summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVivien Kraus <vivien@planete-kraus.eu>2021-10-17 14:52:14 +0200
committerVivien Kraus <vivien@planete-kraus.eu>2021-10-21 09:45:14 +0200
commit1dc4802d231bf4083d387a6db0765730075cc752 (patch)
tree1dde8889f49ebeb7652d89bd1af8428480532201
parent7debf052567f50d2c2510d80405069e53b0971bf (diff)
Use the endpoint API
Diffstat
-rw-r--r--doc/disfluid.texi314
-rw-r--r--guix/vkraus/services/disfluid.scm450
-rw-r--r--guix/vkraus/systems/test.scm131
-rw-r--r--po/POTFILES.in5
-rw-r--r--po/disfluid.pot664
-rw-r--r--po/fr.po1483
-rw-r--r--src/scm/webid-oidc/Makefile.am10
-rw-r--r--src/scm/webid-oidc/authorization-endpoint.scm85
-rw-r--r--src/scm/webid-oidc/client.scm41
-rw-r--r--src/scm/webid-oidc/hello-world.scm1
-rw-r--r--src/scm/webid-oidc/identity-provider.scm135
-rw-r--r--src/scm/webid-oidc/program.scm694
-rw-r--r--src/scm/webid-oidc/resource-server.scm139
-rw-r--r--src/scm/webid-oidc/reverse-proxy.scm90
-rw-r--r--src/scm/webid-oidc/simulation.scm143
-rw-r--r--src/scm/webid-oidc/testing.scm1
-rw-r--r--src/scm/webid-oidc/token-endpoint.scm94
-rw-r--r--tests/authorization-endpoint-get-form.scm49
-rw-r--r--tests/authorization-endpoint-no-args.scm58
-rw-r--r--tests/authorization-endpoint-submit-form.scm66
-rw-r--r--tests/client-manifest-not-modified.scm59
-rw-r--r--tests/client-workflow.scm117
-rw-r--r--tests/resource-server.scm24
-rw-r--r--tests/token-endpoint-issue.scm182
-rw-r--r--tests/token-endpoint-refresh.scm195
25 files changed, 1631 insertions, 3599 deletions
diff --git a/doc/disfluid.texi b/doc/disfluid.texi
index 7e47022..3e6c91c 100644
--- a/doc/disfluid.texi
+++ b/doc/disfluid.texi
@@ -74,8 +74,7 @@ A PDF version of this manual is available at
* The HTTP Link header::
* Content negociation::
* Server endpoints::
-* Running an Identity Provider::
-* Running a Resource Server::
+* Resources stored on the server::
* Running a client::
* Serialization to (S)XML::
* Exceptional conditions::
@@ -127,31 +126,12 @@ web browser.
@node Invoking disfluid
@chapter Invoking disfluid
-The @samp{disfluid} program provides different modes of operations:
-
-@table @samp
-@item reverse-proxy
-Run an authenticating reverse proxy. With this command, you specify a
-backend server. When an authenticated user makes a request, you
-receive an additional header containing the user’s identity.
-@item identity-provider
-Run the identity provider only.
-@item client-service
-The client applications must serve some resources: namely, the client
-manifest and the redirect URI.
-@item server
-Run both an identity provider and a resource server.
-@end table
-
-The server is configured with command-line arguments, and environment
-variables.
+The @samp{disfluid} program runs a server, if the user specifies a
+configuration file, or the graphical browser otherwise.
@menu
* General options::
-* General server configuration::
-* Configuration for the resource server::
-* Configuration for the identity provider::
-* Configuration for the client service::
+* Running a server::
@end menu
@node General options
@@ -164,22 +144,23 @@ administrator. You can control it with the @samp{LANG} environment
variable. So if your locale is not English, you can have the same
commands as in this manual by running with @code{LANG=C}.
-The programs respect the @samp{XDG_DATA_HOME} and
-@samp{XDG_CACHE_HOME} to store persistent data and disposable
-data. The cache directory can be deleted at any time. If one of these
-variables is not set, its value is computed from the @samp{HOME}
-environment variable.
-
-@node General server configuration
-@section General server configuration
-All servers are published under the Affero GPL, which means that the
-service provider needs to publish all changes made to the program to
-users over the network. The @samp{disfluid} command provides a
+The programs respect the @samp{XDG_DATA_HOME} (if not overriden by the
+server configuration) and @samp{XDG_CACHE_HOME} to store persistent
+data and disposable data. The cache directory can be deleted at any
+time. If one of these variables is not set, its value is computed from
+the @samp{HOME} environment variable.
+
+@node Running a server
+@section Running a server
+The disfluid code is published under the Affero GPL, which means that
+the service provider needs to publish all changes made to the program
+to users over the network. The @samp{disfluid} command provides a
@samp{--complete-corresponding-source} option so that the system
administrator can specify a means to download the source.
The servers will add a @samp{Source:} header in each response,
-containing the value of this configuration option.
+containing the value of this configuration option. It can be, for
+instance, an URI where to download the modified source code.
The servers can be configured to redirect output and errors to a log
file and an error file, with the @samp{--log-file} and
@@ -190,8 +171,55 @@ configured with @samp{--port}. Since the servers do not support TLS,
and they only support HTTP/1.1, they are intended to run behind a
reverse proxy (even for the authenticating reverse proxy).
-Finally, the servers are required to know their public name. This is
-configured with the @samp{--server-name} option.
+Finally, you configure the server by passing the
+@samp{--configuration} parameter pointing to a configuration file. The
+configuration file is plain guile code, that must evaluate to an
+@code{<endpoint>}.
+
+Here is an example configuration that runs a resource server with an
+identity provider:
+
+@lisp
+(use-modules (webid-oidc server endpoint)
+ (webid-oidc server endpoint resource-server)
+ (webid-oidc server endpoint identity-provider)
+ (webid-oidc server endpoint authentication)
+ (webid-oidc oidc-configuration)
+ (oop goops))
+
+(make <identity-provider>
+ #:host "example.com"
+ #:oidc-discovery
+ (make <oidc-discovery>
+ #:path "/.well-known/openid-configuration"
+ #:configuration
+ (make <oidc-configuration>
+ #:jwks-uri "https://example.com/keys"
+ #:authorization-endpoint "https://example.com/authorize"
+ #:token-endpoint "https://example.com/token"))
+ #:authorization-endpoint
+ (make <authorization-endpoint>
+ #:path "/authorize"
+ #:subject "https://example.com/profile/card#me"
+ #:encrypted-password (crypt "secretpassword123" "$6$secret.salt")
+ #:key-file "/var/lib/disfluid/key-file.jwk")
+ #:token-endpoint
+ (make <token-endpoint>
+ #:path "/token"
+ #:issuer "https://example.com"
+ #:key-file "/var/lib/disfluid/key-file.jwk")
+ #:jwks-endpoint
+ (make <jwks-endpoint>
+ #:path "/keys"
+ #:key-file "/var/lib/disfluid/key-file.jwk")
+ #:default
+ (make <authenticator>
+ #:backend
+ (make <resource-server>
+ #:server-name "https://example.com"
+ #:owner "https://example.com/profile/card#me")
+ #:server-uri "https://example.com"))
+@end lisp
The server will make requests on the world-wide web, for instance to
download client manifests. The requests can be redirected with XML
@@ -199,64 +227,6 @@ Catalog, by setting the @samp{XML_CATALOG_FILES} to a space-separated
list of URIs (can be @code{file:} URIs). The requests cannot be
directed to the file system.
-@node Configuration for the resource server
-@section Configuration for the resource server
-The reverse proxy sets an identity header to authenticated
-requests. By default, it is @samp{XXX-Agent}, but it can be configured
-with @samp{--header}.
-
-The reverse proxy is configured to contact a backend URI with
-@samp{--backend-uri}. This backend URI should not be directly exposed,
-because a malicious user could set the identity header.
-
-@node Configuration for the identity provider
-@section Configuration for the identity provider
-The identity provider can only handle one user. If you want to handle
-multiple users, it is highly advised to use a different host name for
-each user, in case the server is accessed from a web browser. You can
-set the identity of the user with @samp{--subject}, and write the
-user’s password in a file. Pass the file name with
-@samp{--encrypted-password-file}. You can pass the encrypted password
-directly with @samp{--encrypted-password}, but the encrypted password
-will be public.
-
-The encrypted password format is defined by the crypt function in the
-C library. For glibc, it looks like this:
-@code{$@var{N}$@var{salt}$@var{hash}}, where @var{N} is the algorithm
-identifier, @var{salt} is the password salt annd @var{hash} is its
-hash.
-
-The server uses a key, which is not the same thing as the TLS
-certificate of the server (remember, the servers don’t support
-TLS). It is in the JWK format. You set its file name with
-@samp{--key-file}. If the key file does not exist, it will be
-generated.
-
-Finally, the public openid configuration requires you to set the JWKS
-URI (@samp{--jwks-uri}), authorization endpoint URI
-(@samp{--authorization-endpoint-uri}) and token endpoint URI
-(@samp{--token-endpoint-uri}). The identity provider will publish the
-full URIs, but will respond to their path, regardless of the host.
-
-@node Configuration for the client service
-@section Configuration for the client service
-The client will serve a stupid page for the redirect URI that will
-only display the authorization code. The redirect URI is set with
-@samp{--redirect-uri}.
-
-The client ID is set with @samp{--client-id}. This is the URI under
-which the client registrationn is served.
-
-Finally, you can set some cosmetic options, but since it can confuse
-the user, they are hidden by default by the identity provider.
-
-@table @samp
-@item --client-name
-set the name of the application.
-@item --client-uri
-set an URI where to find more information about the client.
-@end table
-
@node Running disfluid with GNU Guix
@chapter Running disfluid with GNU Guix
@@ -266,30 +236,17 @@ with guix. It defines the package at the latest commit, and a service
definition in @emph{(vkraus services disfluid)}.
@defvr {service type} disfluid-service-type
-This service runs a bunch of disfluid servers with the @emph{disfluid}
-system user, each with a unique name. The value it takes is an alist
-of service configurations: the keys are unique names (to differenciate
-the generated shepherd services), and the values are configuration
-records for an issuer, reverse proxy, server, or client service.
+This service runs a disfluid server with the @emph{disfluid} system
+user. The value it takes is a service configuration.
@end defvr
-@deftp {configuration record} <disfluid-issuer-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{issuer} @var{key-file} @var{subject} @var{encrypted-password-file} @var{jwks-uri} @var{authorization-endpoint-uri} @var{token-endpoint-uri} @var{port} [@var{extra-options}]
+@deftp {configuration record} <disfluid-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{port} @var{configuration-file} [@var{extra-options}]
The configuration for the identity provider. The optional
@var{disfluid} argument is the package containing the binary to run,
if you want to apply some patches, and @var{extra-options} is an empty
list by default.
-@end deftp
-
-@deftp {configuration record} <disfluid-reverse-proxy-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{port} @var{inbound-uri} @var{outbound-uri} @var{header} [@var{extra-options}]
-This record configures an authenticating reverse proxy.
-@end deftp
-@deftp {configuration record} <disfluid-client-service-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{client-id} @var{redirect-uri} [@var{client-name}] [@var{client-uri}] @var{port} [@var{extra-options}]
-This record configures a server to serve public application pages.
-@end deftp
-
-@deftp {configuration record} <disfluid-server-configuration> [@var{disfluid}] @var{complete-corresponding-source} @var{server-name} @var{key-file} @var{subject} @var{encrypted-password-file} @var{jwks-uri} @var{authorization-endpoint-uri} @var{token-endpoint-uri} @var{port} [@var{extra-options}]
-The configuration for the full server.
+@var{configuration-file} is a file-like object or a file name.
@end deftp
@node Common parameters
@@ -1881,137 +1838,8 @@ Return the directory where @var{resource-server} stores persistent
data.
@end deffn
-@node Running an Identity Provider
-@chapter Running an Identity Provider
-
-This project is packaged with a barebones identity provider. It has an
-authorization endpoint and a token endpoint (and it serves its public
-keys), but it is only intended for one specific person.
-
-You can start it by invoking the @code{webid-oidc} program with the
-@code{issuer} command, with the following options:
-
-@table @asis
-@item @code{-h}, or @code{--help}
-prints a summary of options and exit.
-@item @code{-v}, or @code{--version}
-prints the version of the program and exits.
-@item @code{-n @var{URI}}, or @code{--server-name=@var{URI}}
-sets the global server name of the identity provider. It should have
-an empty path.
-@item @code{-k @var{FILE.jwk}}, or @code{--key-file=@var{FILE.jwk}}
-sets the file name where to read or generate a key for the identity
-provider. This file should be JSON, containing the representation of a
-JWK key pair.
-@item @code{-s @var{WEBID}}, or @code{--subject=@var{WEBID}}
-sets the webid of the only user of the identity provider. This is an
-URI, pointing to a RDF node corresponding to the user’s profile.
-@item @code{-w @var{PASSWORD}}, or @code{--password=@var{PASSWORD}}
-sets the password that the user must enter to authorize an
-application.
-@item @code{-j @var{URI}}, or @code{--jwks-uri=@var{URI}}
-tells the server that requests to @var{URI} should be responded with
-the public key used to sign the tokens.
-@item @code{-a @var{URI}}, or @code{--authorization-endpoint-uri=@var{URI}}
-tells the server that requests to @var{URI} should be treated as
-authorization requests.
-@item @code{-t @var{URI}}, or @code{--token-endpoint-uri=@var{URI}}
-tells the server that requests to @var{URI} should be treated as token
-negociation requests.
-@item @code{-p @var{PORT}}, or @code{--port=@var{PORT}}
-change the port number used by the server. By default, it is set to
-8080.
-@item @code{-l @var{FILE.log}}, or @code{--log-file=@var{FILE.log}}
-let the server dump all its output to @var{FILE.log}. Since I don’t
-know how to deal with syslog, this is the only way to keep logs with a
-shepherd service.
-@item @code{-e @var{FILE.err}}, or @code{--error-file=@var{FILE.err}}
-let the server dump all its errors to @var{FILE.err}.
-@end table
-
-The program is sensitive to the environment variables. The most
-important one is @emph{LANG}, which influences how the program is
-internationalized to the server administrator (the pages served to the
-user use the user agent’s locale). This changes the long form of the
-options, and the language in the log files.
-
-The @emph{XDG_DATA_HOME} should point to some place where the program
-will store refresh tokens, under the @code{webid-oidc} directory. For
-a system service, you might want to define that environment to
-@code{/var/lib}, for instance.
-
-The @emph{XDG_CACHE_HOME} should point to a directory where to store
-the seed of the random number generator (under a @code{webid-oidc}
-directory, again). Changing the seed only happens when a program
-starts to require the random number generator. You can safely delete
-this directory, but you need to restart the program to actually change
-the seed.
-
-@node Running a Resource Server
-@chapter Running a Resource Server
-
-@menu
-* The authenticator::
-* The full server::
-* Resources stored on the server::
-@end menu
-
-A Solid server is the server that manages your data. It needs to check
-that the proofs of possession are correct, and the possessed key is
-signed by the identity provider.
-
-@node The authenticator
-@section The authenticator
-
-In @emph{(webid-oidc resource-server)}, the following function gives a
-simple API for a web server:
-
-@deffn function make-authenticator @var{jti-list} @var{[#server-uri]} @var{[#current-time]} @var{[#http-get]}
-Create an authenticator, i.e. a function that takes a request and
-request body and returns the webid of the authenticated user, or
-@code{#f} if it is not authenticated.
-
-To prevent replay attacks, each request is signed by the client with a
-different unique padding value. If such a value has already been seen,
-then the request must fail.
-
-The authenticator expects the client to demonstrate the possession of
-a key that the identity provider knows. So the client creates a DPoP
-proof, targetted to a specific URI. In order to check that the URI is
-correct, the authenticator needs the public URI of the service.
-
-The JTIs are checked within a small time frame. By default, the system
-time will be used. Otherwise, you can customize the
-@code{current-time} optional keyword argument, to pass a thunk
-returning a time from @emph{(srfi srfi-19)}.
-
-You may want to customize the @var{http-get} optional keyword argument
-to pass a function to replace @code{http-get} from @emph{(http
-client)}. This function takes an URI and optional @code{#:headers}
-arguments, makes the request, and return two values: the response, and
-the response body.
-
-This function, in @emph{(webid-oidc resource-server)}, returns a web
-request handler, taking the request and request body, and returning
-the subject of the access token. If an error happens, it is thrown;
-the function always returns a valid URI.
-@end deffn
-
-@node The full server
-@section The full server
-
-@deffn {function from @emph{(webid-oidc resource-server)}} make-server @var{[#:server-uri]} @var{[#:owner]} @var{[#:authenticator]} @var{[#:current-time]} @var{[#:http-get]}
-Return a server handler, a function taking 2 values, a request and a
-request body, and returning 2 values, the response and response body.
-
-The optional @var{[#:authenticator]} argument defaults to the
-webid-oidc authenticator, @var{[#:current-time]} defaults to a thunk
-returning the system time and @var{[#:http-get]} to the web client
-from @emph{(web client)}.
-@end deffn
-
@node Resources stored on the server
-@section Resources stored on the server
+@chapter Resources stored on the server
To store and serve resources, the server has two distinct
mechanisms. A @dfn{content} is a read-only possible value for a
diff --git a/guix/vkraus/services/disfluid.scm b/guix/vkraus/services/disfluid.scm
index 21adca2..66a13fe 100644
--- a/guix/vkraus/services/disfluid.scm
+++ b/guix/vkraus/services/disfluid.scm
@@ -28,382 +28,71 @@
#:use-module (ice-9 match)
#:use-module (ice-9 optargs))
-(define-record-type* <disfluid-issuer-configuration>
- disfluid-issuer-configuration
- make-disfluid-issuer-configuration
- disfluid-issuer-configuration?
- (disfluid disfluid-issuer-configuration-disfluid
- (default disfluid))
+(define-record-type* <disfluid-configuration>
+ disfluid-configuration
+ make-disfluid-configuration
+ disfluid-configuration?
+ (disfluid disfluid-configuration-disfluid
+ (default disfluid))
(complete-corresponding-source
- disfluid-issuer-configuration-complete-corresponding-source)
- (issuer disfluid-issuer-configuration-issuer)
- (key-file disfluid-issuer-configuration-key-file)
- (subject disfluid-issuer-configuration-subject)
- (encrypted-password-file disfluid-issuer-configuration-encrypted-password-file)
- (jwks-uri disfluid-issuer-configuration-jwks-uri)
- (authorization-endpoint-uri
- disfluid-issuer-configuration-authorization-endpoint-uri)
- (token-endpoint-uri
- disfluid-issuer-configuration-token-endpoint-uri)
+ disfluid-configuration-complete-corresponding-source)
+ (configuration disfluid-configuration-configuration)
(port disfluid-issuer-configuration-port (default 8088))
(extra-options
disfluid-issuer-configuration-extra-options
(default '())))
-(define-record-type* <disfluid-reverse-proxy-configuration>
- disfluid-reverse-proxy-configuration
- make-disfluid-reverse-proxy-configuration
- disfluid-reverse-proxy-configuration?
- (disfluid disfluid-reverse-proxy-configuration-disfluid
- (default disfluid))
- (complete-corresponding-source
- disfluid-reverse-proxy-configuration-complete-corresponding-source)
- (port disfluid-reverse-proxy-port (default 8090))
- (inbound-uri disfluid-reverse-proxy-configuration-inbound-uri)
- (outbound-uri disfluid-reverse-proxy-configuration-outbound-uri)
- (header disfluid-reverse-proxy-configuration-header
- (default "XXX-Agent"))
- (extra-options
- disfluid-reverse-proxy-extra-options
- (default '())))
-
-(define-record-type* <disfluid-hello-configuration>
- disfluid-hello-configuration
- make-disfluid-hello-configuration
- disfluid-hello-configuration?
- (disfluid disfluid-hello-configuration-disfluid
- (default disfluid))
- (complete-corresponding-source
- disfluid-hello-configuration-complete-corresponding-source)
- (port disfluid-hello-configuration-port (default 8089))
- (extra-options
- disfluid-hello-configuration-extra-options
- (default '())))
-
-(define-record-type* <disfluid-client-service-configuration>
- disfluid-client-service-configuration
- make-disfluid-client-service-configuration
- disfluid-client-service-configuration?
- (disfluid disfluid-client-service-configuration-disfluid
- (default disfluid))
- (complete-corresponding-source
- disfluid-client-service-configuration-complete-corresponding-source)
- (client-id disfluid-client-service-configuration-client-id)
- (redirect-uri disfluid-client-service-configuration-redirect-uri)
- (client-name disfluid-client-service-configuration-client-name (default "Example Solid App"))
- (client-uri disfluid-client-service-configuration-client-uri (default "https://webid-oidc.planete-kraus.eu/Running-a-client.html#Running-a-client"))
- (port disfluid-client-service-configuration-port (default 8088))
- (extra-options
- disfluid-client-service-configuration-extra-options
- (default '())))
-
-(define-record-type* <disfluid-server-configuration>
- disfluid-server-configuration
- make-disfluid-server-configuration
- disfluid-server-configuration?
- (disfluid disfluid-server-configuration-disfluid
- (default disfluid))
- (complete-corresponding-source
- disfluid-server-configuration-complete-corresponding-source)
- (server-name disfluid-server-configuration-server-name)
- (key-file disfluid-server-configuration-key-file)
- (subject disfluid-server-configuration-subject)
- (encrypted-password-file disfluid-server-configuration-encrypted-password-file)
- (jwks-uri disfluid-server-configuration-jwks-uri)
- (authorization-endpoint-uri
- disfluid-server-configuration-authorization-endpoint-uri)
- (token-endpoint-uri
- disfluid-server-configuration-token-endpoint-uri)
- (port disfluid-server-configuration-port (default 8088))
- (extra-options
- disfluid-issuer-configuration-extra-options
- (default '())))
-
-(export <disfluid-issuer-configuration>
- disfluid-issuer-configuration
- make-disfluid-issuer-configuration
- disfluid-issuer-configuration?
- disfluid-issuer-configuration-disfluid
- disfluid-issuer-configuration-complete-corresponding-source
- disfluid-issuer-configuration-issuer
- disfluid-issuer-configuration-key-file
- disfluid-issuer-configuration-subject
- disfluid-issuer-configuration-encrypted-password-file
- disfluid-issuer-configuration-jwks-uri
- disfluid-issuer-configuration-authorization-endpoint-uri
- disfluid-issuer-configuration-token-endpoint-uri
+(export <disfluid-configuration>
+ disfluid-configuration
+ make-disfluid-configuration
+ disfluid-configuration?
+ disfluid-configuration-disfluid
+ disfluid-configuration-complete-corresponding-source
+ disfluid-configuration-configuration
disfluid-issuer-configuration-port
- disfluid-issuer-configuration-extra-options
- <disfluid-reverse-proxy-configuration>
- disfluid-reverse-proxy-configuration
- make-disfluid-reverse-proxy-configuration
- disfluid-reverse-proxy-configuration?
- disfluid-reverse-proxy-configuration-disfluid
- disfluid-reverse-proxy-configuration-complete-corresponding-source
- disfluid-reverse-proxy-configuration-port
- disfluid-reverse-proxy-configuration-inbound-uri
- disfluid-reverse-proxy-configuration-outbound-uri
- disfluid-reverse-proxy-configuration-header
- disfluid-reverse-proxy-configuration-extra-options
- <disfluid-hello-configuration>
- disfluid-hello-configuration
- make-disfluid-hello-configuration
- disfluid-hello-configuration?
- disfluid-hello-configuration-disfluid
- disfluid-hello-configuration-complete-corresponding-source
- disfluid-hello-configuration-port
- disfluid-hello-configuration-extra-options
- <disfluid-client-service-configuration>
- disfluid-client-service-configuration
- make-disfluid-client-service-configuration
- disfluid-client-service-configuration?
- disfluid-client-service-configuration-disfluid
- disfluid-client-service-configuration-complete-corresponding-source
- disfluid-client-service-configuration-client-id
- disfluid-client-service-configuration-redirect-uri
- disfluid-client-service-configuration-client-name
- disfluid-client-service-configuration-client-uri
- disfluid-client-service-configuration-port
- disfluid-client-service-configuration-extra-options
- <disfluid-server-configuration>
- disfluid-server-configuration
- make-disfluid-server-configuration
- disfluid-server-configuration?
- disfluid-server-configuration-disfluid
- disfluid-server-configuration-complete-corresponding-source
- disfluid-server-configuration-server-name
- disfluid-server-configuration-key-file
- disfluid-server-configuration-subject
- disfluid-server-configuration-encrypted-password-file
- disfluid-server-configuration-jwks-uri
- disfluid-server-configuration-authorization-endpoint-uri
- disfluid-server-configuration-token-endpoint-uri
- disfluid-server-configuration-port
- disfluid-server-configuration-extra-options)
+ disfluid-issuer-configuration-extra-options)
(define configuration->shepherd-service
(match-lambda
- ((id . ($ <disfluid-issuer-configuration>
- disfluid ccs issuer key-file subject encrypted-password-file jwks-uri
- authorization-endpoint-uri token-endpoint-uri port extra-options))
- `(,(shepherd-service
- (provision (list (string->symbol (format #f "disfluid-~a" id))))
- (documentation (format #f "Run a Solid identity provider (~a)" id))
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid")
- (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
- (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid")
- "identity-provider"
- "-S" #$ccs
- "-n" #$issuer
- "-k" #$key-file
- "-s" #$subject
- "-W" #$encrypted-password-file
- "-j" #$jwks-uri
- "-a" #$authorization-endpoint-uri
- "-t" #$token-endpoint-uri
- "-p" (with-output-to-string (lambda () (display #$port)))
- "-l" #$(format #f "issuer-~a.log" id)
- "-e" #$(format #f "issuer-~a.err" id)
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
- #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id))))))
- (stop #~(make-kill-destructor)))))
- ((id . ($ <disfluid-reverse-proxy-configuration>
- disfluid ccs port inbound-uri outbound-uri header extra-options))
+ (($ <disfluid-configuration>
+ disfluid ccs configuration port extra-options)
`(,(shepherd-service
- (provision (list (string->symbol (format #f "disfluid-~a" id))))
- (documentation (format #f "Run a Solid reverse proxy (~a)" id))
+ (provision (list 'disfluid))
+ (documentation (format #f "Run disfluid"))
(requirement '(user-processes))
(modules '((gnu build shepherd)
(gnu system file-systems)))
(start
(with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid")
- (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
- (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid")
- "reverse-proxy"
- "-S" #$ccs
- "-p" (with-output-to-string (lambda () (display #$port)))
- "-n" #$inbound-uri
- "-b" #$outbound-uri
- "-H" #$header
- "-l" #$(format #f "reverse-proxy-~a.log" id)
- "-e" #$(format #f "reverse-proxy-~a.err" id)
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
- #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id))))))
- (stop #~(make-kill-destructor)))))
- ((id . ($ <disfluid-hello-configuration>
- disfluid ccs port extra-options))
- `(,(shepherd-service
- (provision (list (string->symbol (format #f "disfluid-~a" id))))
- (documentation (format #f "Run a demonstration Solid server (~a)" id))
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid")
- (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
- (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid-hello")
- "-S" #$ccs
- "-p" (with-output-to-string (lambda () (display #$port)))
- "-l" #$(format #f "hello-~a.log" id)
- "-e" #$(format #f "hello-~a.err" id)
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
- #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id))))))
- (stop #~(make-kill-destructor)))))
- ((id . ($ <disfluid-client-service-configuration>
- disfluid ccs client-id redirect-uri client-name client-uri port
- extra-options))
- `(,(shepherd-service
- (provision (list (string->symbol (format #f "disfluid-~a" id))))
- (documentation (format #f "Serve the public page for an application (~a)" id))
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid")
- (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
- (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid")
- "client-service"
- "-S" #$ccs
- "-c" #$client-id
- "-r" #$redirect-uri
- "-C" #$client-name
- "-u" #$client-uri
- "-p" (with-output-to-string (lambda () (display #$port)))
- "-l" #$(format #f "client-service-~a.log" id)
- "-e" #$(format #f "client-service-~a.err" id)
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
- #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id))))))
- (stop #~(make-kill-destructor)))))
- ((id . ($ <disfluid-server-configuration>
- disfluid ccs server-name key-file subject encrypted-password-file jwks-uri
- authorization-endpoint-uri token-endpoint-uri port
- extra-options))
- `(,(shepherd-service
- (provision (list (string->symbol (format #f "disfluid-~a" id))))
- (documentation (format #f "Run a full server (~a)" id))
- (requirement '(user-processes))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start
- (with-imported-modules
- (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
- #~(begin
- (let* ((user (getpwnam "disfluid"))
- (prepare-directory
- (lambda (dir)
- (mkdir-p dir)
- (chown dir (passwd:uid user) (passwd:gid user))
- (chmod dir #o700))))
- (prepare-directory "/var/log/disfluid")
- (prepare-directory #$(format #f "/var/lib/disfluid/~a" id))
- (prepare-directory #$(format #f "/var/cache/disfluid/~a" id)))
- (make-forkexec-constructor
- (list
- (string-append #$disfluid "/bin/disfluid")
- "server"
- "-S" #$ccs
- "-n" #$server-name
- "-k" #$key-file
- "-s" #$subject
- "-W" #$encrypted-password-file
- "-j" #$jwks-uri
- "-a" #$authorization-endpoint-uri
- "-t" #$token-endpoint-uri
- "-p" (with-output-to-string (lambda () (display #$port)))
- "-l" #$(format #f "server-~a.log" id)
- "-e" #$(format #f "server-~a.err" id)
- #$@extra-options)
- #:user "disfluid"
- #:group "disfluid"
- #:directory "/var/log/disfluid"
- #:environment-variables
- '(#$(format #f "XDG_DATA_HOME=/var/lib/disfluid/~a" id)
- #$(format #f "XDG_CACHE_HOME=/var/cache/disfluid/~a" id))))))
- (stop #~(make-kill-destructor)))))
- ((items ...)
- (apply append (map configuration->shepherd-service items)))))
+ (source-module-closure
+ '((gnu build shepherd)
+ (gnu system file-systems)))
+ #~(begin
+ (let* ((user (getpwnam "disfluid"))
+ (prepare-directory
+ (lambda (dir)
+ (mkdir-p dir)
+ (chown dir (passwd:uid user) (passwd:gid user))
+ (chmod dir #o700))))
+ (prepare-directory "/var/log/disfluid")
+ (prepare-directory "/var/lib/disfluid")
+ (prepare-directory "/var/cache/disfluid"))
+ (make-forkexec-constructor
+ (list
+ (string-append #$disfluid "/bin/disfluid")
+ "-S" #$ccs
+ "-c" #$configuration
+ "-p" (with-output-to-string (lambda () (display #$port)))
+ "-l" "server.log"
+ "-e" "server.err"
+ #$@extra-options)
+ #:user "disfluid"
+ #:group "disfluid"
+ #:directory "/var/log/disfluid"
+ #:environment-variables
+ '("XDG_DATA_HOME=/var/lib/disfluid"
+ "XDG_CACHE_HOME=/var/cache/disfluid")))))
+ (stop #~(make-kill-destructor)))))))
(define %disfluid-accounts
(list (user-group (name "disfluid")
@@ -418,48 +107,15 @@
(define configuration->log-rotation
(match-lambda
- ((id . ($ <disfluid-issuer-configuration>))
- `(,(log-rotation
- (frequency 'daily)
- (files
- (map (lambda (ext)
- (format #f "/var/log/disfluid/issuer-~a.~a" id ext))
- '("log err")))
- (options '("sharedscripts" "storedir /var/log/disfluid")))))
- ((id . ($ <disfluid-reverse-proxy-configuration>))
- `(,(log-rotation
- (frequency 'daily)
- (files
- (map (lambda (ext)
- (format #f "/var/log/disfluid/reverse-proxy-~a.~a" id ext))
- '("log err")))
- (options '("sharedscripts" "storedir /var/log/disfluid")))))
- ((id . ($ <disfluid-hello-configuration>))
- `(,(log-rotation
- (frequency 'daily)
- (files
- (map (lambda (ext)
- (format #f "/var/log/disfluid/hello-~a.~a" id ext))
- '("log err")))
- (options '("sharedscripts" "storedir /var/log/disfluid")))))
- ((id . ($ <disfluid-client-service-configuration>))
- `(,(log-rotation
- (frequency 'daily)
- (files
- (map (lambda (ext)
- (format #f "/var/log/disfluid/client-service-~a.~a" id ext))
- '("log err")))
- (options '("sharedscripts" "storedir /var/log/disfluid")))))
- ((id . ($ <disfluid-server-configuration>))
+ (($ <disfluid-configuration>
+ disfluid ccs configuration port extra-options)
`(,(log-rotation
(frequency 'daily)
(files
(map (lambda (ext)
- (format #f "/var/log/disfluid/server-~a.~a" id ext))
+ (format #f "/var/log/disfluid/server.~a" ext))
'("log err")))
- (options '("sharedscripts" "storedir /var/log/disfluid")))))
- ((items ...)
- (apply append (map configuration->log-rotation items)))))
+ (options '("sharedscripts" "storedir /var/log/disfluid")))))))
(define-public disfluid-service-type
(service-type
diff --git a/guix/vkraus/systems/test.scm b/guix/vkraus/systems/test.scm
index 1bfc2b8..128ffee 100644
--- a/guix/vkraus/systems/test.scm
+++ b/guix/vkraus/systems/test.scm
@@ -21,12 +21,95 @@
#:use-module (vkraus packages disfluid)
#:use-module (vkraus services disfluid))
+(define full-configuration
+ `((use-modules (webid-oidc server endpoint)
+ (webid-oidc server endpoint resource-server)
+ (webid-oidc server endpoint identity-provider)
+ (webid-oidc server endpoint client)
+ (webid-oidc oidc-configuration)
+ (oop goops))
+ (make <router>
+ #:routed
+ (list
+ (make <identity-provider>
+ #:host "alice.localhost"
+ #:oidc-discovery
+ (make <oidc-discovery>
+ #:path "/.well-known/openid-configuration"
+ #:configuration
+ (make <oidc-configuration>
+ #:jwks-uri "http://alice.localhost/keys"
+ #:authorization-endpoint "http://alice.localhost/authorize"
+ #:token-endpoint "http://alice.localhost/token"))
+ #:authorization-endpoint
+ (make <authorization-endpoint>
+ #:path "/authorize"
+ #:subject "http://alice.localhost/profile/card#me"
+ #:encrypted-password ,(crypt "alice" "$6$.salt.for.Alice.")
+ #:key-file "/var/lib/disfluid/alice/key.jwk")
+ #:token-endpoint
+ (make <token-endpoint>
+ #:path "/token"
+ #:issuer "http://alice.localhost"
+ #:key-file "/var/lib/disfluid/alice/key.jwk")
+ #:jwks-endpoint
+ (make <jwks-endpoint>
+ #:path "/keys"
+ #:key-file "/var/lib/disfluid/alice/key.jwk")
+ #:default
+ (make <authenticator>
+ #:backend
+ (make <resource-server>
+ #:server-name "http://alice.localhost"
+ #:owner "http://alice.localhost/profile/card#me")
+ #:server-uri "http://alice.localhost"))
+ (make <identity-provider>
+ #:host "bob.localhost"
+ #:oidc-discovery
+ (make <oidc-discovery>
+ #:path "/.well-known/openid-configuration"
+ #:configuration
+ (make <oidc-configuration>
+ #:jwks-uri "http://bob.localhost/keys"
+ #:authorization-endpoint "http://bob.localhost/authorize"
+ #:token-endpoint "http://bob.localhost/token"))
+ #:authorization-endpoint
+ (make <authorization-endpoint>
+ #:path "/authorize"
+ #:subject "http://bob.localhost/profile/card#me"
+ #:encrypted-password ,(crypt "bob" "$6$And.salt.for.Bob")
+ #:key-file "/var/lib/disfluid/bob/key.jwk")
+ #:token-endpoint
+ (make <token-endpoint>
+ #:path "/token"
+ #:issuer "http://bob.localhost"
+ #:key-file "/var/lib/disfluid/bob/key.jwk")
+ #:jwks-endpoint
+ (make <jwks-endpoint>
+ #:path "/keys"
+ #:key-file "/var/lib/disfluid/bob/key.jwk")
+ #:default
+ (make <authenticator>
+ #:backend
+ (make <resource-server>
+ #:server-name "http://bob.localhost"
+ #:owner "http://bob.localhost/profile/card#me")
+ #:server-uri "http://bob.localhost"))
+ (make <client-id>
+ #:host "client.localhost"
+ #:client-id "https://client.localhost/id"
+ #:redirect-uris '("https://client.localhost/authorized")
+ #:client-name "Local Client Application"
+ #:client-uri "https://client.localhost/about"
+ #:grant-types '(authorization_code refresh_token)
+ #:response-types '(code))))))
+
(operating-system
(host-name "disfluid-test-system")
(hosts-file
(plain-file "hosts"
- "127.0.0.1 localhost
-::1 localhost
+ "127.0.0.1 localhost alice.localhost bob.localhost
+::1 localhost alice.localhost bob.localhost
"))
(users %base-user-accounts)
(packages
@@ -37,48 +120,18 @@
(append
(list
(service disfluid-service-type
- `(("alice"
- . ,(disfluid-server-configuration
- (complete-corresponding-source "https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz")
- (server-name "http://localhost:8081")
- (subject "http://localhost:8081/alice#me")
- (encrypted-password-file
- (computed-file "alice-password"
- #~(let ((salt "$6$.salt.for.Alice.")
- (password "alice"))
- (call-with-output-file #$output
- (lambda (port)
- (format port "~a\n"
- (crypt password salt)))))))
- (key-file "/var/lib/disfluid/alice/key.jwk")
- (jwks-uri "http://localhost:8081/keys")
- (authorization-endpoint-uri "http://localhost:8081/authorize")
- (token-endpoint-uri "http://localhost:8081/token")
- (port 8081)))
- ("bob"
- . ,(disfluid-server-configuration
- (complete-corresponding-source "https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz")
- (server-name "http://localhost:8082")
- (subject "http://localhost:8082/bob#me")
- (encrypted-password-file
- (computed-file "bob-password"
- #~(let ((salt "$6$And.salt.for.Bob")
- (password "bob"))
- (call-with-output-file #$output
- (lambda (port)
- (format port "~a\n"
- (crypt password salt)))))))
- (key-file "/var/lib/disfluid/bob/key.jwk")
- (jwks-uri "http://localhost:8082/keys")
- (authorization-endpoint-uri "http://localhost:8082/authorize")
- (token-endpoint-uri "http://localhost:8082/token")
- (port 8082))))))
+ (disfluid-configuration
+ (complete-corresponding-source "http://ccs.local/disfluid.tar.gz")
+ (configuration
+ (scheme-file "disfluid-configuration.scm"
+ full-configuration))
+ (port 8080))))
%base-services))
(timezone "Europe/Paris")
(bootloader
(bootloader-configuration
(bootloader grub-efi-bootloader)
- (target "/boot/efi")))
+ (targets '("/boot/efi"))))
(mapped-devices '())
(file-systems
`(,(file-system
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 23f2693..5834688 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -27,7 +27,6 @@ src/scm/webid-oidc/ChangeLog
src/scm/webid-oidc/Makefile.am
src/scm/webid-oidc/access-token.scm
src/scm/webid-oidc/authorization-code.scm
-src/scm/webid-oidc/authorization-endpoint.scm
src/scm/webid-oidc/cache.scm
src/scm/webid-oidc/catalog.scm
src/scm/webid-oidc/client-manifest.scm
@@ -58,7 +57,6 @@ src/scm/webid-oidc/example-app.scm
src/scm/webid-oidc/fetch.scm
src/scm/webid-oidc/hello-world.scm
src/scm/webid-oidc/http-link.scm
-src/scm/webid-oidc/identity-provider.scm
src/scm/webid-oidc/jti.scm
src/scm/webid-oidc/jwk.scm
src/scm/webid-oidc/jws.scm
@@ -70,8 +68,6 @@ src/scm/webid-oidc/program.scm
src/scm/webid-oidc/provider-confirmation.scm
src/scm/webid-oidc/rdf-index.scm
src/scm/webid-oidc/refresh-token.scm
-src/scm/webid-oidc/resource-server.scm
-src/scm/webid-oidc/reverse-proxy.scm
src/scm/webid-oidc/serializable.scm
src/scm/webid-oidc/serve.scm
src/scm/webid-oidc/server/create.scm
@@ -90,7 +86,6 @@ src/scm/webid-oidc/server/update.scm
src/scm/webid-oidc/simulation.scm
src/scm/webid-oidc/stubs.scm
src/scm/webid-oidc/testing.scm
-src/scm/webid-oidc/token-endpoint.scm
src/scm/webid-oidc/web-i18n.scm
src/ui/account-widget.glade
src/ui/authorization-prompt.glade
diff --git a/po/disfluid.pot b/po/disfluid.pot
index 872407d..542e896 100644
--- a/po/disfluid.pot
+++ b/po/disfluid.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: disfluid SNAPSHOT\n"
"Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n"
-"POT-Creation-Date: 2021-10-20 18:03+0200\n"
+"POT-Creation-Date: 2021-10-20 18:13+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -276,31 +276,6 @@ msgid ""
"client-id) or (#:jwt-header and #:jwt-payload) should be passed"
msgstr ""
-#: src/scm/webid-oidc/authorization-endpoint.scm:70
-#: src/scm/webid-oidc/client.scm:193 src/scm/webid-oidc/hello-world.scm:147
-#: src/scm/webid-oidc/identity-provider.scm:120
-#: src/scm/webid-oidc/resource-server.scm:124
-#: src/scm/webid-oidc/server/endpoint/client.scm:153
-#: src/scm/webid-oidc/server/endpoint/hello.scm:63
-#: src/scm/webid-oidc/server/endpoint/identity-provider.scm:389
-#: src/scm/webid-oidc/server/endpoint/identity-provider.scm:403
-#: src/scm/webid-oidc/server/endpoint/reverse-proxy.scm:125
-#: src/scm/webid-oidc/token-endpoint.scm:68
-msgid "xml-lang|en"
-msgstr ""
-
-#: src/scm/webid-oidc/authorization-endpoint.scm:73
-msgid "<h1>The authorization request failed</h1>"
-msgstr ""
-
-#: src/scm/webid-oidc/authorization-endpoint.scm:78
-#: src/scm/webid-oidc/client.scm:201 src/scm/webid-oidc/hello-world.scm:155
-#: src/scm/webid-oidc/identity-provider.scm:128
-#: src/scm/webid-oidc/resource-server.scm:132
-#: src/scm/webid-oidc/token-endpoint.scm:76
-msgid "<p>No more information.</p>"
-msgstr ""
-
#: src/scm/webid-oidc/cache.scm:94
#, scheme-format
msgid "Dropping cache item ~a.~%"
@@ -408,14 +383,10 @@ msgstr ""
msgid "cannot serve the public manifest"
msgstr ""
-#: src/scm/webid-oidc/client.scm:137
+#: src/scm/webid-oidc/client.scm:133
msgid "accept-language-header|en-us"
msgstr ""
-#: src/scm/webid-oidc/client.scm:196
-msgid "<h1>The request failed</h1>"
-msgstr ""
-
#: src/scm/webid-oidc/client/accounts.scm:118
#, scheme-format
msgid "an authorization code is required: ~s, it can be obtained at ~s"
@@ -885,31 +856,31 @@ msgstr ""
msgid "cannot negociate a recognized RFD content type, got ~s"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:49 src/scm/webid-oidc/program.scm:240
+#: src/scm/webid-oidc/hello-world.scm:48 src/scm/webid-oidc/program.scm:239
msgid "command-line|version"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:51 src/scm/webid-oidc/program.scm:244
+#: src/scm/webid-oidc/hello-world.scm:50 src/scm/webid-oidc/program.scm:243
msgid "command-line|complete-corresponding-source"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:53 src/scm/webid-oidc/program.scm:246
+#: src/scm/webid-oidc/hello-world.scm:52 src/scm/webid-oidc/program.scm:245
msgid "command-line|help"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:55
+#: src/scm/webid-oidc/hello-world.scm:54
msgid "command-line|port"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:57 src/scm/webid-oidc/program.scm:278
+#: src/scm/webid-oidc/hello-world.scm:56 src/scm/webid-oidc/program.scm:251
msgid "command-line|log-file"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:59 src/scm/webid-oidc/program.scm:280
+#: src/scm/webid-oidc/hello-world.scm:58 src/scm/webid-oidc/program.scm:253
msgid "command-line|error-file"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:71
+#: src/scm/webid-oidc/hello-world.scm:70
#, scheme-format
msgid ""
"~a [OPTIONS]...\n"
@@ -938,24 +909,38 @@ msgid ""
" redirect the program errors to FILE.err.\n"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:104
+#: src/scm/webid-oidc/hello-world.scm:103
#, scheme-format
msgid "~a version ~a\n"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:113 src/scm/webid-oidc/program.scm:642
+#: src/scm/webid-oidc/hello-world.scm:112
msgid ""
"You are legally required to link to the complete corresponding source code.\n"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:123
+#: src/scm/webid-oidc/hello-world.scm:122
msgid "The port should be a number between 0 and 65535.\n"
msgstr ""
-#: src/scm/webid-oidc/hello-world.scm:150
+#: src/scm/webid-oidc/hello-world.scm:146 src/scm/webid-oidc/program.scm:145
+#: src/scm/webid-oidc/server/endpoint/client.scm:153
+#: src/scm/webid-oidc/server/endpoint/hello.scm:63
+#: src/scm/webid-oidc/server/endpoint/identity-provider.scm:389
+#: src/scm/webid-oidc/server/endpoint/identity-provider.scm:403
+#: src/scm/webid-oidc/server/endpoint/reverse-proxy.scm:125
+#: src/scm/webid-oidc/simulation.scm:90
+msgid "xml-lang|en"
+msgstr ""
+
+#: src/scm/webid-oidc/hello-world.scm:149
msgid "<h1>Please authenticate</h1>"
msgstr ""
+#: src/scm/webid-oidc/hello-world.scm:154
+msgid "<p>No more information.</p>"
+msgstr ""
+
#: src/scm/webid-oidc/http-link.scm:148
msgid "the #:anchor parameter should be a string or an URI reference"
msgstr ""
@@ -1000,18 +985,6 @@ msgstr ""
msgid "the #:attribute-value parameter should be a string or URI"
msgstr ""
-#: src/scm/webid-oidc/identity-provider.scm:61
-msgid "reason-phrase|Not Found"
-msgstr ""
-
-#: src/scm/webid-oidc/identity-provider.scm:64
-msgid "<p>Your request cannot be handled by the identity provider.</p>"
-msgstr ""
-
-#: src/scm/webid-oidc/identity-provider.scm:123
-msgid "<h1>The identity provider request failed</h1>"
-msgstr ""
-
#: src/scm/webid-oidc/jti.scm:59
#, scheme-format
msgid "a replay has been detected with JTI ~s"
@@ -1270,41 +1243,32 @@ msgid ""
"passed"
msgstr ""
-#: src/scm/webid-oidc/program.scm:64
+#: src/scm/webid-oidc/program.scm:65
#, scheme-format
msgid "~a: Warning: XML_CATALOG_FILES is set to ~s.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:67
+#: src/scm/webid-oidc/program.scm:68
#, scheme-format
msgid "~a: ~s ~a ~s...\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:73
+#: src/scm/webid-oidc/program.scm:74
#, scheme-format
msgid "~a: ~s ~a ~s: ~s ~a bytes\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:90
+#: src/scm/webid-oidc/program.scm:93
#, scheme-format
msgid "~a: connecting to ~s\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:135
-msgid "really bad internal server error"
+#: src/scm/webid-oidc/program.scm:147 src/scm/webid-oidc/simulation.scm:92
+msgid "An error happened…"
msgstr ""
-#: src/scm/webid-oidc/program.scm:142
-#, scheme-format
-msgid "~a: ~a: Internal server error: ~a\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:148
-msgid "Internal Server Error"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:151
-msgid "Sorry, there was an error."
+#: src/scm/webid-oidc/program.scm:150 src/scm/webid-oidc/simulation.scm:95
+msgid "<p>Sorry, an error happened.</p>"
msgstr ""
#: src/scm/webid-oidc/program.scm:172
@@ -1327,82 +1291,30 @@ msgstr ""
msgid "(there was an error: ~a)"
msgstr ""
-#: src/scm/webid-oidc/program.scm:242
+#: src/scm/webid-oidc/program.scm:241
msgid "command-line|describe-project"
msgstr ""
-#: src/scm/webid-oidc/program.scm:248
+#: src/scm/webid-oidc/program.scm:247
msgid "command-line|server|port"
msgstr ""
-#: src/scm/webid-oidc/program.scm:250
-msgid "command-line|server|server-name"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:252
-msgid "command-line|server|reverse-proxy|backend-uri"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:254
-msgid "command-line|server|reverse-proxy|header"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:256
-msgid "command-line|server|issuer|key-file"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:258
-msgid "command-line|server|issuer|subject"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:260
-msgid "command-line|server|issuer|encrypted-password"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:262
-msgid "command-line|server|issuer|encrypted-password-from-file"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:264
-msgid "command-line|server|issuer|jwks-uri"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:266
-msgid "command-line|server|issuer|authorization-endpoint-uri"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:268
-msgid "command-line|server|issuer|token-endpoint-uri"
+#: src/scm/webid-oidc/program.scm:249
+msgid "command-line|server|configuration"
msgstr ""
#: src/scm/webid-oidc/program.scm:270
-msgid "command-line|server|client-id"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:272
-msgid "command-line|server|redirect-uri"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:274
-msgid "command-line|server|client-name"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:276
-msgid "command-line|server|client-uri"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:310
#, scheme-format
-msgid "Usage: ~a COMMAND [OPTIONS]...\n"
+msgid "Usage: ~a [OPTIONS]...\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:314
+#: src/scm/webid-oidc/program.scm:274
msgid ""
"\n"
-"Run the disfluid COMMAND."
+"Run disfluid."
msgstr ""
-#: src/scm/webid-oidc/program.scm:317
+#: src/scm/webid-oidc/program.scm:277
msgid ""
"\n"
"This program is covered by the GNU Affero GPL, version 3 or\n"
@@ -1412,87 +1324,13 @@ msgid ""
"to all responses."
msgstr ""
-#: src/scm/webid-oidc/program.scm:324
-msgid ""
-"\n"
-"Available commands:"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:326
-#, scheme-format
-msgid ""
-"\n"
-" ~a:\n"
-" run an authenticating reverse proxy."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:329 src/scm/webid-oidc/program.scm:524
-#: src/scm/webid-oidc/program.scm:724
-msgid "command-line|command|reverse-proxy"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:330
-#, scheme-format
-msgid ""
-"\n"
-" ~a:\n"
-" run an identity provider."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:333 src/scm/webid-oidc/program.scm:549
-#: src/scm/webid-oidc/program.scm:745
-msgid "command-line|command|identity-provider"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:334
-#, scheme-format
-msgid ""
-"\n"
-" ~a:\n"
-" serve the pages for a public application."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:337 src/scm/webid-oidc/program.scm:570
-#: src/scm/webid-oidc/program.scm:786
-msgid "command-line|command|client-service"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:338
-#, scheme-format
-msgid ""
-"\n"
-" ~a:\n"
-" run a full server, with identity provider and resource storage\n"
-" facility."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:342 src/scm/webid-oidc/program.scm:596
-#: src/scm/webid-oidc/program.scm:815
-msgid "command-line|command|server"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:344
-msgid ""
-"\n"
-"If no command is specified, run the browser."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:347
+#: src/scm/webid-oidc/program.scm:285
msgid ""
"\n"
"General options:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:349
-#, scheme-format
-msgid ""
-"\n"
-" -S MEANS, --~a=MEANS:\n"
-" specify a way to download the complete corresponding source\n"
-" code. For instance, this would be an URI pointing to a tarball."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:354
+#: src/scm/webid-oidc/program.scm:287
#, scheme-format
msgid ""
"\n"
@@ -1500,7 +1338,7 @@ msgid ""
" display a short help message and exit."
msgstr ""
-#: src/scm/webid-oidc/program.scm:358
+#: src/scm/webid-oidc/program.scm:291
#, scheme-format
msgid ""
"\n"
@@ -1508,7 +1346,7 @@ msgid ""
" display the version information (~a, released ~a) and exit."
msgstr ""
-#: src/scm/webid-oidc/program.scm:364
+#: src/scm/webid-oidc/program.scm:297
#, scheme-format
msgid ""
"\n"
@@ -1516,7 +1354,7 @@ msgid ""
" describe the project in the DOAP vocabulary and exit."
msgstr ""
-#: src/scm/webid-oidc/program.scm:368
+#: src/scm/webid-oidc/program.scm:301
#, scheme-format
msgid ""
"\n"
@@ -1524,7 +1362,7 @@ msgid ""
" redirect the program standard output to FILE.log."
msgstr ""
-#: src/scm/webid-oidc/program.scm:372
+#: src/scm/webid-oidc/program.scm:305
#, scheme-format
msgid ""
"\n"
@@ -1532,164 +1370,45 @@ msgid ""
" redirect the program errors to FILE.err."
msgstr ""
-#: src/scm/webid-oidc/program.scm:377
-msgid ""
-"\n"
-"General server-side options:"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:379
-#, scheme-format
-msgid ""
-"\n"
-" -p PORT, --~a=PORT:\n"
-" set the server port to bind, 8080 by default."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:383
-#, scheme-format
-msgid ""
-"\n"
-" -n URI, --~a=URI:\n"
-" set the public server URI (scheme, userinfo, host, and port)."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:388
-msgid ""
-"\n"
-"Options for the resource server:"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:390
-#, scheme-format
-msgid ""
-"\n"
-" -H HEADER, --~a=HEADER:\n"
-" the HEADER field contains the webid of the authenticated user,\n"
-" XXX-Agent by default. For the full server, disable Solid-OIDC\n"
-" authentication."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:396
-#, scheme-format
-msgid ""
-"\n"
-" -b URI, --~a=URI:\n"
-" set the backend URI for the reverse proxy, only for the\n"
-" reverse-proxy command."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:402
-msgid ""
-"\n"
-"Options for the identity provider:"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:404
-#, scheme-format
-msgid ""
-"\n"
-" -k FILE, --~a=FILE.jwk:\n"
-" set the file name of the key file. If it does not exist, a new\n"
-" key is generated. The server does not offer an HTTPS service."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:409
-#, scheme-format
-msgid ""
-"\n"
-" -s WEBID, --~a=WEBID:\n"
-" set the identity of the subject."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:413
-#, scheme-format
-msgid ""
-"\n"
-" -w ENCRYPTED_PASSWORD, --~a=ENCRYPTED_PASSWORD:\n"
-" set the encrypted password to recognize the user."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:417
-#, scheme-format
-msgid ""
-"\n"
-" -W ENCRYPTED_PASSWORD_FILE, --~a=ENCRYPTED_PASSWORD_FILE:\n"
-" load the user’s encrypted password from ENCRYPTED_PASSWORD_FILE."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:421
-#, scheme-format
-msgid ""
-"\n"
-" -j URI, --~a=URI:\n"
-" set the URI to query the key of the server."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:425
-#, scheme-format
-msgid ""
-"\n"
-" -a URI, --~a=URI:\n"
-" set the authorization endpoint of the issuer."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:429
-#, scheme-format
-msgid ""
-"\n"
-" -t URI, --~a=URI:\n"
-" set the token endpoint of the issuer."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:434
-msgid ""
-"\n"
-"Options for the client service:"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:436
-#, scheme-format
+#: src/scm/webid-oidc/program.scm:310
msgid ""
"\n"
-" -c URI, --~a=URI:\n"
-" set the web identifier of the client application, which is\n"
-" dereferenced to a semantic resource."
+"Running a server:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:441
+#: src/scm/webid-oidc/program.scm:312
#, scheme-format
msgid ""
"\n"
-" -r URI, --~a=URI:\n"
-" set the redirection URI to get the authorization code back. The\n"
-" page is presented with the code to paste in the application."
+" -S MEANS, --~a=MEANS:\n"
+" specify a way to download the complete corresponding source\n"
+" code. For instance, this would be an URI pointing to a\n"
+" tarball. This option is required if a server is implemented."
msgstr ""
-#: src/scm/webid-oidc/program.scm:446
+#: src/scm/webid-oidc/program.scm:318
#, scheme-format
msgid ""
"\n"
-" -C NAME, --~a=NAME:\n"
-" set the user-visible application name (may be misleading...)."
+" -p PORT, --~a=PORT:\n"
+" set the server port to bind, 8080 by default."
msgstr ""
-#: src/scm/webid-oidc/program.scm:450
+#: src/scm/webid-oidc/program.scm:322
#, scheme-format
msgid ""
"\n"
-" -u URI, --~a=URI:\n"
-" set an URI where someone would find more information about the\n"
-" application (again, may be misleading)."
+" -c FILE, --~a=FILE:\n"
+" set up a server with configuration from FILE."
msgstr ""
-#: src/scm/webid-oidc/program.scm:456
+#: src/scm/webid-oidc/program.scm:327
msgid ""
"\n"
"Environment variables:"
msgstr ""
-#: src/scm/webid-oidc/program.scm:458
+#: src/scm/webid-oidc/program.scm:329
msgid ""
"\n"
" XML_CATALOG_FILES: the server will fetch resources on the web. By\n"
@@ -1700,23 +1419,23 @@ msgid ""
" content-type."
msgstr ""
-#: src/scm/webid-oidc/program.scm:466 src/scm/webid-oidc/program.scm:473
-#: src/scm/webid-oidc/program.scm:482 src/scm/webid-oidc/program.scm:490
-#: src/scm/webid-oidc/program.scm:498
+#: src/scm/webid-oidc/program.scm:337 src/scm/webid-oidc/program.scm:344
+#: src/scm/webid-oidc/program.scm:353 src/scm/webid-oidc/program.scm:361
+#: src/scm/webid-oidc/program.scm:369
#, scheme-format
msgid ""
"the-environment-variable|\n"
" It is currently set to ~s."
msgstr ""
-#: src/scm/webid-oidc/program.scm:469
+#: src/scm/webid-oidc/program.scm:340
msgid ""
"\n"
" LANG: set the locale of the user interface (for the server commands,\n"
" the user is the system administrator)."
msgstr ""
-#: src/scm/webid-oidc/program.scm:476
+#: src/scm/webid-oidc/program.scm:347
msgid ""
"\n"
" XDG_DATA_HOME: where the program stores persistent data. The\n"
@@ -1725,7 +1444,7 @@ msgid ""
" recommended to set it to /var/lib."
msgstr ""
-#: src/scm/webid-oidc/program.scm:485
+#: src/scm/webid-oidc/program.scm:356
msgid ""
"\n"
" XDG_CACHE_HOME: where the program stores and updates the seed file,\n"
@@ -1733,7 +1452,7 @@ msgid ""
" time. The seed file will be initialized from /dev/random."
msgstr ""
-#: src/scm/webid-oidc/program.scm:493
+#: src/scm/webid-oidc/program.scm:364
msgid ""
"\n"
" HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n"
@@ -1741,141 +1460,14 @@ msgid ""
" not used otherwise."
msgstr ""
-#: src/scm/webid-oidc/program.scm:502
-msgid ""
-"\n"
-"Running a reverse proxy"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:504
-msgid ""
-"\n"
-"Suppose that you operate data.provider.com. You want to run an\n"
-"authenticating reverse proxy, that will receive incoming requests\n"
-"through http://localhost:8080, and forward them to\n"
-"https://private.data.provider.com. The backend will look for the\n"
-"XXX-Agent header, and if it is found, then its value will be\n"
-"considered the webid of the authenticated\n"
-"user. https://private.data.provider.com should only accept requests\n"
-"from this reverse proxy."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:514
-#, scheme-format
-msgid ""
-"\n"
-" ~a ~a \\\n"
-" --~a 'https://data.provider.com/server-source-code.tar.gz' \\\n"
-" --~a 8080 \\\n"
-" --~a 'https://data.provider.com' \\\n"
-" --~a 'https://private.data.provider.com' \\\n"
-" --~a 'XXX-Agent' \\\n"
-" --~a '/var/log/proxy.log' \\\n"
-" --~a '/var/log/proxy.err'"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:529
-msgid ""
-"\n"
-"Running an identity provider"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:531
-msgid ""
-"\n"
-"The identity provider running at webid-oidc-demo.planete-kraus.eu is\n"
-"invoked with the following options:"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:535
-#, scheme-format
-msgid ""
-"\n"
-" export XDG_DATA_HOME=/var/lib\n"
-" export XDG_CACHE_HOME=/var/cache\n"
-" ~a ~a \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
-"source.tar.gz' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n"
-" --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n"
-" --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n"
-" --~a $PORT"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:555
-msgid ""
-"\n"
-"Running the public pages for an application"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:557
-msgid ""
-"\n"
-"The example client application pages for\n"
-"webid-oidc-demo.planete-kraus.eu are served this way:"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:561
-#, scheme-format
-msgid ""
-"\n"
-" ~a ~a \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
-"source.tar.gz' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/example-application#id' "
-"\\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorized' \\\n"
-" --~a 'Example Solid Application' \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/Running-a-client."
-"html#Running-a-client' \\\n"
-" --~a $PORT"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:575
-msgid ""
-"\n"
-"Running a full server"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:578
-msgid ""
-"\n"
-"To run the server with identity provider and\n"
-"resource server for one particular user, you need to combine the\n"
-"options for the parts."
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:582
-#, scheme-format
-msgid ""
-"\n"
-" export XDG_DATA_HOME=/var/lib\n"
-" export XDG_CACHE_HOME=/var/cache\n"
-" ~a ~a \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
-"source.tar.gz' \\\n"
-" --~a 'https://data.planete-kraus.eu' \\\n"
-" --~a '/var/lib/disfluid/server/key.jwk' \\\n"
-" --~a 'https://data.planete-kraus.eu/vivien#me' \\\n"
-" --~a '/etc/disfluid/data.planete-kraus.eu/password' \\\n"
-" --~a 'https://data.planete-kraus.eu/keys' \\\n"
-" --~a 'https://data.planete-kraus.eu/authorize' \\\n"
-" --~a 'https://data.planete-kraus.eu/token' \\\n"
-" --~a '...port...'"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:607
+#: src/scm/webid-oidc/program.scm:374
#, scheme-format
msgid ""
"\n"
"If you find a bug, then please send a report to ~a."
msgstr ""
-#: src/scm/webid-oidc/program.scm:612
+#: src/scm/webid-oidc/program.scm:379
#, scheme-format
msgid ""
"~a version ~a\n"
@@ -1883,103 +1475,29 @@ msgid ""
"Rreleased ~a\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:649
+#: src/scm/webid-oidc/program.scm:414
#, scheme-format
msgid "The --~a argument must be a number, not ~s.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:655
+#: src/scm/webid-oidc/program.scm:420
#, scheme-format
msgid "The --~a argument must be an integer, not ~s.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:661
+#: src/scm/webid-oidc/program.scm:426
#, scheme-format
msgid "The --~a argument must be positive, ~s is invalid.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:666
+#: src/scm/webid-oidc/program.scm:431
#, scheme-format
msgid "The --~a argument must be less than 65536, ~s is invalid.\n"
msgstr ""
-#: src/scm/webid-oidc/program.scm:694
-msgid ""
-"You specified two different passwords: one directly, and one from a file. "
-"Please set only one password.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:727 src/scm/webid-oidc/program.scm:748
-#: src/scm/webid-oidc/program.scm:817
-#, scheme-format
-msgid "You must pass --~a to set the server name.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:731
-#, scheme-format
-msgid "You must pass --~a to set the backend URI.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:752 src/scm/webid-oidc/program.scm:821
-#, scheme-format
-msgid ""
-"You must pass --~a to set the file where to store the identity provider "
-"key.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:756 src/scm/webid-oidc/program.scm:825
-#, scheme-format
-msgid "You must pass --~a to set the subject of the identity provider.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:760
-#, scheme-format
-msgid "You must pass --~a or --~a to set the subject’s encrypted password.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:764 src/scm/webid-oidc/program.scm:833
-#, scheme-format
-msgid "You must pass --~a to set the JWKS URI.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:768 src/scm/webid-oidc/program.scm:837
+#: src/scm/webid-oidc/program.scm:443
#, scheme-format
-msgid "You must pass --~a to set the authorization endpoint URI.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:772 src/scm/webid-oidc/program.scm:841
-#, scheme-format
-msgid "You must pass --~a to set the token endpoint URI.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:789
-#, scheme-format
-msgid "You must pass --~a to set the application web ID.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:793
-#, scheme-format
-msgid "You must pass --~a to set the redirection URI.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:797
-#, scheme-format
-msgid "You must pass --~a to set the informative client name.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:801
-#, scheme-format
-msgid "You must pass --~a to set the informative client URI.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:829
-#, scheme-format
-msgid "You must pass --~a to set the subject’s encrypted password.\n"
-msgstr ""
-
-#: src/scm/webid-oidc/program.scm:881
-#, scheme-format
-msgid "Unknown command ~s\n"
+msgid "--~a is required when running a server.\n"
msgstr ""
#: src/scm/webid-oidc/refresh-token.scm:171
@@ -1991,24 +1509,6 @@ msgstr ""
msgid "the refresh token is bound to key ~s, which is not that one"
msgstr ""
-#: src/scm/webid-oidc/resource-server.scm:75
-msgid ""
-"You need to pass #:server-uri URI where URI is the public URI of the server, "
-"as a (web uri)."
-msgstr ""
-
-#: src/scm/webid-oidc/resource-server.scm:97
-msgid "The owner is not defined."
-msgstr ""
-
-#: src/scm/webid-oidc/resource-server.scm:127
-msgid "<h1>The resource server request failed</h1>"
-msgstr ""
-
-#: src/scm/webid-oidc/reverse-proxy.scm:60
-msgid "#:endpoint argument is not present or not an URI."
-msgstr ""
-
#: src/scm/webid-oidc/serializable.scm:58
msgid "a plugin class should have an explicit #:name and #:module-name"
msgstr ""
@@ -2439,7 +1939,7 @@ msgstr ""
msgid "the auxiliary resource of type ~s at ~s is absent"
msgstr ""
-#: src/scm/webid-oidc/simulation.scm:130
+#: src/scm/webid-oidc/simulation.scm:135
#, scheme-format
msgid "invalid credentials: response ~s ~s"
msgstr ""
@@ -2487,10 +1987,6 @@ msgstr ""
msgid "an error happened while updating file ~s"
msgstr ""
-#: src/scm/webid-oidc/token-endpoint.scm:71
-msgid "<h1>The token request failed</h1>"
-msgstr ""
-
#: src/ui/account-widget.glade:19
msgid "Identity:"
msgstr ""
diff --git a/po/fr.po b/po/fr.po
index 9a18f8a..72f16a4 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2,8 +2,8 @@ msgid ""
msgstr ""
"Project-Id-Version: webid-oidc 0.0.0\n"
"Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n"
-"POT-Creation-Date: 2021-10-20 18:03+0200\n"
-"PO-Revision-Date: 2021-10-19 11:36+0200\n"
+"POT-Creation-Date: 2021-10-20 18:13+0200\n"
+"PO-Revision-Date: 2021-10-20 18:19+0200\n"
"Last-Translator: Vivien Kraus <vivien@planete-kraus.eu>\n"
"Language-Team: French <vivien@planete-kraus.eu>\n"
"Language: fr\n"
@@ -307,31 +307,6 @@ msgstr ""
"lors de la création d’un code d’autorisation, il faut soit passer les champs "
"requis (#:webid et #:client-id), soit (#:jwt-header et #:jwt-payload)"
-#: src/scm/webid-oidc/authorization-endpoint.scm:70
-#: src/scm/webid-oidc/client.scm:193 src/scm/webid-oidc/hello-world.scm:147
-#: src/scm/webid-oidc/identity-provider.scm:120
-#: src/scm/webid-oidc/resource-server.scm:124
-#: src/scm/webid-oidc/server/endpoint/client.scm:153
-#: src/scm/webid-oidc/server/endpoint/hello.scm:63
-#: src/scm/webid-oidc/server/endpoint/identity-provider.scm:389
-#: src/scm/webid-oidc/server/endpoint/identity-provider.scm:403
-#: src/scm/webid-oidc/server/endpoint/reverse-proxy.scm:125
-#: src/scm/webid-oidc/token-endpoint.scm:68
-msgid "xml-lang|en"
-msgstr "fr"
-
-#: src/scm/webid-oidc/authorization-endpoint.scm:73
-msgid "<h1>The authorization request failed</h1>"
-msgstr "<h1>La requête d’autorisation a échoué</h1>"
-
-#: src/scm/webid-oidc/authorization-endpoint.scm:78
-#: src/scm/webid-oidc/client.scm:201 src/scm/webid-oidc/hello-world.scm:155
-#: src/scm/webid-oidc/identity-provider.scm:128
-#: src/scm/webid-oidc/resource-server.scm:132
-#: src/scm/webid-oidc/token-endpoint.scm:76
-msgid "<p>No more information.</p>"
-msgstr "<p>Pas plus d’information.</p>"
-
#: src/scm/webid-oidc/cache.scm:94
#, scheme-format
msgid "Dropping cache item ~a.~%"
@@ -448,14 +423,10 @@ msgstr ""
msgid "cannot serve the public manifest"
msgstr "impossible de servir le manifeste public"
-#: src/scm/webid-oidc/client.scm:137
+#: src/scm/webid-oidc/client.scm:133
msgid "accept-language-header|en-us"
msgstr "fr-fr"
-#: src/scm/webid-oidc/client.scm:196
-msgid "<h1>The request failed</h1>"
-msgstr "<h1>La requête a échoué</h1>"
-
#: src/scm/webid-oidc/client/accounts.scm:118
#, scheme-format
msgid "an authorization code is required: ~s, it can be obtained at ~s"
@@ -970,31 +941,31 @@ msgstr "la requête a échoué de façon inattendue avec ~s ~s"
msgid "cannot negociate a recognized RFD content type, got ~s"
msgstr "impossible de négocier un type de contenu RDF reconnu, ayant obtenu ~s"
-#: src/scm/webid-oidc/hello-world.scm:49 src/scm/webid-oidc/program.scm:240
+#: src/scm/webid-oidc/hello-world.scm:48 src/scm/webid-oidc/program.scm:239
msgid "command-line|version"
msgstr "version"
-#: src/scm/webid-oidc/hello-world.scm:51 src/scm/webid-oidc/program.scm:244
+#: src/scm/webid-oidc/hello-world.scm:50 src/scm/webid-oidc/program.scm:243
msgid "command-line|complete-corresponding-source"
msgstr "code-source-correspondant-complet"
-#: src/scm/webid-oidc/hello-world.scm:53 src/scm/webid-oidc/program.scm:246
+#: src/scm/webid-oidc/hello-world.scm:52 src/scm/webid-oidc/program.scm:245
msgid "command-line|help"
msgstr "aide"
-#: src/scm/webid-oidc/hello-world.scm:55
+#: src/scm/webid-oidc/hello-world.scm:54
msgid "command-line|port"
msgstr "port"
-#: src/scm/webid-oidc/hello-world.scm:57 src/scm/webid-oidc/program.scm:278
+#: src/scm/webid-oidc/hello-world.scm:56 src/scm/webid-oidc/program.scm:251
msgid "command-line|log-file"
msgstr "fichier-journal"
-#: src/scm/webid-oidc/hello-world.scm:59 src/scm/webid-oidc/program.scm:280
+#: src/scm/webid-oidc/hello-world.scm:58 src/scm/webid-oidc/program.scm:253
msgid "command-line|error-file"
msgstr "fichier-erreur"
-#: src/scm/webid-oidc/hello-world.scm:71
+#: src/scm/webid-oidc/hello-world.scm:70
#, scheme-format
msgid ""
"~a [OPTIONS]...\n"
@@ -1048,26 +1019,40 @@ msgstr ""
" -e FICHIER.err, --~a=FICHIER.err :\n"
" redirige la sortie d’erreur du programme vers ce fichier.\n"
-#: src/scm/webid-oidc/hello-world.scm:104
+#: src/scm/webid-oidc/hello-world.scm:103
#, scheme-format
msgid "~a version ~a\n"
msgstr "~a version ~a\n"
-#: src/scm/webid-oidc/hello-world.scm:113 src/scm/webid-oidc/program.scm:642
+#: src/scm/webid-oidc/hello-world.scm:112
msgid ""
"You are legally required to link to the complete corresponding source code.\n"
msgstr ""
"Vous êtes légalement tenu de fournir un lien vers le code source "
"correspondant.\n"
-#: src/scm/webid-oidc/hello-world.scm:123
+#: src/scm/webid-oidc/hello-world.scm:122
msgid "The port should be a number between 0 and 65535.\n"
msgstr "Le port doit être un nombre entre 0 et 65535.\n"
-#: src/scm/webid-oidc/hello-world.scm:150
+#: src/scm/webid-oidc/hello-world.scm:146 src/scm/webid-oidc/program.scm:145
+#: src/scm/webid-oidc/server/endpoint/client.scm:153
+#: src/scm/webid-oidc/server/endpoint/hello.scm:63
+#: src/scm/webid-oidc/server/endpoint/identity-provider.scm:389
+#: src/scm/webid-oidc/server/endpoint/identity-provider.scm:403
+#: src/scm/webid-oidc/server/endpoint/reverse-proxy.scm:125
+#: src/scm/webid-oidc/simulation.scm:90
+msgid "xml-lang|en"
+msgstr "fr"
+
+#: src/scm/webid-oidc/hello-world.scm:149
msgid "<h1>Please authenticate</h1>"
msgstr "<h1>Veuillez vous authentifier</h1>"
+#: src/scm/webid-oidc/hello-world.scm:154
+msgid "<p>No more information.</p>"
+msgstr "<p>Pas plus d’information.</p>"
+
#: src/scm/webid-oidc/http-link.scm:148
msgid "the #:anchor parameter should be a string or an URI reference"
msgstr ""
@@ -1116,19 +1101,6 @@ msgid "the #:attribute-value parameter should be a string or URI"
msgstr ""
"le paramètre #:attribute-value doit être une chaîne de caractères ou une URI"
-#: src/scm/webid-oidc/identity-provider.scm:61
-msgid "reason-phrase|Not Found"
-msgstr "Non Trouvé"
-
-#: src/scm/webid-oidc/identity-provider.scm:64
-msgid "<p>Your request cannot be handled by the identity provider.</p>"
-msgstr ""
-"<p>Votre requête n’a pas pu être traitée par le fournisseur d’identité.</p>"
-
-#: src/scm/webid-oidc/identity-provider.scm:123
-msgid "<h1>The identity provider request failed</h1>"
-msgstr "<h1>La requête du fournisseur d’identité a échoué</h1>"
-
#: src/scm/webid-oidc/jti.scm:59
#, scheme-format
msgid "a replay has been detected with JTI ~s"
@@ -1414,42 +1386,33 @@ msgstr ""
"requis (#:alg, #:webid, #:iss, #:sub, #:aud, #:iat et #:exp) soit (#:jwt-"
"header et #:jwt-payload)"
-#: src/scm/webid-oidc/program.scm:64
+#: src/scm/webid-oidc/program.scm:65
#, scheme-format
msgid "~a: Warning: XML_CATALOG_FILES is set to ~s.\n"
msgstr "~a : Attention : XML_CATALOG_FILES vaut ~s.\n"
-#: src/scm/webid-oidc/program.scm:67
+#: src/scm/webid-oidc/program.scm:68
#, scheme-format
msgid "~a: ~s ~a ~s...\n"
msgstr "~a : ~s ~a ~s…\n"
-#: src/scm/webid-oidc/program.scm:73
+#: src/scm/webid-oidc/program.scm:74
#, scheme-format
msgid "~a: ~s ~a ~s: ~s ~a bytes\n"
msgstr "~a : ~s ~a ~s : ~s ~a octets\n"
-#: src/scm/webid-oidc/program.scm:90
+#: src/scm/webid-oidc/program.scm:93
#, scheme-format
msgid "~a: connecting to ~s\n"
msgstr "~a : connexion à ~s\n"
-#: src/scm/webid-oidc/program.scm:135
-msgid "really bad internal server error"
-msgstr "erreur interne du serveur vraiment grave"
-
-#: src/scm/webid-oidc/program.scm:142
-#, scheme-format
-msgid "~a: ~a: Internal server error: ~a\n"
-msgstr "~a : ~a : Erreur interne du serveur : ~a\n"
+#: src/scm/webid-oidc/program.scm:147 src/scm/webid-oidc/simulation.scm:92
+msgid "An error happened…"
+msgstr "Une erreur est survenue…"
-#: src/scm/webid-oidc/program.scm:148
-msgid "Internal Server Error"
-msgstr "Erreur Interne du Serveur"
-
-#: src/scm/webid-oidc/program.scm:151
-msgid "Sorry, there was an error."
-msgstr "Toutes nos excuses, il y a eu une erreurr."
+#: src/scm/webid-oidc/program.scm:150 src/scm/webid-oidc/simulation.scm:95
+msgid "<p>Sorry, an error happened.</p>"
+msgstr "<p>Désolé, une erreur est survenue.</p>"
#: src/scm/webid-oidc/program.scm:172
#, scheme-format
@@ -1471,84 +1434,32 @@ msgstr "~a : ~a"
msgid "(there was an error: ~a)"
msgstr "(il y a eu une erreur : ~a)"
-#: src/scm/webid-oidc/program.scm:242
+#: src/scm/webid-oidc/program.scm:241
msgid "command-line|describe-project"
msgstr "décrire-projet"
-#: src/scm/webid-oidc/program.scm:248
+#: src/scm/webid-oidc/program.scm:247
msgid "command-line|server|port"
msgstr "port"
-#: src/scm/webid-oidc/program.scm:250
-msgid "command-line|server|server-name"
-msgstr "nom-du-serveur"
-
-#: src/scm/webid-oidc/program.scm:252
-msgid "command-line|server|reverse-proxy|backend-uri"
-msgstr "uri-arrière-plan"
-
-#: src/scm/webid-oidc/program.scm:254
-msgid "command-line|server|reverse-proxy|header"
-msgstr "en-tête"
-
-#: src/scm/webid-oidc/program.scm:256
-msgid "command-line|server|issuer|key-file"
-msgstr "fichier-clé"
-
-#: src/scm/webid-oidc/program.scm:258
-msgid "command-line|server|issuer|subject"
-msgstr "sujet"
-
-#: src/scm/webid-oidc/program.scm:260
-msgid "command-line|server|issuer|encrypted-password"
-msgstr "mot-de-passe-chiffré"
-
-#: src/scm/webid-oidc/program.scm:262
-msgid "command-line|server|issuer|encrypted-password-from-file"
-msgstr "fichier-de-mot-de-passe-chiffré"
-
-#: src/scm/webid-oidc/program.scm:264
-msgid "command-line|server|issuer|jwks-uri"
-msgstr "uri-jwks"
-
-#: src/scm/webid-oidc/program.scm:266
-msgid "command-line|server|issuer|authorization-endpoint-uri"
-msgstr "uri-terminal-autorisation"
-
-#: src/scm/webid-oidc/program.scm:268
-msgid "command-line|server|issuer|token-endpoint-uri"
-msgstr "uri-terminal-jeton"
+#: src/scm/webid-oidc/program.scm:249
+msgid "command-line|server|configuration"
+msgstr "configuration"
#: src/scm/webid-oidc/program.scm:270
-msgid "command-line|server|client-id"
-msgstr "id-client"
-
-#: src/scm/webid-oidc/program.scm:272
-msgid "command-line|server|redirect-uri"
-msgstr "uri-redirection"
-
-#: src/scm/webid-oidc/program.scm:274
-msgid "command-line|server|client-name"
-msgstr "nom-client"
-
-#: src/scm/webid-oidc/program.scm:276
-msgid "command-line|server|client-uri"
-msgstr "uri-client"
-
-#: src/scm/webid-oidc/program.scm:310
#, scheme-format
-msgid "Usage: ~a COMMAND [OPTIONS]...\n"
-msgstr "Utilisation : ~a COMMANDE [OPTIONS]...\n"
+msgid "Usage: ~a [OPTIONS]...\n"
+msgstr "Utilisation : ~a [OPTIONS]...\n"
-#: src/scm/webid-oidc/program.scm:314
+#: src/scm/webid-oidc/program.scm:274
msgid ""
"\n"
-"Run the disfluid COMMAND."
+"Run disfluid."
msgstr ""
"\n"
-"Exécute la COMMANDE disfluid."
+"Exécute disfluid."
-#: src/scm/webid-oidc/program.scm:317
+#: src/scm/webid-oidc/program.scm:277
msgid ""
"\n"
"This program is covered by the GNU Affero GPL, version 3 or\n"
@@ -1564,89 +1475,7 @@ msgstr ""
"code source complet correspondant (avec vos modifications) sans\n"
"frais. Le serveur ajoute un en-tête « Source: » à toutes les réponses."
-#: src/scm/webid-oidc/program.scm:324
-msgid ""
-"\n"
-"Available commands:"
-msgstr ""
-"\n"
-"Commandes disponibles :"
-
-#: src/scm/webid-oidc/program.scm:326
-#, scheme-format
-msgid ""
-"\n"
-" ~a:\n"
-" run an authenticating reverse proxy."
-msgstr ""
-"\n"
-" ~a :\n"
-" exécute le proxy inverse authentifiant."
-
-#: src/scm/webid-oidc/program.scm:329 src/scm/webid-oidc/program.scm:524
-#: src/scm/webid-oidc/program.scm:724
-msgid "command-line|command|reverse-proxy"
-msgstr "proxy-inversé"
-
-#: src/scm/webid-oidc/program.scm:330
-#, scheme-format
-msgid ""
-"\n"
-" ~a:\n"
-" run an identity provider."
-msgstr ""
-"\n"
-" ~a :\n"
-" exécute un fournisseur d’identité."
-
-#: src/scm/webid-oidc/program.scm:333 src/scm/webid-oidc/program.scm:549
-#: src/scm/webid-oidc/program.scm:745
-msgid "command-line|command|identity-provider"
-msgstr "fournisseur-identité"
-
-#: src/scm/webid-oidc/program.scm:334
-#, scheme-format
-msgid ""
-"\n"
-" ~a:\n"
-" serve the pages for a public application."
-msgstr ""
-"\n"
-" ~a :\n"
-" sert les pages d’une application publique."
-
-#: src/scm/webid-oidc/program.scm:337 src/scm/webid-oidc/program.scm:570
-#: src/scm/webid-oidc/program.scm:786
-msgid "command-line|command|client-service"
-msgstr "service-client"
-
-#: src/scm/webid-oidc/program.scm:338
-#, scheme-format
-msgid ""
-"\n"
-" ~a:\n"
-" run a full server, with identity provider and resource storage\n"
-" facility."
-msgstr ""
-"\n"
-" ~a :\n"
-" exécute un serveur complet, avec un fournisseur d’identité et\n"
-" une fonction de stockage de ressources."
-
-#: src/scm/webid-oidc/program.scm:342 src/scm/webid-oidc/program.scm:596
-#: src/scm/webid-oidc/program.scm:815
-msgid "command-line|command|server"
-msgstr "serveur"
-
-#: src/scm/webid-oidc/program.scm:344
-msgid ""
-"\n"
-"If no command is specified, run the browser."
-msgstr ""
-"\n"
-"Si aucune commande n’est spécifiée, exécute le navigateur."
-
-#: src/scm/webid-oidc/program.scm:347
+#: src/scm/webid-oidc/program.scm:285
msgid ""
"\n"
"General options:"
@@ -1654,21 +1483,7 @@ msgstr ""
"\n"
"Options générales :"
-#: src/scm/webid-oidc/program.scm:349
-#, scheme-format
-msgid ""
-"\n"
-" -S MEANS, --~a=MEANS:\n"
-" specify a way to download the complete corresponding source\n"
-" code. For instance, this would be an URI pointing to a tarball."
-msgstr ""
-"\n"
-" -S MOYEN, --~a=MOYEN :\n"
-" spécifie un moyen de télécharger le code source complet\n"
-" correspondant. Par exemple, MOYEN serait une URI pointant vers\n"
-" l’archive de code."
-
-#: src/scm/webid-oidc/program.scm:354
+#: src/scm/webid-oidc/program.scm:287
#, scheme-format
msgid ""
"\n"
@@ -1679,7 +1494,7 @@ msgstr ""
" -h, --~a :\n"
" affiche un court message d’aide et quitte."
-#: src/scm/webid-oidc/program.scm:358
+#: src/scm/webid-oidc/program.scm:291
#, scheme-format
msgid ""
"\n"
@@ -1690,7 +1505,7 @@ msgstr ""
" -v, --~a :\n"
" affiche le numéro de version (~a, publiée le ~a) et quitte."
-#: src/scm/webid-oidc/program.scm:364
+#: src/scm/webid-oidc/program.scm:297
#, scheme-format
msgid ""
"\n"
@@ -1701,7 +1516,7 @@ msgstr ""
" --~a :\n"
" décrit le projet dans le vocabulaire DOAP et quitte."
-#: src/scm/webid-oidc/program.scm:368
+#: src/scm/webid-oidc/program.scm:301
#, scheme-format
msgid ""
"\n"
@@ -1712,7 +1527,7 @@ msgstr ""
" -l FICHIER.journal, --~a=FICHIER.journal :\n"
" redirige la sortie standard du programme vers FICHIER.journal."
-#: src/scm/webid-oidc/program.scm:372
+#: src/scm/webid-oidc/program.scm:305
#, scheme-format
msgid ""
"\n"
@@ -1723,225 +1538,53 @@ msgstr ""
" -e FICHIER.erreurs, --~a=FICHIER.erreurs :\n"
" redirige les erreurs du programme vers FICHIER.erreurs."
-#: src/scm/webid-oidc/program.scm:377
-msgid ""
-"\n"
-"General server-side options:"
-msgstr ""
-"\n"
-"Options générales pour un serveur :"
-
-#: src/scm/webid-oidc/program.scm:379
-#, scheme-format
-msgid ""
-"\n"
-" -p PORT, --~a=PORT:\n"
-" set the server port to bind, 8080 by default."
-msgstr ""
-"\n"
-" -p PORT, --~a=PORT :\n"
-" définit le port à lier, 8080 par défaut."
-
-#: src/scm/webid-oidc/program.scm:383
-#, scheme-format
-msgid ""
-"\n"
-" -n URI, --~a=URI:\n"
-" set the public server URI (scheme, userinfo, host, and port)."
-msgstr ""
-"\n"
-" -n URI, --~a=URI :\n"
-" définit l’URI publique du serveur (schéma, identifiant de\n"
-" l’utilisateur, hôte et port)."
-
-#: src/scm/webid-oidc/program.scm:388
-msgid ""
-"\n"
-"Options for the resource server:"
-msgstr ""
-"\n"
-"Options pour le serveur de ressources :"
-
-#: src/scm/webid-oidc/program.scm:390
-#, scheme-format
-msgid ""
-"\n"
-" -H HEADER, --~a=HEADER:\n"
-" the HEADER field contains the webid of the authenticated user,\n"
-" XXX-Agent by default. For the full server, disable Solid-OIDC\n"
-" authentication."
-msgstr ""
-"\n"
-" -H EN-TÊTE, --~a=EN-TÊTE :\n"
-" le champ EN-TÊTE contiendra l’identifiant webid de l’utilisateur\n"
-" authentifié, XXX-Agent par défaut. Pour un serveur complet, ceci\n"
-" désactive l’authentification par Solid-OIDC."
-
-#: src/scm/webid-oidc/program.scm:396
-#, scheme-format
-msgid ""
-"\n"
-" -b URI, --~a=URI:\n"
-" set the backend URI for the reverse proxy, only for the\n"
-" reverse-proxy command."
-msgstr ""
-"\n"
-" -b URI, --~a=URI :\n"
-" définit l’URI sortante du proxy inversé, seulement pour la\n"
-" commande proxy-inversé."
-
-#: src/scm/webid-oidc/program.scm:402
-msgid ""
-"\n"
-"Options for the identity provider:"
-msgstr ""
-"\n"
-"Options du fournisseur d’identité :"
-
-#: src/scm/webid-oidc/program.scm:404
-#, scheme-format
-msgid ""
-"\n"
-" -k FILE, --~a=FILE.jwk:\n"
-" set the file name of the key file. If it does not exist, a new\n"
-" key is generated. The server does not offer an HTTPS service."
-msgstr ""
-"\n"
-" -k FICHIER.jwk, --~a=FICHIER.jwk :\n"
-" définit le nom du fichier de clé. S’il n’existe pas, une\n"
-" nouvelle clé sera générée. Le serveur n’offre pas de service\n"
-" HTTPS."
-
-#: src/scm/webid-oidc/program.scm:409
-#, scheme-format
-msgid ""
-"\n"
-" -s WEBID, --~a=WEBID:\n"
-" set the identity of the subject."
-msgstr ""
-"\n"
-" -s WEBID, --~a=WEBID :\n"
-" définit l'identité du sujet."
-
-#: src/scm/webid-oidc/program.scm:413
-#, scheme-format
-msgid ""
-"\n"
-" -w ENCRYPTED_PASSWORD, --~a=ENCRYPTED_PASSWORD:\n"
-" set the encrypted password to recognize the user."
-msgstr ""
-"\n"
-" -w MOT_DE_PASSE_CHIFFRÉ, --~a=MOT_DE_PASSE_CHIFFRÉ :\n"
-" définit le mot de passe chiffré pour reconnaître l’utilisateur."
-
-#: src/scm/webid-oidc/program.scm:417
-#, scheme-format
-msgid ""
-"\n"
-" -W ENCRYPTED_PASSWORD_FILE, --~a=ENCRYPTED_PASSWORD_FILE:\n"
-" load the user’s encrypted password from ENCRYPTED_PASSWORD_FILE."
-msgstr ""
-"\n"
-" -w FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ, --"
-"~a=FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ :\n"
-" lit le mot de passe chiffré de l’utilisateur dans "
-"FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ."
-
-#: src/scm/webid-oidc/program.scm:421
-#, scheme-format
-msgid ""
-"\n"
-" -j URI, --~a=URI:\n"
-" set the URI to query the key of the server."
-msgstr ""
-"\n"
-" -j URI, --~a=URI :\n"
-" définit l’URI pour requêter les clés du serveur."
-
-#: src/scm/webid-oidc/program.scm:425
-#, scheme-format
-msgid ""
-"\n"
-" -a URI, --~a=URI:\n"
-" set the authorization endpoint of the issuer."
-msgstr ""
-"\n"
-" -a URI, --~a=URI :\n"
-" définit l'URI du terminal d'autorisation de l’émetteur\n"
-" d’identité."
-
-#: src/scm/webid-oidc/program.scm:429
-#, scheme-format
-msgid ""
-"\n"
-" -t URI, --~a=URI:\n"
-" set the token endpoint of the issuer."
-msgstr ""
-"\n"
-" -t URI, --~a=URI :\n"
-" définit le terminal de jeton de l’émetteur d’identité."
-
-#: src/scm/webid-oidc/program.scm:434
-msgid ""
-"\n"
-"Options for the client service:"
-msgstr ""
-"\n"
-"Options pour le service associé à un client :"
-
-#: src/scm/webid-oidc/program.scm:436
-#, scheme-format
+#: src/scm/webid-oidc/program.scm:310
msgid ""
"\n"
-" -c URI, --~a=URI:\n"
-" set the web identifier of the client application, which is\n"
-" dereferenced to a semantic resource."
+"Running a server:"
msgstr ""
"\n"
-" -c URI, --~a=URI :\n"
-" définit l’identifiant web de l’application client, qui est\n"
-" déréférencé pour une ressource sémantique."
+"Exécution d’un serveur :"
-#: src/scm/webid-oidc/program.scm:441
+#: src/scm/webid-oidc/program.scm:312
#, scheme-format
msgid ""
"\n"
-" -r URI, --~a=URI:\n"
-" set the redirection URI to get the authorization code back. The\n"
-" page is presented with the code to paste in the application."
+" -S MEANS, --~a=MEANS:\n"
+" specify a way to download the complete corresponding source\n"
+" code. For instance, this would be an URI pointing to a\n"
+" tarball. This option is required if a server is implemented."
msgstr ""
"\n"
-" -r URI, --~a=URI :\n"
-" définit l’URI de redirection pour récupérer le code\n"
-" d’autorisation. La page de redirection affiche le code à coller\n"
-" dans l’application."
+" -S MOYEN, --~a=MOYEN :\n"
+" spécifie un moyen de télécharger le code source complet\n"
+" correspondant. Par exemple, MOYEN serait une URI pointant vers\n"
+" l’archive de code. Cette option est requise si un serveur est\n"
+" exécuté."
-#: src/scm/webid-oidc/program.scm:446
+#: src/scm/webid-oidc/program.scm:318
#, scheme-format
msgid ""
"\n"
-" -C NAME, --~a=NAME:\n"
-" set the user-visible application name (may be misleading...)."
+" -p PORT, --~a=PORT:\n"
+" set the server port to bind, 8080 by default."
msgstr ""
"\n"
-" -C NOM, --~a=NOM :\n"
-" définit le nom de l’application visible par l’utilisateur (peut\n"
-" être trompeur…)."
+" -p PORT, --~a=PORT :\n"
+" définit le port à lier, 8080 par défaut."
-#: src/scm/webid-oidc/program.scm:450
+#: src/scm/webid-oidc/program.scm:322
#, scheme-format
msgid ""
"\n"
-" -u URI, --~a=URI:\n"
-" set an URI where someone would find more information about the\n"
-" application (again, may be misleading)."
+" -c FILE, --~a=FILE:\n"
+" set up a server with configuration from FILE."
msgstr ""
"\n"
-" -u URI, --~a=URI :\n"
-" définit l’URI présentant plus d’informations à propos de\n"
-" l’application (peut aussi être trompeur)."
+" -c FICHIER, --~a=FICHIER :\n"
+" met en place un serveur dont la configuration vient de FICHIER."
-#: src/scm/webid-oidc/program.scm:456
+#: src/scm/webid-oidc/program.scm:327
msgid ""
"\n"
"Environment variables:"
@@ -1949,7 +1592,7 @@ msgstr ""
"\n"
"Variables d’environnement :"
-#: src/scm/webid-oidc/program.scm:458
+#: src/scm/webid-oidc/program.scm:329
msgid ""
"\n"
" XML_CATALOG_FILES: the server will fetch resources on the web. By\n"
@@ -1968,9 +1611,9 @@ msgstr ""
" fichiers depuis le système de fichiers, parce qu’il n’y a pas de\n"
" moyen de spécifier le type de contenu."
-#: src/scm/webid-oidc/program.scm:466 src/scm/webid-oidc/program.scm:473
-#: src/scm/webid-oidc/program.scm:482 src/scm/webid-oidc/program.scm:490
-#: src/scm/webid-oidc/program.scm:498
+#: src/scm/webid-oidc/program.scm:337 src/scm/webid-oidc/program.scm:344
+#: src/scm/webid-oidc/program.scm:353 src/scm/webid-oidc/program.scm:361
+#: src/scm/webid-oidc/program.scm:369
#, scheme-format
msgid ""
"the-environment-variable|\n"
@@ -1979,7 +1622,7 @@ msgstr ""
" \n"
" Elle vaut actuellement ~s."
-#: src/scm/webid-oidc/program.scm:469
+#: src/scm/webid-oidc/program.scm:340
msgid ""
"\n"
" LANG: set the locale of the user interface (for the server commands,\n"
@@ -1989,7 +1632,7 @@ msgstr ""
" LANG : définit la locale de l’interface utilisateur (pour les\n"
" commandes serveur, l’utilisateur est l’administrateur système)."
-#: src/scm/webid-oidc/program.scm:476
+#: src/scm/webid-oidc/program.scm:347
msgid ""
"\n"
" XDG_DATA_HOME: where the program stores persistent data. The\n"
@@ -2004,7 +1647,7 @@ msgstr ""
" ici. Pour un service système, il est recommandé d’utiliser\n"
" /var/lib."
-#: src/scm/webid-oidc/program.scm:485
+#: src/scm/webid-oidc/program.scm:356
msgid ""
"\n"
" XDG_CACHE_HOME: where the program stores and updates the seed file,\n"
@@ -2017,7 +1660,7 @@ msgstr ""
" supprimer ce dossier n’importe quand. Le fichier de graine sera\n"
" initialisé à partir de /dev/random."
-#: src/scm/webid-oidc/program.scm:493
+#: src/scm/webid-oidc/program.scm:364
msgid ""
"\n"
" HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n"
@@ -2029,214 +1672,7 @@ msgstr ""
" valeur est calculée à partir de la variable d’environnement\n"
" HOME. Elle n’est pas utilisée autrement."
-#: src/scm/webid-oidc/program.scm:502
-msgid ""
-"\n"
-"Running a reverse proxy"
-msgstr ""
-"\n"
-"Exécution d’un proxy inversé"
-
-#: src/scm/webid-oidc/program.scm:504
-msgid ""
-"\n"
-"Suppose that you operate data.provider.com. You want to run an\n"
-"authenticating reverse proxy, that will receive incoming requests\n"
-"through http://localhost:8080, and forward them to\n"
-"https://private.data.provider.com. The backend will look for the\n"
-"XXX-Agent header, and if it is found, then its value will be\n"
-"considered the webid of the authenticated\n"
-"user. https://private.data.provider.com should only accept requests\n"
-"from this reverse proxy."
-msgstr ""
-"\n"
-"Supposons que vous opériez data.provider.com. Vous voulez exécuter un\n"
-"proxy inversé authentifiant, qui recevra les requêtes entrantes à\n"
-"travers http://localhost:8080, et les redirigera vers\n"
-"https://private.data.provider.com. L’arrière-boutique recherchera\n"
-"l’en-tête XXX-Agent, et s’il est trouvé, alors sa valeur sera\n"
-"considérée comme le webid de l’utilisateur\n"
-"authentifié. https://private.data.provider.com ne doit accepter que\n"
-"les requêtes depuis ce proxy inversé."
-
-#: src/scm/webid-oidc/program.scm:514
-#, scheme-format
-msgid ""
-"\n"
-" ~a ~a \\\n"
-" --~a 'https://data.provider.com/server-source-code.tar.gz' \\\n"
-" --~a 8080 \\\n"
-" --~a 'https://data.provider.com' \\\n"
-" --~a 'https://private.data.provider.com' \\\n"
-" --~a 'XXX-Agent' \\\n"
-" --~a '/var/log/proxy.log' \\\n"
-" --~a '/var/log/proxy.err'"
-msgstr ""
-"\n"
-" export LANG=fr_FR.UTF-8\n"
-" ~a ~a \\\n"
-" --~a 'https://data.provider.com/code-source-serveur.tar.gz \\\n"
-" --~a 8080 \\\n"
-" --~a 'https://data.provider.com \\\n"
-" --~a 'https://private.data.provider.com \\\n"
-" --~a 'XXX-Agent' \\\n"
-" --~a '/var/log/proxy.log' \\\n"
-" --~a '/var/log/proxy.err'"
-
-#: src/scm/webid-oidc/program.scm:529
-msgid ""
-"\n"
-"Running an identity provider"
-msgstr ""
-"\n"
-"Exécution d’un fournisseur d’identité"
-
-#: src/scm/webid-oidc/program.scm:531
-msgid ""
-"\n"
-"The identity provider running at webid-oidc-demo.planete-kraus.eu is\n"
-"invoked with the following options:"
-msgstr ""
-"\n"
-"Le fournisseur d’identité qui tourne sur\n"
-"webid-oidc-demo.planete-kraus.eu est invoqué avec les options\n"
-"suivantes :"
-
-#: src/scm/webid-oidc/program.scm:535
-#, scheme-format
-msgid ""
-"\n"
-" export XDG_DATA_HOME=/var/lib\n"
-" export XDG_CACHE_HOME=/var/cache\n"
-" ~a ~a \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
-"source.tar.gz' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n"
-" --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n"
-" --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n"
-" --~a $PORT"
-msgstr ""
-"\n"
-" export LANG=fr_FR.UTF-8\n"
-" export XDG_DATA_HOME=/var/lib\n"
-" export XDG_CACHE_HOME=/var/cache\n"
-" ~a ~a \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
-"source.tar.gz' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n"
-" --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n"
-" --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n"
-" --~a $PORT"
-
-#: src/scm/webid-oidc/program.scm:555
-msgid ""
-"\n"
-"Running the public pages for an application"
-msgstr ""
-"\n"
-"Service des pages publiques pour une application"
-
-#: src/scm/webid-oidc/program.scm:557
-msgid ""
-"\n"
-"The example client application pages for\n"
-"webid-oidc-demo.planete-kraus.eu are served this way:"
-msgstr ""
-"\n"
-"Les pages de l’application client d’exemple pour\n"
-"webid-oidc-demo.planete-kraus.eu sont servies de cette façon :"
-
-#: src/scm/webid-oidc/program.scm:561
-#, scheme-format
-msgid ""
-"\n"
-" ~a ~a \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
-"source.tar.gz' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/example-application#id' "
-"\\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorized' \\\n"
-" --~a 'Example Solid Application' \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/Running-a-client."
-"html#Running-a-client' \\\n"
-" --~a $PORT"
-msgstr ""
-"\n"
-" export LANG=fr_FR.UTF-8\n"
-" ~a ~a \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
-"source.tar.gz' \\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/example-application#id' "
-"\\\n"
-" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorized' \\\n"
-" --~a 'Example Solid Application' \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/Running-a-client."
-"html#Running-a-client' \\\n"
-" --~a $PORT"
-
-#: src/scm/webid-oidc/program.scm:575
-msgid ""
-"\n"
-"Running a full server"
-msgstr ""
-"\n"
-"Exécution d’un serveur complet"
-
-#: src/scm/webid-oidc/program.scm:578
-msgid ""
-"\n"
-"To run the server with identity provider and\n"
-"resource server for one particular user, you need to combine the\n"
-"options for the parts."
-msgstr ""
-"\n"
-"Pour exécuter un serveur avec à la fois un fournisseur d’identité et\n"
-"un serveur de ressources pour un utilisateur particulier, vous devez\n"
-"combiner les options des parties."
-
-#: src/scm/webid-oidc/program.scm:582
-#, scheme-format
-msgid ""
-"\n"
-" export XDG_DATA_HOME=/var/lib\n"
-" export XDG_CACHE_HOME=/var/cache\n"
-" ~a ~a \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
-"source.tar.gz' \\\n"
-" --~a 'https://data.planete-kraus.eu' \\\n"
-" --~a '/var/lib/disfluid/server/key.jwk' \\\n"
-" --~a 'https://data.planete-kraus.eu/vivien#me' \\\n"
-" --~a '/etc/disfluid/data.planete-kraus.eu/password' \\\n"
-" --~a 'https://data.planete-kraus.eu/keys' \\\n"
-" --~a 'https://data.planete-kraus.eu/authorize' \\\n"
-" --~a 'https://data.planete-kraus.eu/token' \\\n"
-" --~a '...port...'"
-msgstr ""
-"\n"
-" export LANG=fr_FR.UTF-8\n"
-" export XDG_DATA_HOME=/var/lib\n"
-" export XDG_CACHE_HOME=/var/cache\n"
-" ~a ~a \\\n"
-" --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
-"source.tar.gz' \\\n"
-" --~a 'https://data.planete-kraus.eu' \\\n"
-" --~a '/var/lib/disfluid/server/key.jwk' \\\n"
-" --~a 'https://data.planete-kraus.eu/vivien#me' \\\n"
-" --~a '/etc/disfluid/data.planete-kraus.eu/password' \\\n"
-" --~a 'https://data.planete-kraus.eu/keys' \\\n"
-" --~a 'https://data.planete-kraus.eu/authorize' \\\n"
-" --~a 'https://data.planete-kraus.eu/token' \\\n"
-" --~a '...port...'"
-
-#: src/scm/webid-oidc/program.scm:607
+#: src/scm/webid-oidc/program.scm:374
#, scheme-format
msgid ""
"\n"
@@ -2245,7 +1681,7 @@ msgstr ""
"\n"
"Si vous trouvez une erreur, veuillez en envoyer un rapport à ~a."
-#: src/scm/webid-oidc/program.scm:612
+#: src/scm/webid-oidc/program.scm:379
#, scheme-format
msgid ""
"~a version ~a\n"
@@ -2256,117 +1692,30 @@ msgstr ""
"\n"
"Publiée le ~a\n"
-#: src/scm/webid-oidc/program.scm:649
+#: src/scm/webid-oidc/program.scm:414
#, scheme-format
msgid "The --~a argument must be a number, not ~s.\n"
msgstr "L’argument de --~a doit être un nombre, pas ~s.\n"
-#: src/scm/webid-oidc/program.scm:655
+#: src/scm/webid-oidc/program.scm:420
#, scheme-format
msgid "The --~a argument must be an integer, not ~s.\n"
msgstr "L’argument de --~a doit être un entier, pas ~s.\n"
-#: src/scm/webid-oidc/program.scm:661
+#: src/scm/webid-oidc/program.scm:426
#, scheme-format
msgid "The --~a argument must be positive, ~s is invalid.\n"
msgstr "L’argument de --~a doit être positif, ~s est invalide.\n"
-#: src/scm/webid-oidc/program.scm:666
+#: src/scm/webid-oidc/program.scm:431
#, scheme-format
msgid "The --~a argument must be less than 65536, ~s is invalid.\n"
msgstr "L’argument de --~a doit être inférieur à 65536, ~s est invalide.\n"
-#: src/scm/webid-oidc/program.scm:694
-msgid ""
-"You specified two different passwords: one directly, and one from a file. "
-"Please set only one password.\n"
-msgstr ""
-"Vous avez spécifié deux mots de passe différents : l’un directement,\n"
-"et un autre depuis un fichier. Veuillez n’en spécifier qu’un.\n"
-
-#: src/scm/webid-oidc/program.scm:727 src/scm/webid-oidc/program.scm:748
-#: src/scm/webid-oidc/program.scm:817
-#, scheme-format
-msgid "You must pass --~a to set the server name.\n"
-msgstr "Vous devez passer --~a pour définir le nom du serveur.\n"
-
-#: src/scm/webid-oidc/program.scm:731
-#, scheme-format
-msgid "You must pass --~a to set the backend URI.\n"
-msgstr "Vous devez passer --~a pour définir l'URI du service d’arrière-plan.\n"
-
-#: src/scm/webid-oidc/program.scm:752 src/scm/webid-oidc/program.scm:821
-#, scheme-format
-msgid ""
-"You must pass --~a to set the file where to store the identity provider "
-"key.\n"
-msgstr ""
-"Vous devez passer --~a pour définir le nom du fichier pour sauvegarder\n"
-"la clé du fournisseur d’identité.\n"
-
-#: src/scm/webid-oidc/program.scm:756 src/scm/webid-oidc/program.scm:825
-#, scheme-format
-msgid "You must pass --~a to set the subject of the identity provider.\n"
-msgstr ""
-"Vous devez passer --~a pour définir le sujet du fournisseur d’identité.\n"
-
-#: src/scm/webid-oidc/program.scm:760
-#, scheme-format
-msgid "You must pass --~a or --~a to set the subject’s encrypted password.\n"
-msgstr ""
-"Vous devez passer --~a ou --~a pour définir le mot de passe chiffré du "
-"sujet.\n"
-
-#: src/scm/webid-oidc/program.scm:764 src/scm/webid-oidc/program.scm:833
-#, scheme-format
-msgid "You must pass --~a to set the JWKS URI.\n"
-msgstr "Vous devez passer --~a pour définir l'URI du JWKS.\n"
-
-#: src/scm/webid-oidc/program.scm:768 src/scm/webid-oidc/program.scm:837
-#, scheme-format
-msgid "You must pass --~a to set the authorization endpoint URI.\n"
-msgstr ""
-"Vous devez passer --~a pour définir l'URI du terminal d'autorisation.\n"
-
-#: src/scm/webid-oidc/program.scm:772 src/scm/webid-oidc/program.scm:841
-#, scheme-format
-msgid "You must pass --~a to set the token endpoint URI.\n"
-msgstr "Vous devez passer --~a pour définir l'URI du terminal de jeton.\n"
-
-#: src/scm/webid-oidc/program.scm:789
-#, scheme-format
-msgid "You must pass --~a to set the application web ID.\n"
-msgstr ""
-"Vous devez passer --~a pour définir l'identifiant web de l’application.\n"
-
-#: src/scm/webid-oidc/program.scm:793
-#, scheme-format
-msgid "You must pass --~a to set the redirection URI.\n"
-msgstr "Vous devez passer --~a pour définir l'URI de redirection.\n"
-
-#: src/scm/webid-oidc/program.scm:797
-#, scheme-format
-msgid "You must pass --~a to set the informative client name.\n"
-msgstr ""
-"Vous devez passer --~a pour donner un nom pour l’application à titre "
-"informatif.\n"
-
-#: src/scm/webid-oidc/program.scm:801
-#, scheme-format
-msgid "You must pass --~a to set the informative client URI.\n"
-msgstr ""
-"Vous devez passer --~a pour définir l'URI du client, à titre informatif.\n"
-
-#: src/scm/webid-oidc/program.scm:829
+#: src/scm/webid-oidc/program.scm:443
#, scheme-format
-msgid "You must pass --~a to set the subject’s encrypted password.\n"
-msgstr ""
-"Vous devez passer --~a pour définir le mot de passe chiffré du sujet.\n"
-
-#: src/scm/webid-oidc/program.scm:881
-#, scheme-format
-msgid "Unknown command ~s\n"
-msgstr "Commande inconnue ~s\n"
+msgid "--~a is required when running a server.\n"
+msgstr "--~a est requis pour exécuter un serveur.\n"
#: src/scm/webid-oidc/refresh-token.scm:171
msgid "the refresh token does not exist"
@@ -2378,26 +1727,6 @@ msgid "the refresh token is bound to key ~s, which is not that one"
msgstr ""
"le jeton de rafraîchissement est lié à la clé ~s, ce n’est pas celle utilisée"
-#: src/scm/webid-oidc/resource-server.scm:75
-msgid ""
-"You need to pass #:server-uri URI where URI is the public URI of the server, "
-"as a (web uri)."
-msgstr ""
-"Vous devez passer #:server-uri URI où URI est l’URI publique du serveur, "
-"comme dans (web uri)."
-
-#: src/scm/webid-oidc/resource-server.scm:97
-msgid "The owner is not defined."
-msgstr "Le propriétaire n’est pas défini."
-
-#: src/scm/webid-oidc/resource-server.scm:127
-msgid "<h1>The resource server request failed</h1>"
-msgstr "<h1>La requête du serveur de ressource a échoué</h1>"
-
-#: src/scm/webid-oidc/reverse-proxy.scm:60
-msgid "#:endpoint argument is not present or not an URI."
-msgstr "l’argument de #:endpoint n’est pas présent, ou pas une URI."
-
#: src/scm/webid-oidc/serializable.scm:58
msgid "a plugin class should have an explicit #:name and #:module-name"
msgstr ""
@@ -2848,7 +2177,7 @@ msgstr "Le serveur de sortie n’a pas pu être contacté."
msgid "the auxiliary resource of type ~s at ~s is absent"
msgstr "la ressource auxiliaire de type ~s à ~s est absente"
-#: src/scm/webid-oidc/simulation.scm:130
+#: src/scm/webid-oidc/simulation.scm:135
#, scheme-format
msgid "invalid credentials: response ~s ~s"
msgstr "identifiants invalides : réponse ~s ~s"
@@ -2896,10 +2225,6 @@ msgstr "pendant la mise à jour du fichier ~s : ~a"
msgid "an error happened while updating file ~s"
msgstr "une erreur est survenue pendant la mise à jour du fichier ~s"
-#: src/scm/webid-oidc/token-endpoint.scm:71
-msgid "<h1>The token request failed</h1>"
-msgstr "<h1>La requête de jeton a échoué</h1>"
-
#: src/ui/account-widget.glade:19
msgid "Identity:"
msgstr "Identité :"
@@ -3032,6 +2357,617 @@ msgstr "Contenu :"
msgid "Discard edits"
msgstr "Rejeter les modifications"
+#~ msgid "<h1>The authorization request failed</h1>"
+#~ msgstr "<h1>La requête d’autorisation a échoué</h1>"
+
+#~ msgid "really bad internal server error"
+#~ msgstr "erreur interne du serveur vraiment grave"
+
+#~ msgid "<p>Your request cannot be handled by the identity provider.</p>"
+#~ msgstr ""
+#~ "<p>Votre requête n’a pas pu être traitée par le fournisseur d’identité.</"
+#~ "p>"
+
+#~ msgid "<h1>The request failed</h1>"
+#~ msgstr "<h1>La requête a échoué</h1>"
+
+#~ msgid "<h1>The identity provider request failed</h1>"
+#~ msgstr "<h1>La requête du fournisseur d’identité a échoué</h1>"
+
+#, scheme-format
+#~ msgid "~a: ~a: Internal server error: ~a\n"
+#~ msgstr "~a : ~a : Erreur interne du serveur : ~a\n"
+
+#~ msgid "Internal Server Error"
+#~ msgstr "Erreur Interne du Serveur"
+
+#~ msgid "Sorry, there was an error."
+#~ msgstr "Toutes nos excuses, il y a eu une erreurr."
+
+#~ msgid "command-line|server|server-name"
+#~ msgstr "nom-du-serveur"
+
+#~ msgid "command-line|server|reverse-proxy|backend-uri"
+#~ msgstr "uri-arrière-plan"
+
+#~ msgid "command-line|server|reverse-proxy|header"
+#~ msgstr "en-tête"
+
+#~ msgid "command-line|server|issuer|key-file"
+#~ msgstr "fichier-clé"
+
+#~ msgid "command-line|server|issuer|subject"
+#~ msgstr "sujet"
+
+#~ msgid "command-line|server|issuer|encrypted-password"
+#~ msgstr "mot-de-passe-chiffré"
+
+#~ msgid "command-line|server|issuer|encrypted-password-from-file"
+#~ msgstr "fichier-de-mot-de-passe-chiffré"
+
+#~ msgid "command-line|server|issuer|jwks-uri"
+#~ msgstr "uri-jwks"
+
+#~ msgid "command-line|server|issuer|authorization-endpoint-uri"
+#~ msgstr "uri-terminal-autorisation"
+
+#~ msgid "command-line|server|issuer|token-endpoint-uri"
+#~ msgstr "uri-terminal-jeton"
+
+#~ msgid "command-line|server|client-id"
+#~ msgstr "id-client"
+
+#~ msgid "command-line|server|redirect-uri"
+#~ msgstr "uri-redirection"
+
+#~ msgid "command-line|server|client-name"
+#~ msgstr "nom-client"
+
+#~ msgid "command-line|server|client-uri"
+#~ msgstr "uri-client"
+
+#~ msgid ""
+#~ "\n"
+#~ "Available commands:"
+#~ msgstr ""
+#~ "\n"
+#~ "Commandes disponibles :"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " ~a:\n"
+#~ " run an authenticating reverse proxy."
+#~ msgstr ""
+#~ "\n"
+#~ " ~a :\n"
+#~ " exécute le proxy inverse authentifiant."
+
+#~ msgid "command-line|command|reverse-proxy"
+#~ msgstr "proxy-inversé"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " ~a:\n"
+#~ " run an identity provider."
+#~ msgstr ""
+#~ "\n"
+#~ " ~a :\n"
+#~ " exécute un fournisseur d’identité."
+
+#~ msgid "command-line|command|identity-provider"
+#~ msgstr "fournisseur-identité"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " ~a:\n"
+#~ " serve the pages for a public application."
+#~ msgstr ""
+#~ "\n"
+#~ " ~a :\n"
+#~ " sert les pages d’une application publique."
+
+#~ msgid "command-line|command|client-service"
+#~ msgstr "service-client"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " ~a:\n"
+#~ " run a full server, with identity provider and resource storage\n"
+#~ " facility."
+#~ msgstr ""
+#~ "\n"
+#~ " ~a :\n"
+#~ " exécute un serveur complet, avec un fournisseur d’identité et\n"
+#~ " une fonction de stockage de ressources."
+
+#~ msgid "command-line|command|server"
+#~ msgstr "serveur"
+
+#~ msgid ""
+#~ "\n"
+#~ "If no command is specified, run the browser."
+#~ msgstr ""
+#~ "\n"
+#~ "Si aucune commande n’est spécifiée, exécute le navigateur."
+
+#~ msgid ""
+#~ "\n"
+#~ "General server-side options:"
+#~ msgstr ""
+#~ "\n"
+#~ "Options générales pour un serveur :"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -n URI, --~a=URI:\n"
+#~ " set the public server URI (scheme, userinfo, host, and port)."
+#~ msgstr ""
+#~ "\n"
+#~ " -n URI, --~a=URI :\n"
+#~ " définit l’URI publique du serveur (schéma, identifiant de\n"
+#~ " l’utilisateur, hôte et port)."
+
+#~ msgid ""
+#~ "\n"
+#~ "Options for the resource server:"
+#~ msgstr ""
+#~ "\n"
+#~ "Options pour le serveur de ressources :"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -H HEADER, --~a=HEADER:\n"
+#~ " the HEADER field contains the webid of the authenticated user,\n"
+#~ " XXX-Agent by default. For the full server, disable Solid-OIDC\n"
+#~ " authentication."
+#~ msgstr ""
+#~ "\n"
+#~ " -H EN-TÊTE, --~a=EN-TÊTE :\n"
+#~ " le champ EN-TÊTE contiendra l’identifiant webid de l’utilisateur\n"
+#~ " authentifié, XXX-Agent par défaut. Pour un serveur complet, ceci\n"
+#~ " désactive l’authentification par Solid-OIDC."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -b URI, --~a=URI:\n"
+#~ " set the backend URI for the reverse proxy, only for the\n"
+#~ " reverse-proxy command."
+#~ msgstr ""
+#~ "\n"
+#~ " -b URI, --~a=URI :\n"
+#~ " définit l’URI sortante du proxy inversé, seulement pour la\n"
+#~ " commande proxy-inversé."
+
+#~ msgid ""
+#~ "\n"
+#~ "Options for the identity provider:"
+#~ msgstr ""
+#~ "\n"
+#~ "Options du fournisseur d’identité :"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -k FILE, --~a=FILE.jwk:\n"
+#~ " set the file name of the key file. If it does not exist, a new\n"
+#~ " key is generated. The server does not offer an HTTPS service."
+#~ msgstr ""
+#~ "\n"
+#~ " -k FICHIER.jwk, --~a=FICHIER.jwk :\n"
+#~ " définit le nom du fichier de clé. S’il n’existe pas, une\n"
+#~ " nouvelle clé sera générée. Le serveur n’offre pas de service\n"
+#~ " HTTPS."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -s WEBID, --~a=WEBID:\n"
+#~ " set the identity of the subject."
+#~ msgstr ""
+#~ "\n"
+#~ " -s WEBID, --~a=WEBID :\n"
+#~ " définit l'identité du sujet."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -w ENCRYPTED_PASSWORD, --~a=ENCRYPTED_PASSWORD:\n"
+#~ " set the encrypted password to recognize the user."
+#~ msgstr ""
+#~ "\n"
+#~ " -w MOT_DE_PASSE_CHIFFRÉ, --~a=MOT_DE_PASSE_CHIFFRÉ :\n"
+#~ " définit le mot de passe chiffré pour reconnaître l’utilisateur."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -W ENCRYPTED_PASSWORD_FILE, --~a=ENCRYPTED_PASSWORD_FILE:\n"
+#~ " load the user’s encrypted password from ENCRYPTED_PASSWORD_FILE."
+#~ msgstr ""
+#~ "\n"
+#~ " -w FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ, --"
+#~ "~a=FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ :\n"
+#~ " lit le mot de passe chiffré de l’utilisateur dans "
+#~ "FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -j URI, --~a=URI:\n"
+#~ " set the URI to query the key of the server."
+#~ msgstr ""
+#~ "\n"
+#~ " -j URI, --~a=URI :\n"
+#~ " définit l’URI pour requêter les clés du serveur."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -a URI, --~a=URI:\n"
+#~ " set the authorization endpoint of the issuer."
+#~ msgstr ""
+#~ "\n"
+#~ " -a URI, --~a=URI :\n"
+#~ " définit l'URI du terminal d'autorisation de l’émetteur\n"
+#~ " d’identité."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -t URI, --~a=URI:\n"
+#~ " set the token endpoint of the issuer."
+#~ msgstr ""
+#~ "\n"
+#~ " -t URI, --~a=URI :\n"
+#~ " définit le terminal de jeton de l’émetteur d’identité."
+
+#~ msgid ""
+#~ "\n"
+#~ "Options for the client service:"
+#~ msgstr ""
+#~ "\n"
+#~ "Options pour le service associé à un client :"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -c URI, --~a=URI:\n"
+#~ " set the web identifier of the client application, which is\n"
+#~ " dereferenced to a semantic resource."
+#~ msgstr ""
+#~ "\n"
+#~ " -c URI, --~a=URI :\n"
+#~ " définit l’identifiant web de l’application client, qui est\n"
+#~ " déréférencé pour une ressource sémantique."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -r URI, --~a=URI:\n"
+#~ " set the redirection URI to get the authorization code back. The\n"
+#~ " page is presented with the code to paste in the application."
+#~ msgstr ""
+#~ "\n"
+#~ " -r URI, --~a=URI :\n"
+#~ " définit l’URI de redirection pour récupérer le code\n"
+#~ " d’autorisation. La page de redirection affiche le code à coller\n"
+#~ " dans l’application."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -C NAME, --~a=NAME:\n"
+#~ " set the user-visible application name (may be misleading...)."
+#~ msgstr ""
+#~ "\n"
+#~ " -C NOM, --~a=NOM :\n"
+#~ " définit le nom de l’application visible par l’utilisateur (peut\n"
+#~ " être trompeur…)."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " -u URI, --~a=URI:\n"
+#~ " set an URI where someone would find more information about the\n"
+#~ " application (again, may be misleading)."
+#~ msgstr ""
+#~ "\n"
+#~ " -u URI, --~a=URI :\n"
+#~ " définit l’URI présentant plus d’informations à propos de\n"
+#~ " l’application (peut aussi être trompeur)."
+
+#~ msgid ""
+#~ "\n"
+#~ "Running a reverse proxy"
+#~ msgstr ""
+#~ "\n"
+#~ "Exécution d’un proxy inversé"
+
+#~ msgid ""
+#~ "\n"
+#~ "Suppose that you operate data.provider.com. You want to run an\n"
+#~ "authenticating reverse proxy, that will receive incoming requests\n"
+#~ "through http://localhost:8080, and forward them to\n"
+#~ "https://private.data.provider.com. The backend will look for the\n"
+#~ "XXX-Agent header, and if it is found, then its value will be\n"
+#~ "considered the webid of the authenticated\n"
+#~ "user. https://private.data.provider.com should only accept requests\n"
+#~ "from this reverse proxy."
+#~ msgstr ""
+#~ "\n"
+#~ "Supposons que vous opériez data.provider.com. Vous voulez exécuter un\n"
+#~ "proxy inversé authentifiant, qui recevra les requêtes entrantes à\n"
+#~ "travers http://localhost:8080, et les redirigera vers\n"
+#~ "https://private.data.provider.com. L’arrière-boutique recherchera\n"
+#~ "l’en-tête XXX-Agent, et s’il est trouvé, alors sa valeur sera\n"
+#~ "considérée comme le webid de l’utilisateur\n"
+#~ "authentifié. https://private.data.provider.com ne doit accepter que\n"
+#~ "les requêtes depuis ce proxy inversé."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " ~a ~a \\\n"
+#~ " --~a 'https://data.provider.com/server-source-code.tar.gz' \\\n"
+#~ " --~a 8080 \\\n"
+#~ " --~a 'https://data.provider.com' \\\n"
+#~ " --~a 'https://private.data.provider.com' \\\n"
+#~ " --~a 'XXX-Agent' \\\n"
+#~ " --~a '/var/log/proxy.log' \\\n"
+#~ " --~a '/var/log/proxy.err'"
+#~ msgstr ""
+#~ "\n"
+#~ " export LANG=fr_FR.UTF-8\n"
+#~ " ~a ~a \\\n"
+#~ " --~a 'https://data.provider.com/code-source-serveur.tar.gz \\\n"
+#~ " --~a 8080 \\\n"
+#~ " --~a 'https://data.provider.com \\\n"
+#~ " --~a 'https://private.data.provider.com \\\n"
+#~ " --~a 'XXX-Agent' \\\n"
+#~ " --~a '/var/log/proxy.log' \\\n"
+#~ " --~a '/var/log/proxy.err'"
+
+#~ msgid ""
+#~ "\n"
+#~ "Running an identity provider"
+#~ msgstr ""
+#~ "\n"
+#~ "Exécution d’un fournisseur d’identité"
+
+#~ msgid ""
+#~ "\n"
+#~ "The identity provider running at webid-oidc-demo.planete-kraus.eu is\n"
+#~ "invoked with the following options:"
+#~ msgstr ""
+#~ "\n"
+#~ "Le fournisseur d’identité qui tourne sur\n"
+#~ "webid-oidc-demo.planete-kraus.eu est invoqué avec les options\n"
+#~ "suivantes :"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " export XDG_DATA_HOME=/var/lib\n"
+#~ " export XDG_CACHE_HOME=/var/cache\n"
+#~ " ~a ~a \\\n"
+#~ " --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
+#~ "source.tar.gz' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n"
+#~ " --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n"
+#~ " --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n"
+#~ " --~a $PORT"
+#~ msgstr ""
+#~ "\n"
+#~ " export LANG=fr_FR.UTF-8\n"
+#~ " export XDG_DATA_HOME=/var/lib\n"
+#~ " export XDG_CACHE_HOME=/var/cache\n"
+#~ " ~a ~a \\\n"
+#~ " --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
+#~ "source.tar.gz' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n"
+#~ " --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n"
+#~ " --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n"
+#~ " --~a $PORT"
+
+#~ msgid ""
+#~ "\n"
+#~ "Running the public pages for an application"
+#~ msgstr ""
+#~ "\n"
+#~ "Service des pages publiques pour une application"
+
+#~ msgid ""
+#~ "\n"
+#~ "The example client application pages for\n"
+#~ "webid-oidc-demo.planete-kraus.eu are served this way:"
+#~ msgstr ""
+#~ "\n"
+#~ "Les pages de l’application client d’exemple pour\n"
+#~ "webid-oidc-demo.planete-kraus.eu sont servies de cette façon :"
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " ~a ~a \\\n"
+#~ " --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
+#~ "source.tar.gz' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/example-"
+#~ "application#id' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/authorized' \\\n"
+#~ " --~a 'Example Solid Application' \\\n"
+#~ " --~a 'https://webid-oidc.planete-kraus.eu/Running-a-client."
+#~ "html#Running-a-client' \\\n"
+#~ " --~a $PORT"
+#~ msgstr ""
+#~ "\n"
+#~ " export LANG=fr_FR.UTF-8\n"
+#~ " ~a ~a \\\n"
+#~ " --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
+#~ "source.tar.gz' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/example-"
+#~ "application#id' \\\n"
+#~ " --~a 'https://webid-oidc-demo.planete-kraus.eu/authorized' \\\n"
+#~ " --~a 'Example Solid Application' \\\n"
+#~ " --~a 'https://webid-oidc.planete-kraus.eu/Running-a-client."
+#~ "html#Running-a-client' \\\n"
+#~ " --~a $PORT"
+
+#~ msgid ""
+#~ "\n"
+#~ "To run the server with identity provider and\n"
+#~ "resource server for one particular user, you need to combine the\n"
+#~ "options for the parts."
+#~ msgstr ""
+#~ "\n"
+#~ "Pour exécuter un serveur avec à la fois un fournisseur d’identité et\n"
+#~ "un serveur de ressources pour un utilisateur particulier, vous devez\n"
+#~ "combiner les options des parties."
+
+#, scheme-format
+#~ msgid ""
+#~ "\n"
+#~ " export XDG_DATA_HOME=/var/lib\n"
+#~ " export XDG_CACHE_HOME=/var/cache\n"
+#~ " ~a ~a \\\n"
+#~ " --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
+#~ "source.tar.gz' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu' \\\n"
+#~ " --~a '/var/lib/disfluid/server/key.jwk' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu/vivien#me' \\\n"
+#~ " --~a '/etc/disfluid/data.planete-kraus.eu/password' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu/keys' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu/authorize' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu/token' \\\n"
+#~ " --~a '...port...'"
+#~ msgstr ""
+#~ "\n"
+#~ " export LANG=fr_FR.UTF-8\n"
+#~ " export XDG_DATA_HOME=/var/lib\n"
+#~ " export XDG_CACHE_HOME=/var/cache\n"
+#~ " ~a ~a \\\n"
+#~ " --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-"
+#~ "source.tar.gz' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu' \\\n"
+#~ " --~a '/var/lib/disfluid/server/key.jwk' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu/vivien#me' \\\n"
+#~ " --~a '/etc/disfluid/data.planete-kraus.eu/password' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu/keys' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu/authorize' \\\n"
+#~ " --~a 'https://data.planete-kraus.eu/token' \\\n"
+#~ " --~a '...port...'"
+
+#~ msgid ""
+#~ "You specified two different passwords: one directly, and one from a file. "
+#~ "Please set only one password.\n"
+#~ msgstr ""
+#~ "Vous avez spécifié deux mots de passe différents : l’un directement,\n"
+#~ "et un autre depuis un fichier. Veuillez n’en spécifier qu’un.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the server name.\n"
+#~ msgstr "Vous devez passer --~a pour définir le nom du serveur.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the backend URI.\n"
+#~ msgstr ""
+#~ "Vous devez passer --~a pour définir l'URI du service d’arrière-plan.\n"
+
+#, scheme-format
+#~ msgid ""
+#~ "You must pass --~a to set the file where to store the identity provider "
+#~ "key.\n"
+#~ msgstr ""
+#~ "Vous devez passer --~a pour définir le nom du fichier pour sauvegarder\n"
+#~ "la clé du fournisseur d’identité.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the subject of the identity provider.\n"
+#~ msgstr ""
+#~ "Vous devez passer --~a pour définir le sujet du fournisseur d’identité.\n"
+
+#, scheme-format
+#~ msgid ""
+#~ "You must pass --~a or --~a to set the subject’s encrypted password.\n"
+#~ msgstr ""
+#~ "Vous devez passer --~a ou --~a pour définir le mot de passe chiffré du "
+#~ "sujet.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the JWKS URI.\n"
+#~ msgstr "Vous devez passer --~a pour définir l'URI du JWKS.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the authorization endpoint URI.\n"
+#~ msgstr ""
+#~ "Vous devez passer --~a pour définir l'URI du terminal d'autorisation.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the token endpoint URI.\n"
+#~ msgstr "Vous devez passer --~a pour définir l'URI du terminal de jeton.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the application web ID.\n"
+#~ msgstr ""
+#~ "Vous devez passer --~a pour définir l'identifiant web de l’application.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the redirection URI.\n"
+#~ msgstr "Vous devez passer --~a pour définir l'URI de redirection.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the informative client name.\n"
+#~ msgstr ""
+#~ "Vous devez passer --~a pour donner un nom pour l’application à titre "
+#~ "informatif.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the informative client URI.\n"
+#~ msgstr ""
+#~ "Vous devez passer --~a pour définir l'URI du client, à titre informatif.\n"
+
+#, scheme-format
+#~ msgid "You must pass --~a to set the subject’s encrypted password.\n"
+#~ msgstr ""
+#~ "Vous devez passer --~a pour définir le mot de passe chiffré du sujet.\n"
+
+#, scheme-format
+#~ msgid "Unknown command ~s\n"
+#~ msgstr "Commande inconnue ~s\n"
+
+#~ msgid ""
+#~ "You need to pass #:server-uri URI where URI is the public URI of the "
+#~ "server, as a (web uri)."
+#~ msgstr ""
+#~ "Vous devez passer #:server-uri URI où URI est l’URI publique du serveur, "
+#~ "comme dans (web uri)."
+
+#~ msgid "The owner is not defined."
+#~ msgstr "Le propriétaire n’est pas défini."
+
+#~ msgid "<h1>The resource server request failed</h1>"
+#~ msgstr "<h1>La requête du serveur de ressource a échoué</h1>"
+
+#~ msgid "#:endpoint argument is not present or not an URI."
+#~ msgstr "l’argument de #:endpoint n’est pas présent, ou pas une URI."
+
+#~ msgid "<h1>The token request failed</h1>"
+#~ msgstr "<h1>La requête de jeton a échoué</h1>"
+
#~ msgid "Bad Request"
#~ msgstr "Requête invalide"
@@ -4055,9 +3991,6 @@ msgstr "Rejeter les modifications"
#~ msgid "Sending a request: ~s\n"
#~ msgstr "Envoi d’une requête : ~s\n"
-#~ msgid "comand-line|help"
-#~ msgstr "aide"
-
#, scheme-format
#~ msgid ""
#~ "Usage: ~a [OPTIONS]...\n"
diff --git a/src/scm/webid-oidc/Makefile.am b/src/scm/webid-oidc/Makefile.am
index 1d5066b..fe6b458 100644
--- a/src/scm/webid-oidc/Makefile.am
+++ b/src/scm/webid-oidc/Makefile.am
@@ -31,14 +31,9 @@ dist_webidoidcmod_DATA += \
%reldir%/authorization-code.scm \
%reldir%/refresh-token.scm \
%reldir%/oidc-id-token.scm \
- %reldir%/authorization-endpoint.scm \
- %reldir%/token-endpoint.scm \
- %reldir%/identity-provider.scm \
%reldir%/provider-confirmation.scm \
- %reldir%/resource-server.scm \
%reldir%/hello-world.scm \
%reldir%/program.scm \
- %reldir%/reverse-proxy.scm \
%reldir%/client.scm \
%reldir%/example-app.scm \
%reldir%/rdf-index.scm \
@@ -67,14 +62,9 @@ webidoidcgo_DATA += \
%reldir%/authorization-code.go \
%reldir%/refresh-token.go \
%reldir%/oidc-id-token.go \
- %reldir%/authorization-endpoint.go \
- %reldir%/token-endpoint.go \
- %reldir%/identity-provider.go \
%reldir%/provider-confirmation.go \
- %reldir%/resource-server.go \
%reldir%/hello-world.go \
%reldir%/program.go \
- %reldir%/reverse-proxy.go \
%reldir%/client.go \
%reldir%/example-app.go \
%reldir%/rdf-index.go \
diff --git a/src/scm/webid-oidc/authorization-endpoint.scm b/src/scm/webid-oidc/authorization-endpoint.scm
deleted file mode 100644
index 74417aa..0000000
--- a/src/scm/webid-oidc/authorization-endpoint.scm
+++ /dev/null
@@ -1,85 +0,0 @@
-;; disfluid, implementation of the Solid specification
-;; Copyright (C) 2020, 2021 Vivien Kraus
-
-;; This program is free software: you can redistribute it and/or modify
-;; it under the terms of the GNU Affero General Public License as
-;; published by the Free Software Foundation, either version 3 of the
-;; License, or (at your option) any later version.
-
-;; This program is distributed in the hope that it will be useful,
-;; but WITHOUT ANY WARRANTY; without even the implied warranty of
-;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-;; GNU Affero General Public License for more details.
-
-;; You should have received a copy of the GNU Affero General Public License
-;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-(define-module (webid-oidc authorization-endpoint)
- #:use-module (webid-oidc errors)
- #:use-module (webid-oidc server endpoint)
- #:use-module (webid-oidc server endpoint identity-provider)
- #:use-module (webid-oidc jwk)
- #:use-module (webid-oidc authorization-code)
- #:use-module (webid-oidc client-manifest)
- #:use-module (webid-oidc web-i18n)
- #:use-module ((webid-oidc parameters) #:prefix p:)
- #:use-module (web uri)
- #:use-module (web request)
- #:use-module (web response)
- #:use-module (rnrs bytevectors)
- #:use-module (srfi srfi-19)
- #:use-module (srfi srfi-26)
- #:use-module (ice-9 receive)
- #:use-module (ice-9 optargs)
- #:use-module (ice-9 match)
- #:use-module (sxml simple)
- #:use-module (oop goops)
- #:declarative? #t
- #:duplicates (merge-generics)
- #:export
- (
-
- make-authorization-endpoint
-
- ))
-
-(define (make-authorization-endpoint subject encrypted-password jwk-file)
- (define endpoint
- (make <authorization-endpoint>
- #:subject subject
- #:encrypted-password encrypted-password
- #:key-file jwk-file))
- (lambda (request request-body)
- (when (bytevector? request-body)
- (set! request-body (utf8->string request-body)))
- (parameterize ((web-locale request))
- (with-exception-handler
- (lambda (exn)
- (unless (web-exception? exn)
- (raise-exception exn))
- (values
- (build-response
- #:code (web-exception-code exn)
- #:reason-phrase (web-exception-reason-phrase exn)
- #:headers `((content-type application/xhtml+xml)))
- (call-with-output-string
- (cute sxml->xml
- `(*TOP*
- (*PI* xml "version=\"1.0\" encoding=\"utf-8\"")
- (html (@ (xmlns "http://www.w3.org/1999/xhtml")
- (xml:lang ,(W_ "xml-lang|en")))
- (body
- ,(call-with-input-string
- (format #f (W_ "<h1>The authorization request failed</h1>"))
- xml->sxml)
- ,(if (user-message? exn)
- (user-message-sxml exn)
- (call-with-input-string
- (format #f (W_ "<p>No more information.</p>"))
- xml->sxml)))))
- <>))))
- (lambda ()
- (receive (response response-body response-meta)
- (handle endpoint request request-body)
- (values response response-body)))
- #:unwind? #t))))
diff --git a/src/scm/webid-oidc/client.scm b/src/scm/webid-oidc/client.scm
index ee0b72c..1948d86 100644
--- a/src/scm/webid-oidc/client.scm
+++ b/src/scm/webid-oidc/client.scm
@@ -62,10 +62,6 @@
#:export
(
request
-
- serve-application
-
- <extended-client-manifest>
)
#:declarative? #t)
@@ -169,40 +165,3 @@
(scan-arguments args (or headers new-headers) non-header-args method))
((kw value args ...)
(scan-arguments args headers `(,value ,kw ,@non-header-args) method)))))
-
-(define* (serve-application id redirect-uri . args)
- (let ((endpoint (apply make <client-id>
- #:client-id id
- #:redirect-uris (list redirect-uri)
- args)))
- (lambda (request request-body)
- (with-exception-handler
- (lambda (exn)
- (unless (web-exception? exn)
- (raise-exception exn))
- (values
- (build-response
- #:code (web-exception-code exn)
- #:reason-phrase (web-exception-reason-phrase exn)
- #:headers `((content-type application/xhtml+xml)))
- (call-with-output-string
- (cute sxml->xml
- `(*TOP*
- (*PI* xml "version=\"1.0\" encoding=\"utf-8\"")
- (html (@ (xmlns "http://www.w3.org/1999/xhtml")
- (xml:lang ,(W_ "xml-lang|en")))
- (body
- ,(call-with-input-string
- (format #f (W_ "<h1>The request failed</h1>"))
- xml->sxml)
- ,(if (user-message? exn)
- (user-message-sxml exn)
- (call-with-input-string
- (format #f (W_ "<p>No more information.</p>"))
- xml->sxml)))))
- <>))))
- (lambda ()
- (receive (response response-body response-meta)
- (handle endpoint request request-body)
- (values response response-body)))
- #:unwind? #t))))
diff --git a/src/scm/webid-oidc/hello-world.scm b/src/scm/webid-oidc/hello-world.scm
index 4d97657..68d7644 100644
--- a/src/scm/webid-oidc/hello-world.scm
+++ b/src/scm/webid-oidc/hello-world.scm
@@ -17,7 +17,6 @@
(define-module (webid-oidc hello-world)
#:use-module (webid-oidc server endpoint)
#:use-module (webid-oidc server endpoint hello)
- #:use-module (webid-oidc resource-server)
#:use-module (webid-oidc server log)
#:use-module (webid-oidc web-i18n)
#:use-module ((webid-oidc config) #:prefix cfg:)
diff --git a/src/scm/webid-oidc/identity-provider.scm b/src/scm/webid-oidc/identity-provider.scm
deleted file mode 100644
index 5970574..0000000
--- a/src/scm/webid-oidc/identity-provider.scm
+++ /dev/null
@@ -1,135 +0,0 @@
-;; disfluid, implementation of the Solid specification
-;; Copyright (C) 2020, 2021 Vivien Kraus
-
-;; This program is free software: you can redistribute it and/or modify
-;; it under the terms of the GNU Affero General Public License as
-;; published by the Free Software Foundation, either version 3 of the
-;; License, or (at your option) any later version.
-
-;; This program is distributed in the hope that it will be useful,
-;; but WITHOUT ANY WARRANTY; without even the implied warranty of
-;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-;; GNU Affero General Public License for more details.
-
-;; You should have received a copy of the GNU Affero General Public License
-;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-(define-module (webid-oidc identity-provider)
- #:use-module (webid-oidc errors)
- #:use-module (webid-oidc authorization-endpoint)
- #:use-module (webid-oidc token-endpoint)
- #:use-module (webid-oidc server endpoint)
- #:use-module (webid-oidc server endpoint identity-provider)
- #:use-module (webid-oidc oidc-configuration)
- #:use-module (webid-oidc jwk)
- #:use-module ((webid-oidc config) #:prefix cfg:)
- #:use-module ((webid-oidc stubs) #:prefix stubs:)
- #:use-module ((webid-oidc parameters) #:prefix p:)
- #:use-module (webid-oidc jti)
- #:use-module (web request)
- #:use-module (web response)
- #:use-module (web uri)
- #:use-module (web server)
- #:use-module (webid-oidc cache)
- #:use-module (ice-9 optargs)
- #:use-module (ice-9 receive)
- #:use-module (webid-oidc web-i18n)
- #:use-module (ice-9 getopt-long)
- #:use-module (ice-9 suspendable-ports)
- #:use-module (ice-9 match)
- #:use-module (ice-9 exceptions)
- #:use-module (sxml simple)
- #:use-module (sxml match)
- #:use-module (srfi srfi-19)
- #:use-module (srfi srfi-26)
- #:use-module (rnrs bytevectors)
- #:use-module (oop goops)
- #:duplicates (merge-generics)
- #:declarative? #t
- #:export
- (
-
- make-identity-provider
-
- ))
-
-(define-class <default> (<endpoint>))
-
-(define-method (handle (endpoint <default>) request request-body)
- (raise-exception
- (make-exception
- (make-web-exception 404 (W_ "reason-phrase|Not Found"))
- (make-user-message
- (call-with-input-string
- (format #f (W_ "<p>Your request cannot be handled by the identity provider.</p>"))
- xml->sxml)))))
-
-(define* (make-identity-provider
- issuer
- key-file
- subject
- encrypted-password
- jwks-uri
- authorization-endpoint-uri
- token-endpoint-uri)
- (let ((discovery
- (make <oidc-discovery>
- #:path "/.well-known/openid-configuration"
- #:configuration
- (make <oidc-configuration>
- #:jwks-uri jwks-uri
- #:authorization-endpoint authorization-endpoint-uri
- #:token-endpoint token-endpoint-uri)))
- (authz
- (make <authorization-endpoint>
- #:subject subject
- #:encrypted-password encrypted-password
- #:key-file key-file
- #:path (uri-path authorization-endpoint-uri)))
- (token
- (make <token-endpoint>
- #:path (uri-path token-endpoint-uri)
- #:issuer issuer
- #:key-file key-file))
- (jwks
- (make <jwks-endpoint>
- #:path (uri-path jwks-uri)
- #:key-file key-file)))
- (let ((idp (make <identity-provider>
- #:oidc-discovery discovery
- #:authorization-endpoint authz
- #:token-endpoint token
- #:jwks-endpoint jwks
- #:default (make <default>))))
- (lambda (request request-body)
- (parameterize ((web-locale request))
- (with-exception-handler
- (lambda (exn)
- (unless (web-exception? exn)
- (raise-exception exn))
- (values
- (build-response
- #:code (web-exception-code exn)
- #:reason-phrase (web-exception-reason-phrase exn)
- #:headers `((content-type application/xhtml+xml)))
- (call-with-output-string
- (cute sxml->xml
- `(*TOP*
- (*PI* xml "version=\"1.0\" encoding=\"utf-8\"")
- (html (@ (xmlns "http://www.w3.org/1999/xhtml")
- (xml:lang ,(W_ "xml-lang|en")))
- (body
- ,(call-with-input-string
- (format #f (W_ "<h1>The identity provider request failed</h1>"))
- xml->sxml)
- ,(if (user-message? exn)
- (user-message-sxml exn)
- (call-with-input-string
- (format #f (W_ "<p>No more information.</p>"))
- xml->sxml)))))
- <>))))
- (lambda ()
- (receive (response response-body response-meta)
- (handle idp request request-body)
- (values response response-body)))
- #:unwind? #t))))))
diff --git a/src/scm/webid-oidc/program.scm b/src/scm/webid-oidc/program.scm
index 6a70cdc..319dd43 100644
--- a/src/scm/webid-oidc/program.scm
+++ b/src/scm/webid-oidc/program.scm
@@ -17,11 +17,9 @@
(define-module (webid-oidc program)
#:use-module (webid-oidc errors)
#:use-module (webid-oidc server log)
- #:use-module (webid-oidc reverse-proxy)
- #:use-module (webid-oidc identity-provider)
#:use-module (webid-oidc client)
- #:use-module (webid-oidc resource-server)
#:use-module (webid-oidc server create)
+ #:use-module (webid-oidc server endpoint)
#:use-module (webid-oidc jti)
#:use-module (webid-oidc offloading)
#:use-module (webid-oidc catalog)
@@ -39,12 +37,15 @@
#:use-module (ice-9 textual-ports)
#:use-module (ice-9 exceptions)
#:use-module (srfi srfi-19)
+ #:use-module (srfi srfi-26)
#:use-module (rnrs bytevectors)
#:use-module (web uri)
#:use-module (web request)
#:use-module (web response)
#:use-module (webid-oidc cache)
- #:use-module (web server))
+ #:use-module (web server)
+ #:use-module (sxml simple)
+ #:declarative? #f)
(define logging-mutex (make-mutex))
@@ -82,20 +83,20 @@
(f))))
(define (setup-http-request f)
- (let ((base-http-request (p:anonymous-http-request)))
- (parameterize ((p:anonymous-http-request
- (lambda* (uri . args)
- (with-mutex logging-mutex
- (format (current-output-port)
- (G_ "~a: connecting to ~s\n")
- (date->string (time-utc->date (current-time)))
- (uri-host uri)))
- (apply base-http-request uri args))))
- (use-cache
- (lambda ()
- (use-catalog
+ (use-logging-request
+ (lambda ()
+ (let ((base-http-request (p:anonymous-http-request)))
+ (parameterize ((p:anonymous-http-request
+ (lambda* (uri . args)
+ (with-mutex logging-mutex
+ (format (current-output-port)
+ (G_ "~a: connecting to ~s\n")
+ (date->string (time-utc->date (current-time)))
+ (uri-host uri)))
+ (apply base-http-request uri args))))
+ (use-cache
(lambda ()
- (use-logging-request
+ (use-catalog
(lambda ()
(f))))))))))
@@ -107,8 +108,8 @@
(address (sockaddr:addr peer)))
(inet-ntop family address)))))
-(define (handler-with-log log-file error-file complete-corresponding-source handler)
- (lambda (request request-body)
+(define (handler-with-log endpoint log-file error-file complete-corresponding-source)
+ (lambda (request request-body . _)
(when log-file
(prepare-log-file log-file))
(when error-file
@@ -126,80 +127,78 @@
;; Fix the date
(p:current-date ((p:current-date)))
(web-locale request))
- (call/ec
- (lambda (return)
- (with-exception-handler
- (lambda (error)
- (unless (exception-with-message? error)
- (let ((final-message
- (format #f (G_ "really bad internal server error"))))
- (raise-exception
- (make-exception
- (make-exception-with-message final-message)
- error))))
- (with-mutex logging-mutex
- (format (current-error-port)
- (G_ "~a: ~a: Internal server error: ~a\n")
- (date->string ((p:current-date)))
- (request-ip-address request)
- (exception-message error)))
- (return
- (build-response #:code 500
- #:reason-phrase (W_ "Internal Server Error")
- #:headers `((source . ,complete-corresponding-source)
- (date . ,((p:current-date)))))
- (W_ "Sorry, there was an error.")))
- (lambda ()
- (receive (response response-body user cause)
- (call-with-values
- (lambda ()
- (handler request request-body))
- (case-lambda
- ((response response-body)
- (values response response-body #f #f))
- ((response response-body user)
- (values response response-body user #f))
- ((response response-body user cause)
- (values response response-body user cause))))
- (let ((logging-port
- (let ((response-code (response-code response)))
- (if (>= response-code 400)
- ;; That’s an error
- (current-error-port)
- (current-output-port)))))
- (with-mutex logging-mutex
- (format logging-port
- (G_ "~a: ~s ~a ~s ~a\n")
- (if user
- (format #f (G_ "~a: ~a (~a)")
- (date->string (time-utc->date (current-time)))
- (uri->string user)
- (request-ip-address request))
- (format #f (G_ "~a: ~a")
- (date->string (time-utc->date (current-time)))
- (request-ip-address request)))
- (request-method request)
- (uri-path (request-uri request))
- (response-code response)
- (if (and cause (exception-with-message? cause))
- (string-append
- (response-reason-phrase response)
- " "
- (format #f (G_ "(there was an error: ~a)")
- (exception-message cause)))
- (response-reason-phrase response)))))
- (return
- (build-response
- #:version (response-version response)
- #:code (response-code response)
- #:reason-phrase (response-reason-phrase response)
- #:headers `((source . ,complete-corresponding-source)
- (date . ,((p:current-date)))
- ,@(response-headers response))
- #:port (response-port response)
- #:validate-headers? #t)
- response-body)))
- #:unwind? #t))))))
+ (receive (response response-body user cause)
+ (call/ec
+ (lambda (return)
+ (with-exception-handler
+ (lambda (error)
+ (if (web-exception? error)
+ (return
+ (build-response #:code (web-exception-code error)
+ #:reason-phrase (web-exception-reason-phrase error)
+ #:headers `((content-type application/xhtml-xml)))
+ (call-with-output-string
+ (cute sxml->xml
+ `(*TOP*
+ (*PI* xml "version=\"1.0\" encoding=\"utf-8\"")
+ (html (@ (xmlns "http://www.w3.org/1999/xhtml")
+ (xml:lang ,(W_ "xml-lang|en")))
+ (head
+ (title ,(W_ "An error happened…")))
+ (body
+ ,(call-with-input-string
+ (format #f (W_ "<p>Sorry, an error happened.</p>"))
+ xml->sxml)
+ ,(user-message-sxml error))))
+ <>))
+ (and (caused-by-user? error)
+ (caused-by-user-webid error))
+ error)
+ ;; Other kind of exception
+ (raise-exception error)))
+ (lambda ()
+ (receive (response response-body response-meta)
+ (handle endpoint request request-body)
+ (values response response-body (assq-ref response-meta 'user) #f)))
+ #:unwind? #t)))
+ (let ((logging-port
+ (let ((response-code (response-code response)))
+ (if (>= response-code 400)
+ ;; That’s an error
+ (current-error-port)
+ (current-output-port)))))
+ (with-mutex logging-mutex
+ (format logging-port
+ (G_ "~a: ~s ~a ~s ~a\n")
+ (if user
+ (format #f (G_ "~a: ~a (~a)")
+ (date->string (time-utc->date (current-time)))
+ (uri->string user)
+ (request-ip-address request))
+ (format #f (G_ "~a: ~a")
+ (date->string (time-utc->date (current-time)))
+ (request-ip-address request)))
+ (request-method request)
+ (uri-path (request-uri request))
+ (response-code response)
+ (if (and cause (exception-with-message? cause))
+ (string-append
+ (response-reason-phrase response)
+ " "
+ (format #f (G_ "(there was an error: ~a)")
+ (exception-message cause)))
+ (response-reason-phrase response)))))
+ (values
+ (build-response
+ #:version (response-version response)
+ #:code (response-code response)
+ #:reason-phrase (response-reason-phrase response)
+ #:headers `((source . ,complete-corresponding-source)
+ (date . ,((p:current-date)))
+ ,@(response-headers response))
+ #:port (response-port response)
+ #:validate-headers? #t)
+ response-body)))))
(define (serve-one-client* handler implementation server state)
;; Same as serve-one-client, except it is served in a promise.
@@ -218,7 +217,7 @@
(define* (run-server*
handler
- #:optional
+ #:key
(implementation 'http)
(open-params '())
. state)
@@ -246,34 +245,8 @@
(string->symbol (G_ "command-line|help")))
(port-sym
(string->symbol (G_ "command-line|server|port")))
- (server-name-sym
- (string->symbol (G_ "command-line|server|server-name")))
- (backend-uri-sym
- (string->symbol (G_ "command-line|server|reverse-proxy|backend-uri")))
- (header-sym
- (string->symbol (G_ "command-line|server|reverse-proxy|header")))
- (key-file-sym
- (string->symbol (G_ "command-line|server|issuer|key-file")))
- (subject-sym
- (string->symbol (G_ "command-line|server|issuer|subject")))
- (encrypted-password-sym
- (string->symbol (G_ "command-line|server|issuer|encrypted-password")))
- (encrypted-password-from-file-sym
- (string->symbol (G_ "command-line|server|issuer|encrypted-password-from-file")))
- (jwks-uri-sym
- (string->symbol (G_ "command-line|server|issuer|jwks-uri")))
- (authorization-endpoint-uri-sym
- (string->symbol (G_ "command-line|server|issuer|authorization-endpoint-uri")))
- (token-endpoint-uri-sym
- (string->symbol (G_ "command-line|server|issuer|token-endpoint-uri")))
- (client-id-sym
- (string->symbol (G_ "command-line|server|client-id")))
- (redirect-uri-sym
- (string->symbol (G_ "command-line|server|redirect-uri")))
- (client-name-sym
- (string->symbol (G_ "command-line|server|client-name")))
- (client-uri-sym
- (string->symbol (G_ "command-line|server|client-uri")))
+ (configuration-sym
+ (string->symbol (G_ "command-line|server|configuration")))
(log-file-sym
(string->symbol (G_ "command-line|log-file")))
(error-file-sym
@@ -289,30 +262,17 @@
(,help-sym (single-char #\h) (value #f))
(,log-file-sym (single-char #\l) (value #t))
(,error-file-sym (single-char #\e) (value #t))
- (,key-file-sym (single-char #\k) (value #t))
- (,subject-sym (single-char #\s) (value #t))
- (,encrypted-password-sym (single-char #\w) (value #t))
- (,encrypted-password-from-file-sym (single-char #\W) (value #t))
- (,jwks-uri-sym (single-char #\j) (value #t))
- (,authorization-endpoint-uri-sym (single-char #\a) (value #t))
- (,token-endpoint-uri-sym (single-char #\t) (value #t))
- (,client-id-sym (single-char #\c) (value #t))
- (,redirect-uri-sym (single-char #\r) (value #t))
- (,client-name-sym (single-char #\C) (value #t))
- (,client-uri-sym (single-char #\u) (value #t))
- (,port-sym (single-char #\p) (value #t))
- (,server-name-sym (single-char #\n) (value #t))
- (,header-sym (single-char #\H) (value #t))
- (,backend-uri-sym (single-char #\b) (value #t)))))
+ (,configuration-sym (single-char #\c) (value #t))
+ (,port-sym (single-char #\p) (value #t)))))
(getopt-long (command-line) spec))))
(cond
((option-ref options help-sym #f)
- (format #t (G_ "Usage: ~a COMMAND [OPTIONS]...
+ (format #t (G_ "Usage: ~a [OPTIONS]...
")
(car (command-line)))
(format #t (G_ "
-Run the disfluid COMMAND."))
+Run disfluid."))
(format #t "\n")
(format #t (G_ "
This program is covered by the GNU Affero GPL, version 3 or
@@ -321,37 +281,10 @@ the network to download the complete corresponding source code (with
your modifications) at no cost. The server adds a \"Source:\" header
to all responses."))
(format #t "\n")
- (format #t (G_ "
-Available commands:"))
- (format #t (G_ "
- ~a:
- run an authenticating reverse proxy.")
- (G_ "command-line|command|reverse-proxy"))
- (format #t (G_ "
- ~a:
- run an identity provider.")
- (G_ "command-line|command|identity-provider"))
- (format #t (G_ "
- ~a:
- serve the pages for a public application.")
- (G_ "command-line|command|client-service"))
- (format #t (G_ "
- ~a:
- run a full server, with identity provider and resource storage
- facility.")
- (G_ "command-line|command|server"))
- (format #t "\n")
- (format #t (G_ "
-If no command is specified, run the browser."))
(format #t "\n")
(format #t (G_ "
General options:"))
(format #t (G_ "
- -S MEANS, --~a=MEANS:
- specify a way to download the complete corresponding source
- code. For instance, this would be an URI pointing to a tarball.")
- complete-corresponding-source-sym)
- (format #t (G_ "
-h, --~a:
display a short help message and exit.")
help-sym)
@@ -375,83 +308,21 @@ General options:"))
error-file-sym)
(format #t "\n")
(format #t (G_ "
-General server-side options:"))
+Running a server:"))
+ (format #t (G_ "
+ -S MEANS, --~a=MEANS:
+ specify a way to download the complete corresponding source
+ code. For instance, this would be an URI pointing to a
+ tarball. This option is required if a server is implemented.")
+ complete-corresponding-source-sym)
(format #t (G_ "
-p PORT, --~a=PORT:
set the server port to bind, 8080 by default.")
port-sym)
(format #t (G_ "
- -n URI, --~a=URI:
- set the public server URI (scheme, userinfo, host, and port).")
- server-name-sym)
- (format #t "\n")
- (format #t (G_ "
-Options for the resource server:"))
- (format #t (G_ "
- -H HEADER, --~a=HEADER:
- the HEADER field contains the webid of the authenticated user,
- XXX-Agent by default. For the full server, disable Solid-OIDC
- authentication.")
- header-sym)
- (format #t (G_ "
- -b URI, --~a=URI:
- set the backend URI for the reverse proxy, only for the
- reverse-proxy command.")
- backend-uri-sym)
- (format #t "\n")
- (format #t (G_ "
-Options for the identity provider:"))
- (format #t (G_ "
- -k FILE, --~a=FILE.jwk:
- set the file name of the key file. If it does not exist, a new
- key is generated. The server does not offer an HTTPS service.")
- key-file-sym)
- (format #t (G_ "
- -s WEBID, --~a=WEBID:
- set the identity of the subject.")
- subject-sym)
- (format #t (G_ "
- -w ENCRYPTED_PASSWORD, --~a=ENCRYPTED_PASSWORD:
- set the encrypted password to recognize the user.")
- encrypted-password-sym)
- (format #t (G_ "
- -W ENCRYPTED_PASSWORD_FILE, --~a=ENCRYPTED_PASSWORD_FILE:
- load the user’s encrypted password from ENCRYPTED_PASSWORD_FILE.")
- encrypted-password-from-file-sym)
- (format #t (G_ "
- -j URI, --~a=URI:
- set the URI to query the key of the server.")
- jwks-uri-sym)
- (format #t (G_ "
- -a URI, --~a=URI:
- set the authorization endpoint of the issuer.")
- authorization-endpoint-uri-sym)
- (format #t (G_ "
- -t URI, --~a=URI:
- set the token endpoint of the issuer.")
- token-endpoint-uri-sym)
- (format #t "\n")
- (format #t (G_ "
-Options for the client service:"))
- (format #t (G_ "
- -c URI, --~a=URI:
- set the web identifier of the client application, which is
- dereferenced to a semantic resource.")
- client-id-sym)
- (format #t (G_ "
- -r URI, --~a=URI:
- set the redirection URI to get the authorization code back. The
- page is presented with the code to paste in the application.")
- redirect-uri-sym)
- (format #t (G_ "
- -C NAME, --~a=NAME:
- set the user-visible application name (may be misleading...).")
- client-name-sym)
- (format #t (G_ "
- -u URI, --~a=URI:
- set an URI where someone would find more information about the
- application (again, may be misleading).")
- client-uri-sym)
+ -c FILE, --~a=FILE:
+ set up a server with configuration from FILE.")
+ configuration-sym)
(format #t "\n")
(format #t (G_ "
Environment variables:"))
@@ -499,110 +370,6 @@ Environment variables:"))
It is currently set to ~s.")
(getenv "HOME")))
(format #t "\n")
- (format #t (G_ "
-Running a reverse proxy"))
- (format #t (G_ "
-Suppose that you operate data.provider.com. You want to run an
-authenticating reverse proxy, that will receive incoming requests
-through http://localhost:8080, and forward them to
-https://private.data.provider.com. The backend will look for the
-XXX-Agent header, and if it is found, then its value will be
-considered the webid of the authenticated
-user. https://private.data.provider.com should only accept requests
-from this reverse proxy."))
- (format #t "\n")
- (format #t (G_ "
- ~a ~a \\
- --~a 'https://data.provider.com/server-source-code.tar.gz' \\
- --~a 8080 \\
- --~a 'https://data.provider.com' \\
- --~a 'https://private.data.provider.com' \\
- --~a 'XXX-Agent' \\
- --~a '/var/log/proxy.log' \\
- --~a '/var/log/proxy.err'")
- (car (command-line))
- (G_ "command-line|command|reverse-proxy")
- complete-corresponding-source-sym
- port-sym server-name-sym backend-uri-sym header-sym
- log-file-sym error-file-sym)
- (format #t "\n")
- (format #t (G_ "
-Running an identity provider"))
- (format #t (G_ "
-The identity provider running at webid-oidc-demo.planete-kraus.eu is
-invoked with the following options:"))
- (format #t "\n")
- (format #t (G_ "
- export XDG_DATA_HOME=/var/lib
- export XDG_CACHE_HOME=/var/cache
- ~a ~a \\
- --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz' \\
- --~a 'https://webid-oidc-demo.planete-kraus.eu' \\
- --~a '/var/lib/webid-oidc/issuer/key.jwk' \\
- --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\
- --~a '/etc/disfluid/webid-oidc-demo.planete-kraus.eu/password' \\
- --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\
- --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\
- --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\
- --~a $PORT")
- (car (command-line))
- (G_ "command-line|command|identity-provider")
- complete-corresponding-source-sym
- server-name-sym key-file-sym subject-sym encrypted-password-from-file-sym
- jwks-uri-sym authorization-endpoint-uri-sym
- token-endpoint-uri-sym port-sym)
- (format #t "\n")
- (format #t (G_ "
-Running the public pages for an application"))
- (format #t (G_ "
-The example client application pages for
-webid-oidc-demo.planete-kraus.eu are served this way:"))
- (format #t "\n")
- (format #t (G_ "
- ~a ~a \\
- --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz' \\
- --~a 'https://webid-oidc-demo.planete-kraus.eu/example-application#id' \\
- --~a 'https://webid-oidc-demo.planete-kraus.eu/authorized' \\
- --~a 'Example Solid Application' \\
- --~a 'https://webid-oidc.planete-kraus.eu/Running-a-client.html#Running-a-client' \\
- --~a $PORT")
- (car (command-line))
- (G_ "command-line|command|client-service")
- complete-corresponding-source-sym
- client-id-sym redirect-uri-sym client-name-sym client-uri-sym
- port-sym)
- (format #t "\n")
- (format #t (G_ "
-Running a full server"))
- (format #t "\n")
- (format #t (G_ "
-To run the server with identity provider and
-resource server for one particular user, you need to combine the
-options for the parts."))
- (format #t (G_ "
- export XDG_DATA_HOME=/var/lib
- export XDG_CACHE_HOME=/var/cache
- ~a ~a \\
- --~a 'https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz' \\
- --~a 'https://data.planete-kraus.eu' \\
- --~a '/var/lib/disfluid/server/key.jwk' \\
- --~a 'https://data.planete-kraus.eu/vivien#me' \\
- --~a '/etc/disfluid/data.planete-kraus.eu/password' \\
- --~a 'https://data.planete-kraus.eu/keys' \\
- --~a 'https://data.planete-kraus.eu/authorize' \\
- --~a 'https://data.planete-kraus.eu/token' \\
- --~a '...port...'")
- (car (command-line))
- (G_ "command-line|command|server")
- complete-corresponding-source-sym
- server-name-sym
- key-file-sym
- subject-sym
- encrypted-password-from-file-sym
- jwks-uri-sym
- authorization-endpoint-uri-sym
- token-endpoint-uri-sym
- port-sym)
(format #t "\n")
(format #t (G_ "
If you find a bug, then please send a report to ~a.")
@@ -634,14 +401,12 @@ Rreleased ~a\n")
cfg:version
(date->string cfg:release-date "~1")))
(else
- (let ((rest (option-ref options '() '()))
- (complete-corresponding-source
- (let ((str (option-ref options complete-corresponding-source-sym #f)))
- (unless (or (null? (option-ref options '() '())) str)
- (format (current-error-port)
- (G_ "You are legally required to link to the complete corresponding source code.\n"))
- (exit 1))
- str))
+ (let ((complete-corresponding-source
+ (option-ref options complete-corresponding-source-sym #f))
+ (log-file-name
+ (option-ref options log-file-sym #f))
+ (error-file-name
+ (option-ref options error-file-sym #f))
(port
(let ((port (string->number (option-ref options port-sym "8080"))))
(unless port
@@ -667,220 +432,27 @@ Rreleased ~a\n")
port-sym port)
(exit 1))
port))
- (server-name
- (let ((str (option-ref options server-name-sym #f)))
- (and str
- (string->uri str))))
- (backend-uri
- (let ((str (option-ref options backend-uri-sym #f)))
- (and str
- (string->uri str))))
- (header
- (let ((str (option-ref options header-sym #f)))
- (and str
- (string->symbol str))))
- (key-file (option-ref options key-file-sym #f))
- (subject
- (let ((str (option-ref options subject-sym #f)))
- (and str (string->uri str))))
- (encrypted-password
- (let ((direct (option-ref options encrypted-password-sym #f))
- (from-file
- (let ((filename (option-ref options encrypted-password-from-file-sym #f)))
- (and filename
- (call-with-input-file filename get-line)))))
- (when (and direct from-file (not (equal? direct from-file)))
- (format (current-error-port)
- (G_ "You specified two different passwords: one directly, and one from a file. Please set only one password.\n"))
- (exit 1))
- (or direct from-file)))
- (jwks-uri
- (let ((str (option-ref options jwks-uri-sym #f)))
- (and str (string->uri str))))
- (authorization-endpoint-uri
- (let ((str (option-ref options authorization-endpoint-uri-sym #f)))
- (and str (string->uri str))))
- (token-endpoint-uri
- (let ((str (option-ref options token-endpoint-uri-sym #f)))
- (and str (string->uri str))))
- (client-id
- (let ((str (option-ref options client-id-sym #f)))
- (and str (string->uri str))))
- (redirect-uri
- (let ((str (option-ref options redirect-uri-sym #f)))
- (and str (string->uri str))))
- (client-name
- (option-ref options client-name-sym #f))
- (client-uri
- (option-ref options client-uri-sym #f)))
- (when (null? rest)
- (eval
- '(main)
- (resolve-module '(webid-oidc client gui)))
- (exit 0))
- (let ((command (car rest))
- (non-options (cdr rest)))
- (cond
- ((equal? command (G_ "command-line|command|reverse-proxy"))
- (begin
- (unless server-name
- (format (current-error-port) (G_ "You must pass --~a to set the server name.\n")
- server-name-sym)
- (exit 1))
- (unless backend-uri
- (format (current-error-port) (G_ "You must pass --~a to set the backend URI.\n")
- backend-uri-sym)
- (exit 1))
- (run-server*
- (handler-with-log
- (option-ref options log-file-sym #f)
- (option-ref options error-file-sym #f)
- complete-corresponding-source
- (make-reverse-proxy
- #:server-uri server-name
- #:endpoint backend-uri
- #:auth-header header))
- 'http
- (list #:port port))))
- ((equal? command (G_ "command-line|command|identity-provider"))
+ (configuration
+ (let ((file-name (option-ref options configuration-sym #f)))
+ (and file-name
+ (load file-name)))))
+ (if configuration
(begin
- (unless server-name
- (format (current-error-port) (G_ "You must pass --~a to set the server name.\n")
- server-name-sym)
- (exit 1))
- (unless key-file
- (format (current-error-port) (G_ "You must pass --~a to set the file where to store the identity provider key.\n")
- key-file-sym)
- (exit 1))
- (unless subject
- (format (current-error-port) (G_ "You must pass --~a to set the subject of the identity provider.\n")
- subject-sym)
- (exit 1))
- (unless encrypted-password
- (format (current-error-port) (G_ "You must pass --~a or --~a to set the subject’s encrypted password.\n")
- encrypted-password-sym encrypted-password-from-file-sym)
- (exit 1))
- (unless jwks-uri
- (format (current-error-port) (G_ "You must pass --~a to set the JWKS URI.\n")
- jwks-uri-sym)
- (exit 1))
- (unless authorization-endpoint-uri
- (format (current-error-port) (G_ "You must pass --~a to set the authorization endpoint URI.\n")
- authorization-endpoint-uri-sym)
- (exit 1))
- (unless token-endpoint-uri
- (format (current-error-port) (G_ "You must pass --~a to set the token endpoint URI.\n")
- token-endpoint-uri-sym)
- (exit 1))
- (let ((handler
- (make-identity-provider
- server-name key-file subject encrypted-password jwks-uri
- authorization-endpoint-uri token-endpoint-uri)))
- (run-server*
- (handler-with-log
- (option-ref options log-file-sym #f)
- (option-ref options error-file-sym #f)
- complete-corresponding-source handler)
- 'http
- (list #:port port)))))
- ((equal? command (G_ "command-line|command|client-service"))
- (begin
- (unless client-id
- (format (current-error-port) (G_ "You must pass --~a to set the application web ID.\n")
- client-id-sym)
- (exit 1))
- (unless redirect-uri
- (format (current-error-port) (G_ "You must pass --~a to set the redirection URI.\n")
- redirect-uri-sym)
- (exit 1))
- (unless client-name
- (format (current-error-port) (G_ "You must pass --~a to set the informative client name.\n")
- client-name-sym)
- (exit 1))
- (unless client-uri
- (format (current-error-port) (G_ "You must pass --~a to set the informative client URI.\n")
- client-uri-sym)
+ (unless complete-corresponding-source
+ (format (current-error-port)
+ (G_ "--~a is required when running a server.\n")
+ complete-corresponding-source-sym)
(exit 1))
- (let ((handler
- (serve-application client-id redirect-uri
- #:client-name client-name
- #:client-uri client-uri)))
- (run-server*
- (handler-with-log
- (option-ref options log-file-sym #f)
- (option-ref options error-file-sym #f)
- complete-corresponding-source handler)
- 'http
- (list #:port port)))))
- ((equal? command (G_ "command-line|command|server"))
- (unless server-name
- (format (current-error-port) (G_ "You must pass --~a to set the server name.\n")
- server-name-sym)
- (exit 1))
- (unless key-file
- (format (current-error-port) (G_ "You must pass --~a to set the file where to store the identity provider key.\n")
- key-file-sym)
- (exit 1))
- (unless subject
- (format (current-error-port) (G_ "You must pass --~a to set the subject of the identity provider.\n")
- subject-sym)
- (exit 1))
- (unless encrypted-password
- (format (current-error-port) (G_ "You must pass --~a to set the subject’s encrypted password.\n")
- encrypted-password-sym)
- (exit 1))
- (unless jwks-uri
- (format (current-error-port) (G_ "You must pass --~a to set the JWKS URI.\n")
- jwks-uri-sym)
- (exit 1))
- (unless authorization-endpoint-uri
- (format (current-error-port) (G_ "You must pass --~a to set the authorization endpoint URI.\n")
- authorization-endpoint-uri-sym)
- (exit 1))
- (unless token-endpoint-uri
- (format (current-error-port) (G_ "You must pass --~a to set the token endpoint URI.\n")
- token-endpoint-uri-sym)
- (exit 1))
- (let ((resource-handler
- (make-resource-server
- #:server-uri server-name
- #:owner subject
- #:authenticator
- (if header
- (begin
- (set! header
- (string->symbol
- (string-downcase
- (symbol->string header))))
- (lambda (request request-body)
- (let ((value (assq-ref (request-headers request) header)))
- (and value (string->uri value)))))
- (make-authenticator
- #:server-uri server-name))))
- (identity-provider-handler
- (make-identity-provider
- server-name key-file subject encrypted-password jwks-uri
- authorization-endpoint-uri token-endpoint-uri)))
- (create-root server-name subject)
(run-server*
- (handler-with-log
- (option-ref options log-file-sym #f)
- (option-ref options error-file-sym #f)
- complete-corresponding-source
- (lambda (request request-body)
- (let ((path (uri-path (request-uri request))))
- (if (or (equal? path "/.well-known/openid-configuration")
- (equal? path (uri-path jwks-uri))
- (equal? path (uri-path authorization-endpoint-uri))
- (equal? path (uri-path token-endpoint-uri)))
- (identity-provider-handler request request-body)
- (resource-handler request request-body)))))
- 'http
- (list #:port port))))
- (else
- (format (current-error-port) (G_ "Unknown command ~s\n")
- command)
- (exit 1))))))))))
+ (handler-with-log configuration
+ log-file-name
+ error-file-name
+ complete-corresponding-source)
+ #:implementation 'http
+ #:open-params (list #:port port)))
+ (eval
+ '(main)
+ (resolve-module '(webid-oidc client gui))))))))))
(define-public (main)
(setup-http-request inner-main))
diff --git a/src/scm/webid-oidc/resource-server.scm b/src/scm/webid-oidc/resource-server.scm
deleted file mode 100644
index 95fa78a..0000000
--- a/src/scm/webid-oidc/resource-server.scm
+++ /dev/null
@@ -1,139 +0,0 @@
-;; disfluid, implementation of the Solid specification
-;; Copyright (C) 2020, 2021 Vivien Kraus
-
-;; This program is free software: you can redistribute it and/or modify
-;; it under the terms of the GNU Affero General Public License as
-;; published by the Free Software Foundation, either version 3 of the
-;; License, or (at your option) any later version.
-
-;; This program is distributed in the hope that it will be useful,
-;; but WITHOUT ANY WARRANTY; without even the implied warranty of
-;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-;; GNU Affero General Public License for more details.
-
-;; You should have received a copy of the GNU Affero General Public License
-;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-(define-module (webid-oidc resource-server)
- #:use-module (webid-oidc errors)
- #:use-module (webid-oidc provider-confirmation)
- #:use-module (webid-oidc jwk)
- #:use-module (webid-oidc dpop-proof)
- #:use-module (webid-oidc serve)
- #:use-module (webid-oidc server endpoint)
- #:use-module (webid-oidc server endpoint authentication)
- #:use-module (webid-oidc server endpoint resource-server)
- #:use-module ((webid-oidc server create) #:prefix ldp:)
- #:use-module ((webid-oidc server read) #:prefix ldp:)
- #:use-module ((webid-oidc server update) #:prefix ldp:)
- #:use-module ((webid-oidc server delete) #:prefix ldp:)
- #:use-module ((webid-oidc server resource wac) #:prefix wac:)
- #:use-module ((webid-oidc server resource path) #:prefix ldp:)
- #:use-module ((webid-oidc server resource content) #:prefix ldp:)
- #:use-module (webid-oidc server precondition)
- #:use-module (webid-oidc server endpoint)
- #:use-module (webid-oidc server endpoint authentication)
- #:use-module (webid-oidc http-link)
- #:use-module ((webid-oidc parameters) #:prefix p:)
- #:use-module ((webid-oidc config) #:prefix cfg:)
- #:use-module (webid-oidc jti)
- #:use-module (webid-oidc access-token)
- #:use-module (web request)
- #:use-module (web response)
- #:use-module (web uri)
- #:use-module (web server)
- #:use-module (ice-9 optargs)
- #:use-module (ice-9 receive)
- #:use-module (webid-oidc web-i18n)
- #:use-module (ice-9 getopt-long)
- #:use-module (ice-9 suspendable-ports)
- #:use-module (ice-9 control)
- #:use-module (ice-9 match)
- #:use-module (ice-9 exceptions)
- #:use-module (sxml simple)
- #:use-module (srfi srfi-19)
- #:use-module (srfi srfi-26)
- #:use-module (oop goops)
- #:duplicates (merge-generics)
- #:declarative? #t
- #:export
- (
- make-authenticator
- make-resource-server
- ))
-
-(define-class <stub-endpoint> (<endpoint>))
-
-(define return
- (make-parameter #f))
-
-(define-method (handle (endpoint <stub-endpoint>) request request-body)
- ((return) (assq-ref (request-meta request) 'user)))
-
-(define* (make-authenticator #:key (server-uri #f))
- (unless (and server-uri (uri? server-uri))
- (fail (G_ "You need to pass #:server-uri URI where URI is the public URI of the server, as a (web uri).")))
- (let* ((backend (make <stub-endpoint>))
- (endpoint (make <authenticator>
- #:backend backend
- #:server-uri server-uri)))
- (lambda (request request-body)
- (parameterize ((web-locale request))
- (with-exception-handler
- (lambda (error)
- #f)
- (lambda ()
- (let/ec ret
- (parameterize ((return ret))
- (handle endpoint request request-body))))
- #:unwind? #t)))))
-
-(define* (make-resource-server
- #:key
- (server-uri #f)
- (owner #f)
- (authenticator #f))
- (unless owner
- (fail (G_ "The owner is not defined.")))
- (declare-link-header!)
- (define resource-server
- (make <resource-server>
- #:server-name server-uri
- #:owner owner))
- (define authenticator
- (make <authenticator>
- #:backend resource-server
- #:server-uri server-uri))
- (lambda (request request-body)
- (let/ec return
- (parameterize ((web-locale request))
- (with-exception-handler
- (lambda (exn)
- (unless (web-exception? exn)
- (raise-exception exn))
- (return
- (build-response
- #:code (web-exception-code exn)
- #:reason-phrase (web-exception-reason-phrase exn)
- #:headers `((content-type application/xhtml+xml)))
- (call-with-output-string
- (cute sxml->xml
- `(*TOP*
- (*PI* xml "version=\"1.0\" encoding=\"utf-8\"")
- (html (@ (xmlns "http://www.w3.org/1999/xhtml")
- (xml:lang ,(W_ "xml-lang|en")))
- (body
- ,(call-with-input-string
- (format #f (W_ "<h1>The resource server request failed</h1>"))
- xml->sxml)
- ,(if (user-message? exn)
- (user-message-sxml exn)
- (call-with-input-string
- (format #f (W_ "<p>No more information.</p>"))
- xml->sxml)))))
- <>))))
- (lambda ()
- (receive (response response-body response-meta)
- (handle authenticator request request-body)
- (return response response-body)))
- #:unwind? #t)))))
diff --git a/src/scm/webid-oidc/reverse-proxy.scm b/src/scm/webid-oidc/reverse-proxy.scm
deleted file mode 100644
index 4221fa5..0000000
--- a/src/scm/webid-oidc/reverse-proxy.scm
+++ /dev/null
@@ -1,90 +0,0 @@
-;; disfluid, implementation of the Solid specification
-;; Copyright (C) 2020, 2021 Vivien Kraus
-
-;; This program is free software: you can redistribute it and/or modify
-;; it under the terms of the GNU Affero General Public License as
-;; published by the Free Software Foundation, either version 3 of the
-;; License, or (at your option) any later version.
-
-;; This program is distributed in the hope that it will be useful,
-;; but WITHOUT ANY WARRANTY; without even the implied warranty of
-;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-;; GNU Affero General Public License for more details.
-
-;; You should have received a copy of the GNU Affero General Public License
-;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-(define-module (webid-oidc reverse-proxy)
- #:use-module (webid-oidc errors)
- #:use-module ((webid-oidc stubs) #:prefix stubs:)
- #:use-module (webid-oidc resource-server)
- #:use-module ((webid-oidc config) #:prefix cfg:)
- #:use-module ((webid-oidc parameters) #:prefix p:)
- #:use-module (ice-9 optargs)
- #:use-module (ice-9 receive)
- #:use-module (ice-9 i18n)
- #:use-module (ice-9 getopt-long)
- #:use-module (ice-9 suspendable-ports)
- #:use-module (srfi srfi-19)
- #:use-module (rnrs bytevectors)
- #:use-module (web uri)
- #:use-module (web client) ;; required to pass the request along
- #:use-module (web request)
- #:use-module (web response)
- #:use-module (webid-oidc cache)
- #:use-module (webid-oidc web-i18n)
- #:use-module (web server)
- #:use-module (webid-oidc server endpoint)
- #:use-module (webid-oidc server endpoint reverse-proxy)
- #:declarative? #t
- #:export
- (
- make-reverse-proxy
- ))
-
-(define* (make-reverse-proxy
- #:key
- (server-uri #f)
- (endpoint #f)
- (auth-header 'XXX-Agent))
- (set! auth-header
- ;; We need to remove the lowercase version of auth-header from
- ;; all incoming requests!
- (string->symbol
- (string-downcase
- (symbol->string auth-header))))
- (define authenticate
- (make-authenticator
- #:server-uri server-uri))
- (unless (and endpoint (uri? endpoint))
- (fail (G_ "#:endpoint argument is not present or not an URI.")))
- (define backend
- (make <reverse-proxy>
- #:backend-uri endpoint
- #:authentication-header auth-header))
- (lambda (request request-body)
- (let ((agent
- (catch #t
- (lambda ()
- (authenticate request request-body))
- (lambda (key . args)
- (case key
- ((invalid-access-token
- invalid-proof
- unconfirmed-issuer)
- #f)
- (else
- (apply throw key args))))))
- (request-time ((p:current-date))))
- (parameterize ((p:current-date request-time)
- (web-locale request))
- (set! request
- (build-request (request-uri request)
- #:method (request-method request)
- #:version (request-version request)
- #:headers (request-headers request)
- #:port (request-port request)
- #:meta `((user . ,agent) ,@(request-meta request))))
- (receive (response response-body response-meta)
- (handle backend request request-body)
- (values response response-body))))))
diff --git a/src/scm/webid-oidc/simulation.scm b/src/scm/webid-oidc/simulation.scm
index 0accdc4..38c22ae 100644
--- a/src/scm/webid-oidc/simulation.scm
+++ b/src/scm/webid-oidc/simulation.scm
@@ -16,8 +16,7 @@
(define-module (webid-oidc simulation)
#:use-module ((webid-oidc client) #:prefix client:)
- #:use-module (webid-oidc identity-provider)
- #:use-module (webid-oidc resource-server)
+ #:use-module (webid-oidc server endpoint)
#:use-module (webid-oidc web-i18n)
#:use-module (webid-oidc errors)
#:use-module ((webid-oidc parameters) #:prefix p:)
@@ -29,36 +28,37 @@
#:use-module (ice-9 receive)
#:use-module (ice-9 optargs)
#:use-module (ice-9 match)
+ #:use-module (ice-9 control)
+ #:use-module (srfi srfi-26)
+ #:use-module (sxml simple)
+ #:use-module (oop goops)
#:export
(
<simulation>
- make-simulation
- simulation?
- simulation-scroll-log!
+ endpoint
+ log
+
+ scroll-log!
request
get
post
grant-authorization
- add-server!
- add-client!
)
#:declarative? #t)
-(define-record-type <simulation>
- (make-full-simulation handlers-rev log-rev)
- simulation?
- (handlers-rev simulation-handlers-rev simulation-handlers-rev-set!)
- (log-rev simulation-log-rev simulation-log-rev-set!))
+(define-class <simulation> ()
+ (endpoint #:init-keyword #:endpoint #:getter endpoint)
+ (log-rev #:getter log-rev #:init-value '()))
-(define (make-simulation)
- (make-full-simulation '() '()))
+(define-method (log (simulation <simulation>))
+ (reverse (log-rev simulation)))
-(define (simulation-scroll-log! simulation)
- (let ((log (reverse (simulation-log-rev simulation))))
- (simulation-log-rev-set! simulation '())
- log))
+(define-method (scroll-log! (simulation <simulation>))
+ (let ((the-log (log simulation)))
+ (slot-set! simulation 'log-rev '())
+ the-log))
(define* (request simulation uri
#:key
@@ -66,12 +66,7 @@
(body #f)
(version '(1 . 1))
(headers '()))
- (let ((server-uri
- (build-uri (uri-scheme uri)
- #:userinfo (uri-userinfo uri)
- #:host (uri-host uri)
- #:port (uri-port uri)))
- (rq
+ (let ((rq
(build-request uri
#:method method
#:version version
@@ -79,23 +74,34 @@
#:port (open-output-string)))
(rq-body body))
(receive (response response-body)
- (let find-handler ((handlers
- (reverse
- (simulation-handlers-rev simulation))))
- (match handlers
- (()
- (values
- (build-response #:code 404
- #:reason-phrase "Not Found")
- "Resource not found."))
- (((server . handler) tl ...)
- (if (equal? server server-uri)
- (receive (response response-body . _)
- (handler rq rq-body)
- (if (eqv? (response-code response) 404)
- (find-handler tl)
- (values response response-body)))
- (find-handler tl)))))
+ (let/ec return
+ (with-exception-handler
+ (lambda (error)
+ (when (web-exception? error)
+ (return
+ (build-response #:code (web-exception-code error)
+ #:reason-phrase (web-exception-reason-phrase error)
+ #:headers `((content-type application/xhtml-xml)))
+ (call-with-output-string
+ (cute sxml->xml
+ `(*TOP*
+ (*PI* xml "version=\"1.0\" encoding=\"utf-8\"")
+ (html (@ (xmlns "http://www.w3.org/1999/xhtml")
+ (xml:lang ,(W_ "xml-lang|en")))
+ (head
+ (title ,(W_ "An error happened…")))
+ (body
+ ,(call-with-input-string
+ (format #f (W_ "<p>Sorry, an error happened.</p>"))
+ xml->sxml)
+ ,(user-message-sxml error))))
+ <>))))
+ ;; Other kind of exception
+ (raise-exception error))
+ (lambda ()
+ (receive (response response-body response-meta)
+ (handle (endpoint simulation) rq rq-body)
+ (values response response-body)))))
(unless (response-date response)
;; We need to set a date.
(set! response
@@ -105,10 +111,9 @@
#:headers `((date . ,((p:current-date)))
,@(response-headers response))
#:port (response-port response))))
- (simulation-log-rev-set!
- simulation
- `((,rq ,rq-body ,response ,response-body)
- ,@(simulation-log-rev simulation)))
+ (slot-set! simulation 'log-rev
+ `((,rq ,rq-body ,response ,response-body)
+ ,@(slot-ref simulation 'log-rev)))
(values response response-body))))
(define* (get simulation uri . args)
@@ -134,51 +139,3 @@
(query (uri-query uri))
(code (substring query (string-length "code="))))
code)))
-
-(define (add-server! simulation server-uri owner)
- (define (with-path uri path)
- (build-uri (uri-scheme uri)
- #:userinfo (uri-userinfo uri)
- #:host (uri-host uri)
- #:port (uri-port uri)
- #:path path))
- (let ((identity-provider
- (make-identity-provider
- server-uri
- (string-append (p:data-home)
- "/"
- (uri-encode (uri->string server-uri))
- "/key.jwk")
- owner
- (crypt "password" "xxx")
- (with-path server-uri "/keys")
- (with-path server-uri "/authorize")
- (with-path server-uri "/token")))
- (server
- (make-resource-server
- #:server-uri server-uri
- #:owner owner)))
- (define (handle request body)
- (let ((path (uri-path (request-uri request))))
- (if (member path
- '("/.well-known/openid-configuration"
- "/keys"
- "/authorize"
- "/token"))
- (identity-provider request body)
- (server request body))))
- ;; Ensure that the profile exists
- (server:create-root server-uri owner)
- (simulation-handlers-rev-set!
- simulation
- `((,server-uri . ,handle)
- ,@(simulation-handlers-rev simulation)))))
-
-(define (add-client! simulation server-uri client-id redirect-uri name uri)
- (simulation-handlers-rev-set!
- simulation
- `((,server-uri
- . ,(client:serve-application client-id redirect-uri
- #:client-name name
- #:client-uri uri))
- ,@(simulation-handlers-rev simulation))))
diff --git a/src/scm/webid-oidc/testing.scm b/src/scm/webid-oidc/testing.scm
index c26ab5e..f594b6d 100644
--- a/src/scm/webid-oidc/testing.scm
+++ b/src/scm/webid-oidc/testing.scm
@@ -20,7 +20,6 @@
#:use-module (srfi srfi-9)
#:use-module (ice-9 optargs)
#:use-module (webid-oidc parameters)
- #:use-module (webid-oidc resource-server)
#:use-module (webid-oidc refresh-token)
#:use-module (webid-oidc client))
diff --git a/src/scm/webid-oidc/token-endpoint.scm b/src/scm/webid-oidc/token-endpoint.scm
deleted file mode 100644
index f96e768..0000000
--- a/src/scm/webid-oidc/token-endpoint.scm
+++ /dev/null
@@ -1,94 +0,0 @@
-;; disfluid, implementation of the Solid specification
-;; Copyright (C) 2020, 2021 Vivien Kraus
-
-;; This program is free software: you can redistribute it and/or modify
-;; it under the terms of the GNU Affero General Public License as
-;; published by the Free Software Foundation, either version 3 of the
-;; License, or (at your option) any later version.
-
-;; This program is distributed in the hope that it will be useful,
-;; but WITHOUT ANY WARRANTY; without even the implied warranty of
-;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-;; GNU Affero General Public License for more details.
-
-;; You should have received a copy of the GNU Affero General Public License
-;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-(define-module (webid-oidc token-endpoint)
- #:use-module (webid-oidc server endpoint identity-provider)
- #:use-module (webid-oidc errors)
- #:use-module (webid-oidc server endpoint)
- #:use-module (webid-oidc authorization-code)
- #:use-module (webid-oidc dpop-proof)
- #:use-module (webid-oidc jws)
- #:use-module (webid-oidc jwk)
- #:use-module (webid-oidc oidc-id-token)
- #:use-module (webid-oidc access-token)
- #:use-module (webid-oidc web-i18n)
- #:use-module ((webid-oidc parameters) #:prefix p:)
- #:use-module ((webid-oidc stubs) #:prefix stubs:)
- #:use-module ((webid-oidc refresh-token) #:prefix refresh:)
- #:use-module (web request)
- #:use-module (web response)
- #:use-module (web uri)
- #:use-module (ice-9 optargs)
- #:use-module (ice-9 receive)
- #:use-module (ice-9 control)
- #:use-module (ice-9 exceptions)
- #:use-module (srfi srfi-19)
- #:use-module (srfi srfi-26)
- #:use-module (rnrs bytevectors)
- #:use-module (sxml simple)
- #:use-module (sxml match)
- #:use-module (oop goops)
- #:duplicates (merge-generics)
- #:declarative? #t
- #:export
- (
- make-token-endpoint
- ))
-
-(define (try-handle-web-failure thunk)
- (call/ec
- (lambda (return)
- (with-exception-handler
- (lambda (error)
- (unless (web-exception? error)
- (raise-exception error))
- (return
- (build-response
- #:code (web-exception-code error)
- #:reason-phrase (web-exception-reason-phrase error)
- #:headers `((content-type application/xhtml+xml)))
- (call-with-output-string
- (cute sxml->xml
- `(*TOP*
- (*PI* xml "version=\"1.0\" encoding=\"utf-8\"")
- (html (@ (xmlns "http://www.w3.org/1999/xhtml")
- (xml:lang ,(W_ "xml-lang|en")))
- (body
- ,(call-with-input-string
- (format #f (W_ "<h1>The token request failed</h1>"))
- xml->sxml)
- ,(if (user-message? error)
- (user-message-sxml error)
- (call-with-input-string
- (format #f (W_ "<p>No more information.</p>"))
- xml->sxml)))))
- <>))))
- thunk))))
-
-(define (make-token-endpoint token-endpoint-uri iss issuer-key-file)
- (define endpoint
- (make <token-endpoint>
- #:issuer iss
- #:key-file issuer-key-file))
- (lambda (request request-body)
- (when (bytevector? request-body)
- (set! request-body (utf8->string request-body)))
- (try-handle-web-failure
- (lambda ()
- (parameterize ((web-locale request))
- (receive (response response-body response-meta)
- (handle endpoint request request-body)
- (values response response-body)))))))
diff --git a/tests/authorization-endpoint-get-form.scm b/tests/authorization-endpoint-get-form.scm
index 25b7128..a3cbf2b 100644
--- a/tests/authorization-endpoint-get-form.scm
+++ b/tests/authorization-endpoint-get-form.scm
@@ -1,4 +1,4 @@
-;; webid-oidc, implementation of the Solid specification
+;; disfluid, implementation of the Solid specification
;; Copyright (C) 2020, 2021 Vivien Kraus
;; This program is free software: you can redistribute it and/or modify
@@ -14,17 +14,22 @@
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-(use-modules (webid-oidc authorization-endpoint)
- (webid-oidc jwk)
- (webid-oidc testing)
- ((webid-oidc parameters) #:prefix p:)
- (web uri)
- (web request)
- (web response)
- (srfi srfi-19)
- (web response)
- (ice-9 optargs)
- (ice-9 receive))
+(define-module (tests authorization-endpoint-get-form)
+ #:use-module (webid-oidc jwk)
+ #:use-module (webid-oidc testing)
+ #:use-module ((webid-oidc parameters) #:prefix p:)
+ #:use-module (web uri)
+ #:use-module (web request)
+ #:use-module (web response)
+ #:use-module (srfi srfi-19)
+ #:use-module (web response)
+ #:use-module (ice-9 optargs)
+ #:use-module (ice-9 receive)
+ #:use-module (webid-oidc server endpoint)
+ #:use-module (webid-oidc server endpoint identity-provider)
+ #:use-module (oop goops)
+ #:duplicates (merge-generics)
+ #:declarative? #t)
(with-test-environment
"authorization-endpoint-get-form"
@@ -32,16 +37,18 @@
(define subject (string->uri "https://authorization-endpoint-get-form.scm/profile/card#me"))
(define password "p4ssw0rd")
(define endpoint
- (make-authorization-endpoint
- subject password "key-file.jwk"))
- (receive (response response-body)
+ (make <authorization-endpoint>
+ #:subject subject
+ #:encrypted-password (crypt password "$6$some.salt.data")
+ #:key-file "key-file.jwk"))
+ (receive (response response-body response-meta)
(parameterize ((p:current-date 0))
- (endpoint
- (build-request (string->uri
- (format #f "https://authorization-endpoint-get-form.scm/authorize?client_id=~a&redirect_uri=~a"
- (uri-encode "https://authorization-endpoint-get-form.scm/client/card#app")
- (uri-encode "https://authorization-endpoint-get-form.scm/client/redirect"))))
- ""))
+ (handle endpoint
+ (build-request (string->uri
+ (format #f "https://authorization-endpoint-get-form.scm/authorize?client_id=~a&redirect_uri=~a"
+ (uri-encode "https://authorization-endpoint-get-form.scm/client/card#app")
+ (uri-encode "https://authorization-endpoint-get-form.scm/client/redirect"))))
+ ""))
(unless (eq? (response-code response) 200)
(exit 3))
(unless (response-content-type response)
diff --git a/tests/authorization-endpoint-no-args.scm b/tests/authorization-endpoint-no-args.scm
index 7976d9d..0cc2fab 100644
--- a/tests/authorization-endpoint-no-args.scm
+++ b/tests/authorization-endpoint-no-args.scm
@@ -1,4 +1,4 @@
-;; webid-oidc, implementation of the Solid specification
+;; disfluid, implementation of the Solid specification
;; Copyright (C) 2020, 2021 Vivien Kraus
;; This program is free software: you can redistribute it and/or modify
@@ -14,17 +14,22 @@
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-(use-modules (webid-oidc authorization-endpoint)
- (webid-oidc jwk)
- (webid-oidc testing)
- ((webid-oidc parameters) #:prefix p:)
- (web uri)
- (web request)
- (web response)
- (srfi srfi-19)
- (web response)
- (ice-9 optargs)
- (ice-9 receive))
+(define-module (tests authorization-endpoint-no-args)
+ #:use-module (webid-oidc jwk)
+ #:use-module (webid-oidc testing)
+ #:use-module ((webid-oidc parameters) #:prefix p:)
+ #:use-module (web uri)
+ #:use-module (web request)
+ #:use-module (web response)
+ #:use-module (srfi srfi-19)
+ #:use-module (web response)
+ #:use-module (ice-9 optargs)
+ #:use-module (ice-9 receive)
+ #:use-module (webid-oidc server endpoint)
+ #:use-module (webid-oidc server endpoint identity-provider)
+ #:use-module (oop goops)
+ #:duplicates (merge-generics)
+ #:declarative? #t)
(with-test-environment
"authorization-endpoint-no-args"
@@ -32,12 +37,25 @@
(define subject (string->uri "https://authorization-endpoint-get-form.scm/profile/card#me"))
(define password "p4ssw0rd")
(define endpoint
- (make-authorization-endpoint subject password "./key-file.jwk"))
- (receive (response response-body)
+ (make <authorization-endpoint>
+ #:subject subject
+ #:encrypted-password (crypt password "$6$some.salt.data")
+ #:key-file "key-file.jwk"))
+ (with-exception-handler
+ (lambda (exn)
+ (unless (and (web-exception? exn)
+ (eqv? (web-exception-code exn) 400))
+ (raise-exception
+ (make-exception
+ (make-exception-with-message
+ "I was expected a 400 response.")
+ exn))))
+ (lambda ()
(parameterize ((p:current-date 0))
- (endpoint
- (build-request (string->uri
- "https://authorization-endpoint-get-form.scm/authorize"))
- ""))
- (unless (eq? (response-code response) 400)
- (exit 3)))))
+ (handle endpoint
+ (build-request (string->uri
+ "https://authorization-endpoint-get-form.scm/authorize"))
+ "")
+ (exit 3)))
+ #:unwind? #t
+ #:unwind-for-type &web-exception)))
diff --git a/tests/authorization-endpoint-submit-form.scm b/tests/authorization-endpoint-submit-form.scm
index 78216a9..de5c76c 100644
--- a/tests/authorization-endpoint-submit-form.scm
+++ b/tests/authorization-endpoint-submit-form.scm
@@ -15,13 +15,15 @@
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
(define-module (tests authorization-endpoint-submit-form)
- #:use-module (webid-oidc authorization-endpoint)
#:use-module (webid-oidc authorization-code)
+ #:use-module (webid-oidc server endpoint)
+ #:use-module (webid-oidc server endpoint identity-provider)
#:use-module (webid-oidc client-manifest)
#:use-module (webid-oidc jwk)
#:use-module (webid-oidc cache)
#:use-module (webid-oidc jti)
#:use-module (webid-oidc testing)
+ #:use-module (webid-oidc errors)
#:use-module ((webid-oidc parameters) #:prefix p:)
#:use-module ((webid-oidc stubs) #:prefix stubs:)
#:use-module (web uri)
@@ -31,6 +33,7 @@
#:use-module (web response)
#:use-module (ice-9 optargs)
#:use-module (ice-9 receive)
+ #:use-module (ice-9 exceptions)
#:use-module (oop goops)
#:declarative? #t
#:duplicates (merge-generics))
@@ -54,8 +57,10 @@
(define the-response (car served))
(define the-response-body (cdr served))
(define endpoint
- (make-authorization-endpoint
- subject encrypted-password "key-file.jwk"))
+ (make <authorization-endpoint>
+ #:subject subject
+ #:encrypted-password encrypted-password
+ #:key-file "key-file.jwk"))
(parameterize ((p:anonymous-http-request
(lambda* (uri #:key (headers '()) #:allow-other-keys)
(unless (equal? uri what-uri-to-expect)
@@ -63,30 +68,43 @@
(values the-response the-response-body))))
(use-cache
(lambda ()
- (receive (response response-body)
+ (with-exception-handler
+ (lambda (exn)
+ (unless (and (web-exception? exn)
+ (eqv? (web-exception-code exn) 401))
+ (raise-exception
+ (make-exception
+ (make-exception-with-message
+ (if (web-exception? exn)
+ (format #f "the error code should be 401, not ~a"
+ (web-exception-code exn))
+ (format #f "there should be a web error")))
+ exn))))
+ (lambda ()
;; The password is fake!
(parameterize ((p:current-date 0))
- (endpoint
- (build-request (string->uri
- (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
- (uri-encode (uri->string client))
- (uri-encode (uri->string redirect))))
- #:headers '((content-type application/x-www-form-urlencoded))
- #:method 'POST
- #:port #t)
- "password=fake"))
- (when (eq? (response-code response) 302)
- (exit 3)))
- (receive (response response-body)
+ (handle endpoint
+ (build-request (string->uri
+ (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
+ (uri-encode (uri->string client))
+ (uri-encode (uri->string redirect))))
+ #:headers '((content-type application/x-www-form-urlencoded))
+ #:method 'POST
+ #:port #t)
+ "password=fake")
+ (exit 3)))
+ #:unwind? #t
+ #:unwind-for-type &web-exception)
+ (receive (response response-body response-meta)
(parameterize ((p:current-date 0))
- (endpoint
- (build-request (string->uri
- (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
- (uri-encode (uri->string client))
- (uri-encode (uri->string redirect))))
- #:headers '((content-type application/x-www-form-urlencoded))
- #:method 'POST
- #:port #t)
+ (handle endpoint
+ (build-request (string->uri
+ (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
+ (uri-encode (uri->string client))
+ (uri-encode (uri->string redirect))))
+ #:headers '((content-type application/x-www-form-urlencoded))
+ #:method 'POST
+ #:port #t)
"password=p4ssw0rd"))
(unless (eq? (response-code response) 302)
(exit 4))
diff --git a/tests/client-manifest-not-modified.scm b/tests/client-manifest-not-modified.scm
index 26f4852..9026c87 100644
--- a/tests/client-manifest-not-modified.scm
+++ b/tests/client-manifest-not-modified.scm
@@ -1,4 +1,4 @@
-;; webid-oidc, implementation of the Solid specification
+;; disfluid, implementation of the Solid specification
;; Copyright (C) 2020, 2021 Vivien Kraus
;; This program is free software: you can redistribute it and/or modify
@@ -14,31 +14,40 @@
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-(use-modules (webid-oidc client)
- (webid-oidc testing)
- (webid-oidc errors)
- (web uri)
- (srfi srfi-19)
- (web request)
- (web response)
- (ice-9 optargs)
- (ice-9 receive))
+(define-module (tests client-manifest-not-modified)
+ #:use-module (webid-oidc server endpoint)
+ #:use-module (webid-oidc server endpoint client)
+ #:use-module (webid-oidc client)
+ #:use-module (webid-oidc testing)
+ #:use-module (webid-oidc errors)
+ #:use-module (web uri)
+ #:use-module (srfi srfi-19)
+ #:use-module (web request)
+ #:use-module (web response)
+ #:use-module (ice-9 optargs)
+ #:use-module (ice-9 receive)
+ #:use-module (oop goops)
+ #:declarative? #t
+ #:duplicates (merge-generics))
(with-test-environment
"client-manifest-not-modified"
(lambda ()
- (let ((handler (serve-application
- (string->uri "https://example.com/manifest")
- (string->uri "https://example.com/authorized"))))
- (receive (response response-body)
- (handler (build-request (string->uri "https://example.com/manifest"))
- "")
- (let ((etag (response-etag response)))
- (unless etag
- (exit 1))
- (receive (second-response second-response-body)
- (handler (build-request (string->uri "https://example.com/manifest")
- #:headers `((if-none-match . (,etag))))
- "")
- (unless (eqv? (response-code second-response) 304)
- (exit 2))))))))
+ (define endpoint
+ (make <client-id>
+ #:client-id (string->uri "https://example.com/manifest")
+ #:redirect-uris (list (string->uri "https://example.com/authorized"))))
+ (receive (response response-body response-meta)
+ (handle endpoint
+ (build-request (string->uri "https://example.com/manifest"))
+ #f)
+ (let ((etag (response-etag response)))
+ (unless etag
+ (exit 1))
+ (receive (second-response second-response-body second-response-meta)
+ (handle endpoint
+ (build-request (string->uri "https://example.com/manifest")
+ #:headers `((if-none-match . (,etag))))
+ #f)
+ (unless (eqv? (response-code second-response) 304)
+ (exit 2)))))))
diff --git a/tests/client-workflow.scm b/tests/client-workflow.scm
index ed1c1b4..63d505a 100644
--- a/tests/client-workflow.scm
+++ b/tests/client-workflow.scm
@@ -19,9 +19,15 @@
#:use-module ((webid-oidc client accounts) #:prefix client:)
#:use-module ((webid-oidc jwk) #:prefix jwk:)
#:use-module (webid-oidc testing)
+ #:use-module (webid-oidc oidc-configuration)
+ #:use-module (webid-oidc server endpoint)
+ #:use-module (webid-oidc server endpoint resource-server)
+ #:use-module (webid-oidc server endpoint identity-provider)
+ #:use-module (webid-oidc server endpoint client)
+ #:use-module (webid-oidc server endpoint authentication)
#:use-module ((webid-oidc stubs) #:prefix stubs:)
#:use-module ((webid-oidc refresh-token) #:prefix refresh:)
- #:use-module ((webid-oidc simulation) #:prefix sim:)
+ #:use-module (webid-oidc simulation)
#:use-module ((webid-oidc parameters) #:prefix p:)
#:use-module (web uri)
#:use-module (web request)
@@ -33,6 +39,7 @@
#:use-module (ice-9 hash-table)
#:use-module (ice-9 match)
#:use-module (oop goops)
+ #:declarative? #t
#:duplicates (merge-generics))
;; In this example, a user firsts requests an account, then logs in
@@ -59,39 +66,75 @@
(with-test-environment
"client-workflow"
(lambda ()
- (let ((simulation (sim:make-simulation))
+ (let ((simulation
+ (make <simulation>
+ #:endpoint
+ (make <router>
+ #:routed
+ (list
+ (make <identity-provider>
+ #:host "server.client-workflow.scm"
+ #:oidc-discovery
+ (make <oidc-discovery>
+ #:path "/.well-known/openid-configuration"
+ #:configuration
+ (make <oidc-configuration>
+ #:jwks-uri "https://server.client-workflow.scm/keys"
+ #:authorization-endpoint "https://server.client-workflow.scm/authorize"
+ #:token-endpoint "https://server.client-workflow.scm/token"))
+ #:authorization-endpoint
+ (make <authorization-endpoint>
+ #:path "/authorize"
+ #:subject "https://server.client-workflow.scm/alice#me"
+ #:encrypted-password (crypt "password" "$6$password")
+ #:key-file "key-file.jwk")
+ #:token-endpoint
+ (make <token-endpoint>
+ #:path "/token"
+ #:issuer "https://server.client-workflow.scm"
+ #:key-file "key-file.jwk")
+ #:jwks-endpoint
+ (make <jwks-endpoint>
+ #:path "/keys"
+ #:key-file "key-file.jwk")
+ #:default
+ (make <authenticator>
+ #:backend
+ (make <resource-server>
+ #:server-name "https://server.client-workflow.scm"
+ #:owner "https://server.client-workflow.scm/alice#me")
+ #:server-uri "https://server.client-workflow.scm"))
+ (make <client-id>
+ #:host "client.client-workflow.scm"
+ #:client-id "https://client.client-workflow.scm/id"
+ #:redirect-uris '("https://client.client-workflow.scm/authorized")
+ #:client-name "Client workflow test"
+ #:client-uri "https://client.client-workflow.scm/about"
+ #:grant-types '(authorization_code refresh_token)
+ #:response-types '(code))))))
(account #f))
- (sim:add-server! simulation
- (string->uri "https://server@client-workflow.scm")
- (string->uri "https://server@client-workflow.scm/alice#me"))
- (sim:add-client! simulation
- (string->uri "https://client@client-workflow.scm")
- (string->uri "https://client@client-workflow.scm/id")
- (string->uri "https://client@client-workflow.scm/authorized")
- "Client workflow test"
- (string->uri "https://client@client-workflow.scm/about"))
(parameterize ((client:client
(make <client:client>
- #:client-id "https://client@client-workflow.scm/id"
+ #:client-id "https://client.client-workflow.scm/id"
#:redirect-uri
- (string->uri "https://client@client-workflow.scm/authorized")))
+ (string->uri "https://client.client-workflow.scm/authorized")))
(p:anonymous-http-request
- (cute sim:request simulation <...>)))
+ (cute (@ (webid-oidc simulation) request) simulation <...>)))
(parameterize ((p:current-date 0)
(client:authorization-process
(lambda* (uri #:key reason)
- (sim:grant-authorization simulation uri))))
+ (grant-authorization simulation uri))))
(receive (new-account response response-body)
(begin
(set! account
- (make <client:account> #:issuer "https://server@client-workflow.scm"))
+ (make <client:account> #:issuer "https://server.client-workflow.scm"))
(client:request account
- (string->uri "https://server@client-workflow.scm/")))
+ (string->uri "https://server.client-workflow.scm/")))
(set! account new-account)
(unless (eqv? (response-code response) 200)
;; Only Alice can read that resource.
(exit 3)))
- (match (sim:simulation-scroll-log! simulation)
+ (match (scroll-log! simulation)
;; 1. The client gets the oidc configuration of the
;; server.
@@ -124,39 +167,39 @@
(and
;; 1. Get the authorization endpoint.
(equal? (request-uri get-oidc-config-request)
- (string->uri "https://server@client-workflow.scm/.well-known/openid-configuration"))
+ (string->uri "https://server.client-workflow.scm/.well-known/openid-configuration"))
(eqv? (response-code get-oidc-config-response) 200)
;; 2. The server checks the client ID.
(equal? (request-uri get-client-id-request)
- (string->uri "https://client@client-workflow.scm/id"))
+ (string->uri "https://client.client-workflow.scm/id"))
(eqv? (response-code get-client-id-response) 200)
;; 3. The authorization request completes.
(string-prefix?
- "https://server@client-workflow.scm/authorize?"
+ "https://server.client-workflow.scm/authorize?"
(uri->string (request-uri authorization-request)))
(eq? (request-method authorization-request) 'POST)
(eqv? (response-code authorization-response) 302)
(string-prefix?
- "https://client@client-workflow.scm/authorized?"
+ "https://client.client-workflow.scm/authorized?"
(uri->string (response-location authorization-response)))
;; 4. Token negociation.
(equal? (request-uri token-request)
- (string->uri "https://server@client-workflow.scm/token"))
+ (string->uri "https://server.client-workflow.scm/token"))
(eqv? (response-code token-response) 200)
;; 5. The final request.
(equal? (request-uri final-request)
- (string->uri "https://server@client-workflow.scm/"))
+ (string->uri "https://server.client-workflow.scm/"))
(eqv? (response-code final-response) 200))
(exit 4)))))
;; 1 hour later, the access token should have expired.
(parameterize ((p:current-date 3600))
(receive (new-account response response-body)
- (client:request account (string->uri "https://server@client-workflow.scm/"))
+ (client:request account (string->uri "https://server.client-workflow.scm/"))
(set! account new-account)
(unless (eqv? (response-code response) 200)
;; Only Alice can read that resource.
(exit 5)))
- (match (sim:simulation-scroll-log! simulation)
+ (match (scroll-log! simulation)
;; 1. and 2. The client starts sending the request, the server
;; querries the identity provider and keys.
@@ -187,39 +230,39 @@
;; 3. The client realizes that the access token is
;; expired.
(equal? (request-uri naively-try-request)
- (string->uri "https://server@client-workflow.scm/"))
+ (string->uri "https://server.client-workflow.scm/"))
(eqv? (response-code naively-try-response) 401)
(eqv? (time-second (date->time-utc (response-date naively-try-response)))
3600)
;; 4. The client discovers the token endpoint.
(equal? (request-uri get-token-endpoint-request)
- (string->uri "https://server@client-workflow.scm/.well-known/openid-configuration"))
+ (string->uri "https://server.client-workflow.scm/.well-known/openid-configuration"))
(eqv? (response-code get-token-endpoint-response) 200)
;; 5. Refresh the access token.
(equal? (request-uri refresh-request)
- (string->uri "https://server@client-workflow.scm/token"))
+ (string->uri "https://server.client-workflow.scm/token"))
(eqv? (response-code refresh-response) 200)
;; 10. Send again.
(equal? (request-uri with-new-refresh-token-request)
- (string->uri "https://server@client-workflow.scm/"))
+ (string->uri "https://server.client-workflow.scm/"))
(eqv? (response-code with-new-refresh-token-response) 200))
(exit 6)))))
;; Wait another hour, and we’ll need to update the refresh
;; token again, but this time it’s not there anymore.
(parameterize ((p:current-date 7200))
(refresh:remove-refresh-token
- (string->uri "https://server@client-workflow.scm/alice#me")
- (string->uri "https://client@client-workflow.scm/id"))
+ (string->uri "https://server.client-workflow.scm/alice#me")
+ (string->uri "https://client.client-workflow.scm/id"))
(with-exception-handler
(lambda (error)
(unless (client:refresh-token-expired? error)
(exit 7)))
(lambda ()
- (client:request account (string->uri "https://server@client-workflow.scm/"))
+ (client:request account (string->uri "https://server.client-workflow.scm/"))
(exit 8))
#:unwind? #t
#:unwind-for-type client:&refresh-token-expired)
- (match (sim:simulation-scroll-log! simulation)
+ (match (scroll-log! simulation)
;; 1. and 2. The client starts sending the request, the server
;; querries the identity provider and keys.
@@ -239,15 +282,15 @@
;; 3. The client realizes that the access token is
;; expired.
(equal? (request-uri naively-try-request)
- (string->uri "https://server@client-workflow.scm/"))
+ (string->uri "https://server.client-workflow.scm/"))
(eqv? (response-code naively-try-response) 401)
(eqv? (time-second (date->time-utc (response-date naively-try-response)))
7200)
;; 4. The client discovers the token endpoint.
(equal? (request-uri get-token-endpoint-request)
- (string->uri "https://server@client-workflow.scm/.well-known/openid-configuration"))
+ (string->uri "https://server.client-workflow.scm/.well-known/openid-configuration"))
(eqv? (response-code get-token-endpoint-response) 200)
;; 5. The client tries to refresh.
(equal? (request-uri refresh-request)
- (string->uri "https://server@client-workflow.scm/token"))
+ (string->uri "https://server.client-workflow.scm/token"))
(eqv? (response-code refresh-response) 403))))))))
diff --git a/tests/resource-server.scm b/tests/resource-server.scm
index 767088d..94f2816 100644
--- a/tests/resource-server.scm
+++ b/tests/resource-server.scm
@@ -16,13 +16,14 @@
(define-module (tests resource-server)
#:use-module (webid-oidc provider-confirmation)
+ #:use-module (webid-oidc server endpoint)
+ #:use-module (webid-oidc server endpoint authentication)
#:use-module (webid-oidc jti)
#:use-module (webid-oidc jwk)
#:use-module (webid-oidc jws)
#:use-module (webid-oidc oidc-configuration)
#:use-module (webid-oidc access-token)
#:use-module (webid-oidc dpop-proof)
- #:use-module (webid-oidc resource-server)
#:use-module (webid-oidc testing)
#:use-module ((webid-oidc parameters) #:prefix p:)
#:use-module (web uri)
@@ -30,10 +31,18 @@
#:use-module (srfi srfi-19)
#:use-module (web response)
#:use-module (ice-9 optargs)
+ #:use-module (ice-9 control)
#:use-module (ice-9 receive)
#:use-module (oop goops)
#:duplicates (merge-generics))
+(define-class <backend> (<endpoint>))
+
+(define return (make-parameter values))
+
+(define-method (handle (backend <backend>) request request-body)
+ ((return) (assq-ref (request-meta request) 'user)))
+
(with-test-environment
"resource-server"
(lambda ()
@@ -91,12 +100,15 @@ DPoP: ~a\r\n\r\n"
read-request))
(define rq-body "")
(define authenticator
- (make-authenticator
- #:server-uri server-uri))
+ (make <authenticator>
+ #:backend (make <backend>)
+ #:server-uri server-uri))
(define parsed
- (parameterize ((p:current-date 20)
- (p:anonymous-http-request http-get))
- (authenticator rq rq-body)))
+ (let/ec ret
+ (parameterize ((p:current-date 20)
+ (p:anonymous-http-request http-get)
+ (return ret))
+ (handle authenticator rq rq-body))))
(unless (uri? parsed)
(exit 2))
(unless (equal? parsed subject)
diff --git a/tests/token-endpoint-issue.scm b/tests/token-endpoint-issue.scm
index f986e8e..757e650 100644
--- a/tests/token-endpoint-issue.scm
+++ b/tests/token-endpoint-issue.scm
@@ -14,23 +14,29 @@
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-(use-modules (webid-oidc token-endpoint)
- (webid-oidc authorization-code)
- (webid-oidc dpop-proof)
- (webid-oidc access-token)
- (webid-oidc jwk)
- (webid-oidc jws)
- (webid-oidc jti)
- (webid-oidc testing)
- ((webid-oidc stubs) #:prefix stubs:)
- ((webid-oidc parameters) #:prefix p:)
- (web uri)
- (web request)
- (web response)
- (srfi srfi-19)
- (web response)
- (ice-9 optargs)
- (ice-9 receive))
+(define-module (tests token-endpoint-refresh)
+ #:use-module (webid-oidc server endpoint)
+ #:use-module (webid-oidc server endpoint identity-provider)
+ #:use-module (webid-oidc authorization-code)
+ #:use-module (webid-oidc refresh-token)
+ #:use-module (webid-oidc dpop-proof)
+ #:use-module (webid-oidc jwk)
+ #:use-module (webid-oidc access-token)
+ #:use-module (webid-oidc jws)
+ #:use-module (webid-oidc jti)
+ #:use-module (webid-oidc testing)
+ #:use-module ((webid-oidc stubs) #:prefix stubs:)
+ #:use-module ((webid-oidc parameters) #:prefix p:)
+ #:use-module (web uri)
+ #:use-module (web request)
+ #:use-module (web response)
+ #:use-module (srfi srfi-19)
+ #:use-module (web response)
+ #:use-module (ice-9 optargs)
+ #:use-module (ice-9 receive)
+ #:use-module (oop goops)
+ #:duplicates (merge-generics)
+ #:declarative? #t)
(with-test-environment
"token-endpoint-issue"
@@ -46,18 +52,27 @@
(define subject (string->uri "https://token-endpoint-issue.scm/profile/card#me"))
(define client (string->uri "https://token-endpoint-issue.scm/client/card#app"))
(define issuer (string->uri "https://issuer.token-endpoint-issue.scm"))
+ (define endpoint
+ (make <token-endpoint>
+ #:issuer "https://issuer.token-endpoint-issue.scm"
+ #:key-file "key-file.jwk"))
(define authz
(parameterize ((p:current-date 0))
(issue <authorization-code>
key
#:webid subject
#:client-id client)))
- (define endpoint
- (make-token-endpoint
- (string->uri "https://token-endpoint-issue.scm/token")
- issuer "key-file.jwk"))
- (receive (response response-body . _)
- ;; The code is fake!
+ (with-exception-handler
+ (lambda (exn)
+ (unless (and (web-exception? exn)
+ (eqv? (web-exception-code exn) 400))
+ (raise-exception
+ (make-exception
+ (make-exception-with-message
+ (format #f "the error code should be 400"))
+ exn))))
+ (lambda ()
+ ;; The refresh token is fake!
(let ((dpop
(parameterize ((p:current-date 0))
(issue <dpop-proof>
@@ -67,69 +82,70 @@
#:htu (string->uri
"https://token-endpoint-issue.scm/token")))))
(parameterize ((p:current-date 0))
- (endpoint
- (build-request (string->uri
- "http://localhost:8080/token")
- #:headers `((content-type application/x-www-form-urlencoded)
- (dpop . ,dpop))
- #:method 'POST
- #:port #t)
- "grant_type=authorization_code&code=fake")))
- (unless (eq? (response-code response) 400)
+ (handle endpoint
+ (build-request (string->uri
+ "http://localhost:8080/token")
+ #:headers `((content-type application/x-www-form-urlencoded)
+ (dpop . ,dpop))
+ #:method 'POST
+ #:port #t)
+ "grant_type=authorization_code&code=fake")))
(exit 3))
- (receive (response response-body . _)
- (let ((dpop
- (parameterize ((p:current-date 10))
- (issue <dpop-proof>
- client-key
- #:jwk (public-key client-key)
- #:htm 'POST
- #:htu (string->uri
- "https://token-endpoint-issue.scm/token")))))
- (parameterize ((p:current-date 10))
- (endpoint
- (build-request (string->uri
- "http://localhost:8080/token")
- #:headers `((content-type application/x-www-form-urlencoded)
- (dpop . ,dpop))
- #:method 'POST
- #:port #t)
- (string-append "grant_type=authorization_code&code=" authz))))
- (unless (eq? (response-code response) 200)
- (exit 4))
- (unless (eq? (car (response-content-type response)) 'application/json)
- (exit 5))
- (let ((response (stubs:json-string->scm response-body)))
- (let ((access-token-enc (assq-ref response 'access_token))
- (refresh-token-enc (assq-ref response 'refresh_token)))
- (unless access-token-enc
- (exit 6))
- (unless refresh-token-enc
- (exit 7))
- (let ((access-token
- (parameterize ((p:current-date 20)
- (p:anonymous-http-request
- (lambda* (uri . args)
- (cond
- ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration"))
- (values (build-response #:headers '((content-type application/json)))
- "{
+ #:unwind? #t
+ #:unwind-for-type &web-exception)
+ (receive (response response-body . _)
+ (let ((dpop
+ (parameterize ((p:current-date 10))
+ (issue <dpop-proof>
+ client-key
+ #:jwk (public-key client-key)
+ #:htm 'POST
+ #:htu (string->uri
+ "https://token-endpoint-issue.scm/token")))))
+ (parameterize ((p:current-date 10))
+ (handle endpoint
+ (build-request (string->uri
+ "http://localhost:8080/token")
+ #:headers `((content-type application/x-www-form-urlencoded)
+ (dpop . ,dpop))
+ #:method 'POST
+ #:port #t)
+ (string-append "grant_type=authorization_code&code=" authz))))
+ (unless (eq? (response-code response) 200)
+ (exit 4))
+ (unless (eq? (car (response-content-type response)) 'application/json)
+ (exit 5))
+ (let ((response (stubs:json-string->scm response-body)))
+ (let ((access-token-enc (assq-ref response 'access_token))
+ (refresh-token-enc (assq-ref response 'refresh_token)))
+ (unless access-token-enc
+ (exit 6))
+ (unless refresh-token-enc
+ (exit 7))
+ (let ((access-token
+ (parameterize ((p:current-date 20)
+ (p:anonymous-http-request
+ (lambda* (uri . args)
+ (cond
+ ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration"))
+ (values (build-response #:headers '((content-type application/json)))
+ "{
\"jwks_uri\": \"https://token-endpoint-issue.scm/keys\",
\"token_endpoint\": \"https://token-endpoint-issue.scm/token\",
\"authorization_endpoint\": \"https://token-endpoint-issue.scm/authorize\",
\"solid_oidc_supported\": \"https://solidproject.org/TR/solid-oidc\"
}"))
- ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys"))
- (values (build-response #:headers '((content-type application/json)))
- (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key))))))))
- (else
- (format (current-error-port) "Unknown URI: ~s\n" (uri->string uri))
- (exit 11))))))
- (decode <access-token> access-token-enc))))
- (unless access-token
- (exit 8))
- (let ((access-token-cnf/jkt (cnf/jkt access-token)))
- (unless access-token-cnf/jkt
- (exit 9))
- (unless (string=? access-token-cnf/jkt (jkt client-key))
- (exit 10))))))))))
+ ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys"))
+ (values (build-response #:headers '((content-type application/json)))
+ (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key))))))))
+ (else
+ (format (current-error-port) "Unknown URI: ~s\n" (uri->string uri))
+ (exit 11))))))
+ (decode <access-token> access-token-enc))))
+ (unless access-token
+ (exit 8))
+ (let ((access-token-cnf/jkt (cnf/jkt access-token)))
+ (unless access-token-cnf/jkt
+ (exit 9))
+ (unless (string=? access-token-cnf/jkt (jkt client-key))
+ (exit 10)))))))))
diff --git a/tests/token-endpoint-refresh.scm b/tests/token-endpoint-refresh.scm
index 91effe0..d338f2f 100644
--- a/tests/token-endpoint-refresh.scm
+++ b/tests/token-endpoint-refresh.scm
@@ -14,24 +14,29 @@
;; You should have received a copy of the GNU Affero General Public License
;; along with this program. If not, see <https://www.gnu.org/licenses/>.
-(use-modules (webid-oidc token-endpoint)
- (webid-oidc authorization-code)
- (webid-oidc refresh-token)
- (webid-oidc dpop-proof)
- (webid-oidc jwk)
- (webid-oidc access-token)
- (webid-oidc jws)
- (webid-oidc jti)
- (webid-oidc testing)
- ((webid-oidc stubs) #:prefix stubs:)
- ((webid-oidc parameters) #:prefix p:)
- (web uri)
- (web request)
- (web response)
- (srfi srfi-19)
- (web response)
- (ice-9 optargs)
- (ice-9 receive))
+(define-module (tests token-endpoint-refresh)
+ #:use-module (webid-oidc server endpoint)
+ #:use-module (webid-oidc server endpoint identity-provider)
+ #:use-module (webid-oidc authorization-code)
+ #:use-module (webid-oidc refresh-token)
+ #:use-module (webid-oidc dpop-proof)
+ #:use-module (webid-oidc jwk)
+ #:use-module (webid-oidc access-token)
+ #:use-module (webid-oidc jws)
+ #:use-module (webid-oidc jti)
+ #:use-module (webid-oidc testing)
+ #:use-module ((webid-oidc stubs) #:prefix stubs:)
+ #:use-module ((webid-oidc parameters) #:prefix p:)
+ #:use-module (web uri)
+ #:use-module (web request)
+ #:use-module (web response)
+ #:use-module (srfi srfi-19)
+ #:use-module (web response)
+ #:use-module (ice-9 optargs)
+ #:use-module (ice-9 receive)
+ #:use-module (oop goops)
+ #:duplicates (merge-generics)
+ #:declarative? #t)
(with-test-environment
"token-endpoint-refresh"
@@ -44,16 +49,25 @@
port
#:pretty #t)))
(define client-key (generate-key #:n-size 2048))
- (define subject (string->uri "https://token-endpoint-issue.scm/profile/card#me"))
- (define client (string->uri "https://token-endpoint-issue.scm/client/card#app"))
- (define issuer (string->uri "https://issuer.token-endpoint-issue.scm"))
+ (define subject (string->uri "https://token-endpoint-refresh.scm/profile/card#me"))
+ (define client (string->uri "https://token-endpoint-refresh.scm/client/card#app"))
+ (define issuer (string->uri "https://issuer.token-endpoint-refresh.scm"))
(define refresh-code
(issue-refresh-token subject client (jkt client-key)))
(define endpoint
- (make-token-endpoint
- (string->uri "https://token-endpoint-issue.scm/token")
- issuer "key-file.jwk"))
- (receive (response response-body . _)
+ (make <token-endpoint>
+ #:issuer "https://issuer.token-endpoint-refresh.scm"
+ #:key-file "key-file.jwk"))
+ (with-exception-handler
+ (lambda (exn)
+ (unless (and (web-exception? exn)
+ (eqv? (web-exception-code exn) 400))
+ (raise-exception
+ (make-exception
+ (make-exception-with-message
+ (format #f "the error code should be 400"))
+ exn))))
+ (lambda ()
;; The refresh token is fake!
(let ((dpop
(parameterize ((p:current-date 0))
@@ -62,72 +76,73 @@
#:jwk (public-key client-key)
#:htm 'POST
#:htu (string->uri
- "https://token-endpoint-issue.scm/token")))))
+ "https://token-endpoint-refresh.scm/token")))))
(parameterize ((p:current-date 0))
- (endpoint
- (build-request (string->uri
- "http://localhost:8080/token")
- #:headers `((content-type application/x-www-form-urlencoded)
- (dpop . ,dpop))
- #:method 'POST
- #:port #t)
- "refresh_token=fake")))
- (unless (eq? (response-code response) 400)
+ (handle endpoint
+ (build-request (string->uri
+ "http://localhost:8080/token")
+ #:headers `((content-type application/x-www-form-urlencoded)
+ (dpop . ,dpop))
+ #:method 'POST
+ #:port #t)
+ "refresh_token=fake")))
(exit 3))
- (receive (response response-body)
- (let ((dpop
- (parameterize ((p:current-date 10))
- (issue <dpop-proof>
- client-key
- #:jwk (public-key client-key)
- #:htm 'POST
- #:htu (string->uri
- "https://token-endpoint-issue.scm/token")))))
- (parameterize ((p:current-date 10))
- (endpoint
- (build-request (string->uri
- "http://localhost:8080/token")
- #:headers `((content-type application/x-www-form-urlencoded)
- (dpop . ,dpop))
- #:method 'POST
- #:port #t)
- (string-append "grant_type=refresh_token&refresh_token=" refresh-code))))
- (unless (eq? (response-code response) 200)
- (exit 4))
- (unless (eq? (car (response-content-type response)) 'application/json)
- (exit 5))
- (let ((response (stubs:json-string->scm response-body)))
- (let ((access-token-enc (assq-ref response 'access_token))
- (refresh-token-enc (assq-ref response 'refresh_token)))
- (unless access-token-enc
- (exit 6))
- (unless refresh-token-enc
- (exit 7))
- (let ((access-token
- (parameterize ((p:current-date 20)
- (p:anonymous-http-request
- (lambda* (uri . args)
- (cond
- ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration"))
- (values (build-response #:headers '((content-type application/json)))
- "{
- \"jwks_uri\": \"https://token-endpoint-issue.scm/keys\",
- \"token_endpoint\": \"https://token-endpoint-issue.scm/token\",
- \"authorization_endpoint\": \"https://token-endpoint-issue.scm/authorize\",
+ #:unwind? #t
+ #:unwind-for-type &web-exception)
+ (receive (response response-body response-meta)
+ (let ((dpop
+ (parameterize ((p:current-date 10))
+ (issue <dpop-proof>
+ client-key
+ #:jwk (public-key client-key)
+ #:htm 'POST
+ #:htu (string->uri
+ "https://token-endpoint-refresh.scm/token")))))
+ (parameterize ((p:current-date 10))
+ (handle endpoint
+ (build-request (string->uri
+ "http://localhost:8080/token")
+ #:headers `((content-type application/x-www-form-urlencoded)
+ (dpop . ,dpop))
+ #:method 'POST
+ #:port #t)
+ (string-append "grant_type=refresh_token&refresh_token=" refresh-code))))
+ (unless (eq? (response-code response) 200)
+ (exit 4))
+ (unless (eq? (car (response-content-type response)) 'application/json)
+ (exit 5))
+ (let ((response (stubs:json-string->scm response-body)))
+ (let ((access-token-enc (assq-ref response 'access_token))
+ (refresh-token-enc (assq-ref response 'refresh_token)))
+ (unless access-token-enc
+ (exit 6))
+ (unless refresh-token-enc
+ (exit 7))
+ (let ((access-token
+ (parameterize ((p:current-date 20)
+ (p:anonymous-http-request
+ (lambda* (uri . args)
+ (cond
+ ((equal? uri (string->uri "https://issuer.token-endpoint-refresh.scm/.well-known/openid-configuration"))
+ (values (build-response #:headers '((content-type application/json)))
+ "{
+ \"jwks_uri\": \"https://token-endpoint-refresh.scm/keys\",
+ \"token_endpoint\": \"https://token-endpoint-refresh.scm/token\",
+ \"authorization_endpoint\": \"https://token-endpoint-refresh.scm/authorize\",
\"solid_oidc_supported\": \"https://solidproject.org/TR/solid-oidc\"
}"))
- ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys"))
- (values (build-response #:headers '((content-type application/json)))
- (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key))))))))
- (else
- (exit 8))))))
- (decode <access-token> access-token-enc))))
- (unless access-token
- (exit 9))
- (let ((access-token-cnf/jkt (cnf/jkt access-token)))
- (unless access-token-cnf/jkt
- (exit 10))
- (unless (string=? access-token-cnf/jkt (jkt client-key))
- (exit 11))))
- (unless (string=? refresh-token-enc refresh-code)
- (exit 12))))))))
+ ((equal? uri (string->uri "https://token-endpoint-refresh.scm/keys"))
+ (values (build-response #:headers '((content-type application/json)))
+ (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key))))))))
+ (else
+ (exit 8))))))
+ (decode <access-token> access-token-enc))))
+ (unless access-token
+ (exit 9))
+ (let ((access-token-cnf/jkt (cnf/jkt access-token)))
+ (unless access-token-cnf/jkt
+ (exit 10))
+ (unless (string=? access-token-cnf/jkt (jkt client-key))
+ (exit 11))))
+ (unless (string=? refresh-token-enc refresh-code)
+ (exit 12)))))))
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-03 14:10:25 +0000