
#, scheme-format
msgid "the value ~s is not Turtle (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:843
+#: src/scm/webid-oidc/errors.scm:853
#, scheme-format
msgid "the value ~s does not identify an elleptic curve"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:848
+#: src/scm/webid-oidc/errors.scm:858
#, scheme-format
msgid "the value ~s does not identify a JWK (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:850
+#: src/scm/webid-oidc/errors.scm:860
#, scheme-format
msgid "the value ~s does not identify a JWK"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:855
+#: src/scm/webid-oidc/errors.scm:865
#, scheme-format
msgid "the value ~s does not identify a public JWK (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:857
+#: src/scm/webid-oidc/errors.scm:867
#, scheme-format
msgid "the value ~s does not identify a public JWK"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:862
+#: src/scm/webid-oidc/errors.scm:872
#, scheme-format
msgid "the value ~s does not identify a private JWK (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:864
+#: src/scm/webid-oidc/errors.scm:874
#, scheme-format
msgid "the value ~s does not identify a private JWK"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:869
+#: src/scm/webid-oidc/errors.scm:879
#, scheme-format
msgid "the value ~s does not identify a JWKS (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:871
+#: src/scm/webid-oidc/errors.scm:881
#, scheme-format
msgid "the value ~s does not identify a JWKS"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:874
+#: src/scm/webid-oidc/errors.scm:884
#, scheme-format
msgid "the value ~s does not identify a hash algorithm"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:877
+#: src/scm/webid-oidc/errors.scm:887
#, scheme-format
msgid "the value ~s is not an alist or misses key ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:880
+#: src/scm/webid-oidc/errors.scm:890
#, scheme-format
msgid "the value ~s is not a JWS header (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:883
+#: src/scm/webid-oidc/errors.scm:893
#, scheme-format
msgid "the value ~s is not a JWS payload (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:886
+#: src/scm/webid-oidc/errors.scm:896
#, scheme-format
msgid "the value ~s is not a JWS (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:889
+#: src/scm/webid-oidc/errors.scm:899
#, scheme-format
msgid "the string ~s cannot be split in 3 parts with ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:892
+#: src/scm/webid-oidc/errors.scm:902
#, scheme-format
msgid ""
"all key candidates failed to verify signature ~s with algorithm ~s and "
"payload ~a (there were ~a: ~s)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:895
+#: src/scm/webid-oidc/errors.scm:905
#, scheme-format
msgid "I cannot decode JWS ~a (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:898
+#: src/scm/webid-oidc/errors.scm:908
#, scheme-format
msgid "I cannot encode JWS ~a (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:901
+#: src/scm/webid-oidc/errors.scm:911
#, scheme-format
msgid ""
"the server request unexpectedly failed with code ~a and reason phrase ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:906
+#: src/scm/webid-oidc/errors.scm:916
#, scheme-format
msgid "the header ~a should not have the value ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:908
+#: src/scm/webid-oidc/errors.scm:918
#, scheme-format
msgid "the header ~a should be present"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:911
+#: src/scm/webid-oidc/errors.scm:921
#, scheme-format
msgid "the server response wasn't expected: ~s (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:917
+#: src/scm/webid-oidc/errors.scm:927
#, scheme-format
msgid "the value ~s is not an OIDC configuration (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:922
+#: src/scm/webid-oidc/errors.scm:932
#, scheme-format
msgid "the webid field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:923
+#: src/scm/webid-oidc/errors.scm:933
msgid "the webid field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:927
+#: src/scm/webid-oidc/errors.scm:937
#, scheme-format
msgid "the sub field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:928
+#: src/scm/webid-oidc/errors.scm:938
msgid "the sub field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:932
+#: src/scm/webid-oidc/errors.scm:942
#, scheme-format
msgid "the iss field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:933
+#: src/scm/webid-oidc/errors.scm:943
msgid "the iss field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:937
+#: src/scm/webid-oidc/errors.scm:947
#, scheme-format
msgid "the aud field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:938
+#: src/scm/webid-oidc/errors.scm:948
msgid "the aud field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:942
+#: src/scm/webid-oidc/errors.scm:952
#, scheme-format
msgid "the iat field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:943
+#: src/scm/webid-oidc/errors.scm:953
msgid "the iat field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:947
+#: src/scm/webid-oidc/errors.scm:957
#, scheme-format
msgid "the exp field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:948
+#: src/scm/webid-oidc/errors.scm:958
msgid "the exp field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:952
+#: src/scm/webid-oidc/errors.scm:962
#, scheme-format
msgid "the cnf/jkt field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:953
+#: src/scm/webid-oidc/errors.scm:963
msgid "the cnf/jkt field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:957
+#: src/scm/webid-oidc/errors.scm:967
#, scheme-format
msgid "the client-id field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:958
+#: src/scm/webid-oidc/errors.scm:968
msgid "the client-id field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:962
+#: src/scm/webid-oidc/errors.scm:972
#: src/scm/webid-oidc/authorization-page-unsafe.scm:133
#, scheme-format
msgid "the redirect_uris field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:963
+#: src/scm/webid-oidc/errors.scm:973
#: src/scm/webid-oidc/authorization-page-unsafe.scm:134
msgid "the redirect_uris field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:967
+#: src/scm/webid-oidc/errors.scm:977
#, scheme-format
msgid "the typ field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:968
+#: src/scm/webid-oidc/errors.scm:978
msgid "the typ field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:972
+#: src/scm/webid-oidc/errors.scm:982
#, scheme-format
msgid "the jwk field is incorrect: ~s (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:974
+#: src/scm/webid-oidc/errors.scm:984
msgid "the jwk field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:978
+#: src/scm/webid-oidc/errors.scm:988
#, scheme-format
msgid "the jti field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:979
+#: src/scm/webid-oidc/errors.scm:989
msgid "the jti field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:983
+#: src/scm/webid-oidc/errors.scm:993
#, scheme-format
msgid "the nonce field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:984
+#: src/scm/webid-oidc/errors.scm:994
msgid "the nonce field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:988
+#: src/scm/webid-oidc/errors.scm:998
#, scheme-format
msgid "the htm field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:989
+#: src/scm/webid-oidc/errors.scm:999
msgid "the htm field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:993
+#: src/scm/webid-oidc/errors.scm:1003
#, scheme-format
msgid "the htu field is incorrect: ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:994
+#: src/scm/webid-oidc/errors.scm:1004
msgid "the htu field is missing"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:996
+#: src/scm/webid-oidc/errors.scm:1006
#, scheme-format
msgid "~s is not an access token (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:999
+#: src/scm/webid-oidc/errors.scm:1009
#, scheme-format
msgid "~s is not an access token header (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1002
+#: src/scm/webid-oidc/errors.scm:1012
#, scheme-format
msgid "~s is not an access token payload (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1005
+#: src/scm/webid-oidc/errors.scm:1015
#, scheme-format
msgid "~s is not a DPoP proof (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1008
+#: src/scm/webid-oidc/errors.scm:1018
#, scheme-format
msgid "~s is not a DPoP proof header (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1011
+#: src/scm/webid-oidc/errors.scm:1021
#, scheme-format
msgid "~s is not a DPoP proof payload (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1014
+#: src/scm/webid-oidc/errors.scm:1024
#, scheme-format
msgid "I cannot fetch the issuer configuration of ~a (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1021
+#: src/scm/webid-oidc/errors.scm:1031
#, scheme-format
msgid "I cannot fetch the JWKS of ~a at ~a (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1032
+#: src/scm/webid-oidc/errors.scm:1042
#, scheme-format
msgid "the HTTP method is signed for ~s, but ~s was requested"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1035
+#: src/scm/webid-oidc/errors.scm:1045
#, scheme-format
msgid "the HTTP uri is signed for ~a, but ~a was requested"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1038
+#: src/scm/webid-oidc/errors.scm:1048
#, scheme-format
msgid "the date is ~a, but the DPoP proof is signed in the future at ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1042
+#: src/scm/webid-oidc/errors.scm:1052
#, scheme-format
msgid "the date is ~a, but the DPoP proof was signed too long ago at ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1051
+#: src/scm/webid-oidc/errors.scm:1061
#, scheme-format
msgid "the key ~s does not hash to ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1053
+#: src/scm/webid-oidc/errors.scm:1063
#, scheme-format
msgid "the key confirmation of ~s failed (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1055
+#: src/scm/webid-oidc/errors.scm:1065
#, scheme-format
msgid "the key confirmation of ~s failed"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1057
+#: src/scm/webid-oidc/errors.scm:1067
#, scheme-format
msgid "the jti ~s has already been found (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1060
+#: src/scm/webid-oidc/errors.scm:1070
#, scheme-format
msgid "I cannot decode ~s as an access token (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1063
+#: src/scm/webid-oidc/errors.scm:1073
#, scheme-format
msgid "I cannot encode ~s as an access token with key ~s (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1066
+#: src/scm/webid-oidc/errors.scm:1076
#, scheme-format
msgid "I cannot decode ~s as a DPoP proof (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1069
+#: src/scm/webid-oidc/errors.scm:1079
#, scheme-format
msgid "I cannot encode ~s as a DPoP proof (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1072
+#: src/scm/webid-oidc/errors.scm:1082
#, scheme-format
msgid "I could not fetch a RDF graph at ~a (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1075
+#: src/scm/webid-oidc/errors.scm:1085
#, scheme-format
msgid "~s is not a client manifest (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1078
+#: src/scm/webid-oidc/errors.scm:1088
#, scheme-format
msgid "~s does not authorize redirection URI ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1081
+#: src/scm/webid-oidc/errors.scm:1091
msgid "I cannot serve a public manifest"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1083
+#: src/scm/webid-oidc/errors.scm:1093
#, scheme-format
msgid "~a does not have a client manifest registration triple"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1086
+#: src/scm/webid-oidc/errors.scm:1096
#, scheme-format
msgid "the client manifest at ~a is advertised for ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1089
+#: src/scm/webid-oidc/errors.scm:1099
#, scheme-format
msgid "I could not fetch the client manifest of ~a (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1092
+#: src/scm/webid-oidc/errors.scm:1102
#, scheme-format
msgid "~s is not an authorization code (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1095
+#: src/scm/webid-oidc/errors.scm:1105
#, scheme-format
msgid "~s is not an authorization code header (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1098
+#: src/scm/webid-oidc/errors.scm:1108
#, scheme-format
msgid "~s is not an authorization code payload (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1101
+#: src/scm/webid-oidc/errors.scm:1111
#, scheme-format
msgid "the current time is ~a, and the authorization code expired at ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1105
+#: src/scm/webid-oidc/errors.scm:1115
#, scheme-format
msgid "I cannot decode ~s as an authorization code (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1108
+#: src/scm/webid-oidc/errors.scm:1118
#, scheme-format
msgid "I cannot encode ~s as an authorization code (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1111
+#: src/scm/webid-oidc/errors.scm:1121
#, scheme-format
msgid "there is no such refresh token as ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1114
+#: src/scm/webid-oidc/errors.scm:1124
#, scheme-format
msgid ""
"the refresh token is bound to a key confirmed as ~s, but it is used with key "
"~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1117
+#: src/scm/webid-oidc/errors.scm:1127
#, scheme-format
msgid "I cannot decode ~s as an ID token (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1120
+#: src/scm/webid-oidc/errors.scm:1130
#, scheme-format
msgid "I cannot encode ~s as an ID token (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1123
+#: src/scm/webid-oidc/errors.scm:1133
#, scheme-format
msgid "the grant type ~s is not supported"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1126
+#: src/scm/webid-oidc/errors.scm:1136
msgid "there is no authorization code in the request"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1128
+#: src/scm/webid-oidc/errors.scm:1138
msgid "there is no refresh token in the request"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1130
+#: src/scm/webid-oidc/errors.scm:1140
#, scheme-format
msgid "~s is not an ID token (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1133
+#: src/scm/webid-oidc/errors.scm:1143
#, scheme-format
msgid "~s is not an ID token header (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1136
+#: src/scm/webid-oidc/errors.scm:1146
#, scheme-format
msgid "~s is not an ID token payload (because ~a)"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1139
+#: src/scm/webid-oidc/errors.scm:1149
#, scheme-format
msgid ""
"I couldn’t set the locale to ~s as an approximation of the client locale ~s"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1144
+#: src/scm/webid-oidc/errors.scm:1152
+#, scheme-format
+msgid "~s does not admit ~s as an identity provider"
+msgstr ""
+
+#: src/scm/webid-oidc/errors.scm:1157
msgid "that’s it"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1148
+#: src/scm/webid-oidc/errors.scm:1161
#, scheme-format
msgid "~a and ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1151
+#: src/scm/webid-oidc/errors.scm:1164
#, scheme-format
msgid "~a, ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1155
+#: src/scm/webid-oidc/errors.scm:1168
#, scheme-format
msgid "the signature ~a does not match key ~s with payload ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1158
+#: src/scm/webid-oidc/errors.scm:1171
msgid "there is an undefined variable"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1160
+#: src/scm/webid-oidc/errors.scm:1173
#, scheme-format
msgid "the origin is ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1163
+#: src/scm/webid-oidc/errors.scm:1176
#, scheme-format
msgid "a message is attached: ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1166
+#: src/scm/webid-oidc/errors.scm:1179
#, scheme-format
msgid "the values ~s are problematic"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1169
+#: src/scm/webid-oidc/errors.scm:1182
msgid "there is a kind and args"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1171
+#: src/scm/webid-oidc/errors.scm:1184
msgid "there is an assertion failure"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1173
+#: src/scm/webid-oidc/errors.scm:1186
#, scheme-format
msgid "the program quits with code ~a"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1176
+#: src/scm/webid-oidc/errors.scm:1189
msgid "the program cannot recover from this exception"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1178
+#: src/scm/webid-oidc/errors.scm:1191
msgid "there is an error"
msgstr ""
-#: src/scm/webid-oidc/errors.scm:1180
+#: src/scm/webid-oidc/errors.scm:1193
#, scheme-format
msgid "Unhandled exception type ~a."
msgstr ""
diff --git a/src/scm/webid-oidc/Makefile.am b/src/scm/webid-oidc/Makefile.am
index 6676fe9..42c65b6 100644
--- a/src/scm/webid-oidc/Makefile.am
+++ b/src/scm/webid-oidc/Makefile.am
@@ -18,7 +18,8 @@ dist_webidoidcmod_DATA += \
%reldir%/authorization-page-unsafe.scm \
%reldir%/authorization-endpoint.scm \
%reldir%/token-endpoint.scm \
- %reldir%/identity-provider.scm
+ %reldir%/identity-provider.scm \
+ %reldir%/provider-confirmation.scm
webidoidcgo_DATA += \
%reldir%/errors.go \
@@ -40,6 +41,7 @@ webidoidcgo_DATA += \
%reldir%/authorization-page-unsafe.go \
%reldir%/authorization-endpoint.go \
%reldir%/token-endpoint.go \
- %reldir%/identity-provider.go
+ %reldir%/identity-provider.go \
+ %reldir%/provider-confirmation.go
EXTRA_DIST += %reldir%/ChangeLog
diff --git a/src/scm/webid-oidc/errors.scm b/src/scm/webid-oidc/errors.scm
index 4b4ba2d..4a62abb 100644
--- a/src/scm/webid-oidc/errors.scm
+++ b/src/scm/webid-oidc/errors.scm
@@ -818,6 +818,16 @@
(raise-exception
((record-constructor &no-refresh-token))))
+(define-public &unconfirmed-provider
+ (make-exception-type
+ '&unconfirmed-provider
+ &external-error
+ '(subject provider)))
+
+(define-public (raise-unconfirmed-provider subject provider)
+ (raise-exception
+ ((record-constructor &unconfirmed-provider) subject provider)))
+
(define*-public (error->str err #:key (max-depth #f))
(if (record? err)
(let* ((type (record-type-descriptor err))
@@ -1138,6 +1148,9 @@
((&unknown-client-locale)
(format #f (G_ "I couldn’t set the locale to ~s as an approximation of the client locale ~s")
(get 'c-locale) (get 'web-locale)))
+ ((&unconfirmed-provider)
+ (format #f (G_ "~s does not admit ~s as an identity provider")
+ (get 'subject) (get 'provider)))
((&compound-exception)
(let ((components (get 'components)))
(if (null? components)
diff --git a/src/scm/webid-oidc/provider-confirmation.scm b/src/scm/webid-oidc/provider-confirmation.scm
new file mode 100644
index 0000000..f767fee
--- /dev/null
+++ b/src/scm/webid-oidc/provider-confirmation.scm
@@ -0,0 +1,70 @@
+(define-module (webid-oidc provider-confirmation)
+ #:use-module (webid-oidc errors)
+ #:use-module (webid-oidc fetch)
+ #:use-module (web uri)
+ #:use-module (web client)
+ #:use-module (web response)
+ #:use-module (rnrs bytevectors)
+ #:use-module (srfi srfi-19)
+ #:use-module (ice-9 receive)
+ #:use-module (ice-9 optargs)
+ #:use-module (rdf rdf)
+ #:use-module (turtle tordf))
+
+(define (find-confirmations subject graph)
+ (cond ((null? graph) '())
+ ((and (string=? (rdf-triple-predicate (car graph))
+ "http://www.w3.org/ns/solid/terms#oidcIssuer")
+ (string? (rdf-triple-subject (car graph)))
+ (string=? (rdf-triple-subject (car graph)) subject)
+ (string? (rdf-triple-object (car graph)))
+ (string->uri (rdf-triple-object (car graph)))
+ (eq? (uri-scheme (string->uri (rdf-triple-object (car graph))))
+ 'https))
+ (cons (string->uri (rdf-triple-object (car graph)))
+ (find-confirmations subject (cdr graph))))
+ (else (find-confirmations subject (cdr graph)))))
+
+(define (serve-confirmations expiration-date subject cnf)
+ (let ((resource (format #f "@prefix solid: <http://www.w3.org/ns/solid/terms#> .
+
+<~a> solid:oidcIssuer ~a .
+"
+ (uri->string subject)
+ (string-join (map (lambda (uri)
+ (format #f "<~a>" (uri->string uri)))
+ cnf)
+ ", "))))
+ (values (build-response #:headers `((content-type text/turtle)
+ (expires . ,expiration-date)))
+ resource)))
+
+(define*-public (get-provider-confirmations subject
+ #:key
+ (http-get http-get))
+ (unless (equal? (uri-scheme subject) 'https)
+ (set! subject (build-uri 'https
+ #:userinfo (uri-userinfo subject)
+ #:host (uri-host subject)
+ #:port (uri-port subject)
+ #:path (uri-path subject)
+ #:query (uri-query subject)
+ #:fragment (uri-fragment subject))))
+ (let ((graph (fetch subject #:http-get http-get)))
+ (cons (build-uri 'https
+ #:userinfo (uri-userinfo subject)
+ #:host (uri-host subject)
+ #:port (uri-port subject))
+ (find-confirmations (uri->string subject) graph))))
+
+(define*-public (confirm-provider subject issuer
+ #:key (http-get http-get))
+ (define (search lst)
+ (if (null? lst)
+ (raise-unconfirmed-provider subject issuer)
+ (or (string=? (car lst) (uri->string issuer))
+ (search (cdr lst)))))
+ (unless (string=? (uri-host subject) (uri-host issuer))
+ (search (get-provider-confirmations
+ subject
+ #:http-get http-get))))
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 947afc8..ba64f00 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -35,7 +35,8 @@ TESTS = %reldir%/load-library.scm \
%reldir%/authorization-endpoint-get-form.scm \
%reldir%/authorization-endpoint-submit-form.scm \
%reldir%/token-endpoint-issue.scm \
- %reldir%/token-endpoint-refresh.scm
+ %reldir%/token-endpoint-refresh.scm \
+ %reldir%/provider-confirmation.scm
EXTRA_DIST += $(TESTS) %reldir%/ChangeLog
diff --git a/tests/provider-confirmation.scm b/tests/provider-confirmation.scm
new file mode 100644
index 0000000..44825e3
--- /dev/null
+++ b/tests/provider-confirmation.scm
@@ -0,0 +1,40 @@
+(use-modules (webid-oidc provider-confirmation)
+ (webid-oidc testing)
+ (web uri)
+ (srfi srfi-19)
+ (web response)
+ (ice-9 optargs)
+ (ice-9 receive))
+
+(with-test-environment
+ "provider-confirmation"
+ (lambda ()
+ (define what-uri-to-expect
+ (string->uri "https://provider-confirmation.scm/id#webid"))
+ (define what-headers-to-expect
+ '((accept (text/turtle))))
+ (define what-to-respond
+ (build-response #:headers '((content-type text/turtle))))
+ (define what-to-respond-body
+ "@prefix solid: <http://www.w3.org/ns/solid/terms#> .
+
+<#webid> solid:oidcIssuer <https://other-provider.provider-confirmation.scm>, <http://unsecure.provider> .
+")
+ (define* (http-get uri #:key (headers '()))
+ (unless (equal? uri what-uri-to-expect)
+ (exit 1))
+ (unless (equal? headers what-headers-to-expect)
+ (exit 2))
+ (values what-to-respond what-to-respond-body))
+ (define cnf (get-provider-confirmations
+ (string->uri "https://provider-confirmation.scm/id#webid")
+ #:http-get http-get))
+ (unless (eq? (length cnf) 2)
+ (format (current-error-port) "~s\n" cnf)
+ (exit 3))
+ (unless (string=? (uri->string (car cnf))
+ "https://provider-confirmation.scm")
+ (exit 4))
+ (unless (string=? (uri->string (cadr cnf))
+ "https://other-provider.provider-confirmation.scm")
+ (exit 5))))
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-14 22:28:04 +0000