Use anonymous-http-request from (webid-oidc parameters) everywhere

55 files changed, 1398 insertions, 1462 deletions

diff --git a/doc/disfluid.texi b/doc/disfluid.texi
index 6247bfa..a73a5c7 100644
--- a/doc/disfluid.texi
+++ b/doc/disfluid.texi
@@ -60,6 +60,7 @@ is tracked in the Guix channel
 * Decentralized Authentication on the Web::
 * Invoking disfluid::
 * Running disfluid with GNU Guix::
+* Common parameters::
 * Managing keys::
 * OIDC discovery::
 * The Json Web Token::
@@ -282,6 +283,48 @@ This record configures a server to serve public application pages.
 The configuration for the full server.
 @end deftp
 
+@node Common parameters
+@chapter Common parameters
+The @emph{(webid-oidc parameters)} module provides a set of Guile
+parameter to control the program behavior.
+
+@deffn {parameter} data-home
+This parameter controls the location where the program stores
+persistent data. By default, it is located in @code{XDG_DATA_HOME}.
+@end deffn
+
+@deffn {parameter} cache-home
+This parameter controls the location where the program stores data
+that might get deleted at any time. By default, it uses
+@code{XDG_CACHE_HOME}.
+@end deffn
+
+@deffn {parameter} current-date
+This parameter is a thunk similar to SRFI-19 @code{current-date},
+except it can be set with a thunk returning a date, time or number of
+seconds, or a date, time or number of seconds.
+@end deffn
+
+@deffn {parameter} anonymous-http-request
+This parameter is a function similar to the @code{http-request}
+function in @emph{(web client)}.
+@end deffn
+
+@deffn {parameter} authorization-code-default-validity
+This parameter controls the number of seconds for which an
+authorization code is valid at creation time.
+@end deffn
+
+@deffn {parameter} oidc-token-default-validity
+This parameter controls the number of seconds for which an ID token or
+access token is valid at creation time.
+@end deffn
+
+@deffn {parameter} dpop-proof-validity
+This parameter controls the number of seconds for which a DPoP proof
+is valid after it has been issued.
+@end deffn
+
 @node Managing keys
 @chapter Managing keys
 
@@ -1256,10 +1299,9 @@ with the cache.
 Drop @var{percents}% of the cache right now.
 @end deffn
 
-@deffn function with-cache @var{[#http-get]}
-Return a function acting as @emph{http-get} from @emph{(web client)}
-(takes an URI as the first parameter, and an optional @var{#:headers}
-set, and returns 2 values, the response and its body).
+@deffn function use-cache @var{f}
+Call @var{f} with no arguments, with the default HTTP request method
+set to a function that tries to use the cache first.o
 
 The cache will be read and written in the @samp{web-cache}
 subdirectory of the cache home. To check the time window validity, the
diff --git a/po/disfluid.pot b/po/disfluid.pot
index 6c39980..2a4b334 100644
--- a/po/disfluid.pot
+++ b/po/disfluid.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: disfluid SNAPSHOT\n"
 "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n"
-"POT-Creation-Date: 2021-09-21 22:31+0200\n"
+"POT-Creation-Date: 2021-09-22 14:08+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -122,34 +122,34 @@ msgid ""
 "webid_oidc_random_init first.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/access-token.scm:72
+#: src/scm/webid-oidc/access-token.scm:71
 #, scheme-format
 msgid "invalid access token: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/access-token.scm:74
+#: src/scm/webid-oidc/access-token.scm:73
 msgid "invalid access token"
 msgstr ""
 
-#: src/scm/webid-oidc/access-token.scm:116
+#: src/scm/webid-oidc/access-token.scm:115
 #: src/scm/webid-oidc/authorization-code.scm:93
-#: src/scm/webid-oidc/oidc-id-token.scm:99
+#: src/scm/webid-oidc/oidc-id-token.scm:98
 msgid "#:webid should be an URI"
 msgstr ""
 
-#: src/scm/webid-oidc/access-token.scm:121
+#: src/scm/webid-oidc/access-token.scm:120
 msgid "#:client-id should be an URI"
 msgstr ""
 
-#: src/scm/webid-oidc/access-token.scm:126
+#: src/scm/webid-oidc/access-token.scm:125
 msgid "#:cnf/jkt should be a string"
 msgstr ""
 
-#: src/scm/webid-oidc/access-token.scm:131
+#: src/scm/webid-oidc/access-token.scm:130
 msgid "#:aud should be exactly \"solid\""
 msgstr ""
 
-#: src/scm/webid-oidc/access-token.scm:149
+#: src/scm/webid-oidc/access-token.scm:148
 msgid ""
 "when making an access token either its required fields (#:alg, #:webid, #:"
 "iss, #:aud, #:client-id, #:cnf/jkt, #:iat and #:exp) or (#:jwt-header and #:"
@@ -178,10 +178,10 @@ msgstr ""
 #: src/scm/webid-oidc/authorization-page-unsafe.scm:52
 #: src/scm/webid-oidc/hello-world.scm:40 src/scm/webid-oidc/hello-world.scm:167
 #: src/scm/webid-oidc/hello-world.scm:187
-#: src/scm/webid-oidc/identity-provider.scm:140
-#: src/scm/webid-oidc/token-endpoint.scm:113
-#: src/scm/webid-oidc/token-endpoint.scm:139
-#: src/scm/webid-oidc/token-endpoint.scm:166
+#: src/scm/webid-oidc/identity-provider.scm:136
+#: src/scm/webid-oidc/token-endpoint.scm:112
+#: src/scm/webid-oidc/token-endpoint.scm:138
+#: src/scm/webid-oidc/token-endpoint.scm:165
 msgid "xml-lang|en"
 msgstr ""
 
@@ -215,8 +215,8 @@ msgid "Allow"
 msgstr ""
 
 #: src/scm/webid-oidc/authorization-page-unsafe.scm:95
-#: src/scm/webid-oidc/token-endpoint.scm:131
-#: src/scm/webid-oidc/token-endpoint.scm:158
+#: src/scm/webid-oidc/token-endpoint.scm:130
+#: src/scm/webid-oidc/token-endpoint.scm:157
 msgid "reason-phrase|Bad Request"
 msgstr ""
 
@@ -241,7 +241,7 @@ msgid "The application you are trying to authorize behaved unexpectedly."
 msgstr ""
 
 #: src/scm/webid-oidc/authorization-page-unsafe.scm:126
-#: src/scm/webid-oidc/resource-server.scm:310
+#: src/scm/webid-oidc/resource-server.scm:290
 msgid "reason-phrase|Found"
 msgstr ""
 
@@ -281,11 +281,11 @@ msgstr ""
 msgid "Cache entry for ~a varies.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/catalog.scm:167
+#: src/scm/webid-oidc/catalog.scm:166
 msgid "invalid relative URI"
 msgstr ""
 
-#: src/scm/webid-oidc/catalog.scm:246
+#: src/scm/webid-oidc/catalog.scm:245
 #, scheme-format
 msgid "Unsupported delegate catalog URI scheme: ~s\n"
 msgstr ""
@@ -345,123 +345,123 @@ msgstr ""
 msgid "cannot serve the public manifest"
 msgstr ""
 
-#: src/scm/webid-oidc/client-manifest.scm:242
+#: src/scm/webid-oidc/client-manifest.scm:240
 #, scheme-format
 msgid "cannot fetch the client manifest ~s: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/client-manifest.scm:245
+#: src/scm/webid-oidc/client-manifest.scm:243
 #, scheme-format
 msgid "cannot fetch the client manifest ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/client-manifest.scm:264
+#: src/scm/webid-oidc/client-manifest.scm:262
 #, scheme-format
 msgid "the client manifest is dereferenced from ~s, but it pretends to be ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:285
+#: src/scm/webid-oidc/client/accounts.scm:273
 msgid "The refresh token has expired."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:292
+#: src/scm/webid-oidc/client/accounts.scm:280
 #, scheme-format
 msgid "The token request failed with code ~s (~s)."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:301
+#: src/scm/webid-oidc/client/accounts.scm:289
 msgid "The token response did not set the content type."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:309
+#: src/scm/webid-oidc/client/accounts.scm:297
 msgid "The token endpoint did not respond in UTF-8."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:321
+#: src/scm/webid-oidc/client/accounts.scm:309
 #, scheme-format
 msgid "The token response has content-type ~s, not application/json."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:331
+#: src/scm/webid-oidc/client/accounts.scm:319
 msgid "The token response is not valid JSON."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:345
+#: src/scm/webid-oidc/client/accounts.scm:333
 #, scheme-format
 msgid "The token response did not include an ID token: ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:353
+#: src/scm/webid-oidc/client/accounts.scm:341
 #, scheme-format
 msgid "The token response did not include an access token: ~s\n"
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:364
+#: src/scm/webid-oidc/client/accounts.scm:352
 #, scheme-format
 msgid "the ID token signature is invalid: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:366
+#: src/scm/webid-oidc/client/accounts.scm:354
 msgid "the ID token signature is invalid"
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:383
+#: src/scm/webid-oidc/client/accounts.scm:370
 #, scheme-format
 msgid "the ID token delivered by the identity provider for ~s has ~s as webid"
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:393
+#: src/scm/webid-oidc/client/accounts.scm:380
 #, scheme-format
 msgid "The ID token delivered by the identity provider ~s is for issuer ~s."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:408
+#: src/scm/webid-oidc/client/accounts.scm:395
 msgid "The issuer is required."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:413
+#: src/scm/webid-oidc/client/accounts.scm:400
 msgid "The optional subject and required issuer should be strings or URI."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:449
+#: src/scm/webid-oidc/client/accounts.scm:436
 msgid "Cannot check the username and/or password."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:459
+#: src/scm/webid-oidc/client/accounts.scm:446
 msgid "The subject should be a string or URI."
 msgstr ""
 
-#: src/scm/webid-oidc/client/accounts.scm:473
+#: src/scm/webid-oidc/client/accounts.scm:460
 msgid "The issuer should be a string or URI."
 msgstr ""
 
-#: src/scm/webid-oidc/client/application.scm:228
+#: src/scm/webid-oidc/client/application.scm:213
 #, scheme-format
 msgid "Add an account on ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/client/application.scm:243
+#: src/scm/webid-oidc/client/application.scm:228
 #, scheme-format
 msgid ""
 "You already have an account for ~a issued by ~a and it is currently selected."
 msgstr ""
 
-#: src/scm/webid-oidc/client/application.scm:262
+#: src/scm/webid-oidc/client/application.scm:247
 #, scheme-format
 msgid "You already have an account for ~a issued by ~a."
 msgstr ""
 
-#: src/scm/webid-oidc/client/client.scm:107
+#: src/scm/webid-oidc/client/client.scm:106
 msgid ""
 "Client ID and redirect URIs should be URIs, and key pair should be a key "
 "pair.."
 msgstr ""
 
-#: src/scm/webid-oidc/client/gui.scm:58
+#: src/scm/webid-oidc/client/gui.scm:57
 msgid "Hello, world!\n"
 msgstr ""
 
-#: src/scm/webid-oidc/client/gui.scm:63
+#: src/scm/webid-oidc/client/gui.scm:62
 msgid "Hello, world!"
 msgstr ""
 
@@ -479,147 +479,147 @@ msgstr ""
 msgid "invalid DPoP proof token"
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:189
+#: src/scm/webid-oidc/dpop-proof.scm:195
 msgid "#:typ should be exactly \"dpop+jwt\""
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:194
+#: src/scm/webid-oidc/dpop-proof.scm:200
 msgid "#:jwk should be a public key"
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:199
+#: src/scm/webid-oidc/dpop-proof.scm:205
 msgid "#:htm should be a symbol"
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:205
+#: src/scm/webid-oidc/dpop-proof.scm:211
 msgid "when present, #:ath should be a string"
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:226
+#: src/scm/webid-oidc/dpop-proof.scm:232
 msgid ""
 "when making a DPoP proof, either its required fields (#:typ, #:jwk, #:htm "
 "and #:htu) or (#:jwt-header and #:jwt-payload) should be passed"
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:259
+#: src/scm/webid-oidc/dpop-proof.scm:265
 #, scheme-format
 msgid "the DPoP proof is signed for access through ~s, but it is used with ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:269
+#: src/scm/webid-oidc/dpop-proof.scm:275
 #, scheme-format
 msgid ""
 "the DPoP proof should go along with an access token hashed to ~s, not ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:277 src/scm/webid-oidc/dpop-proof.scm:284
+#: src/scm/webid-oidc/dpop-proof.scm:283 src/scm/webid-oidc/dpop-proof.scm:290
 msgid "the DPoP proof is signed with the wrong key"
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:282
+#: src/scm/webid-oidc/dpop-proof.scm:288
 #, scheme-format
 msgid "the DPoP proof is signed with the wrong key: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/dpop-proof.scm:293
+#: src/scm/webid-oidc/dpop-proof.scm:299
 msgid "the cnf/check function returned #f"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:96
+#: src/scm/webid-oidc/example-app.scm:95
 #, scheme-format
 msgid "~a (issued by ~a): no interaction required"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:99
+#: src/scm/webid-oidc/example-app.scm:98
 #, scheme-format
 msgid "~a (issued by ~a): offline but accessible"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:102
+#: src/scm/webid-oidc/example-app.scm:101
 #, scheme-format
 msgid "~a (issued by ~a): online"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:105
+#: src/scm/webid-oidc/example-app.scm:104
 #, scheme-format
 msgid "~a (issued by ~a): inaccessible"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:118
+#: src/scm/webid-oidc/example-app.scm:117
 #, scheme-format
 msgid "Your choice ~a does not exist.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:136
+#: src/scm/webid-oidc/example-app.scm:135
 msgid "Your choice is not a valid URI.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:145
+#: src/scm/webid-oidc/example-app.scm:144
 msgid "This is not a valid HTTP method.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:161
+#: src/scm/webid-oidc/example-app.scm:160
 msgid "This is not a valid value for this header.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:199
+#: src/scm/webid-oidc/example-app.scm:198
 msgid "Nothing to undo.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:211
+#: src/scm/webid-oidc/example-app.scm:210
 msgid "Nothing to redo.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:271
+#: src/scm/webid-oidc/example-app.scm:270
 msgid "Example app command|add-account"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:273
+#: src/scm/webid-oidc/example-app.scm:272
 msgid "Example app command|choose-account"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:275
+#: src/scm/webid-oidc/example-app.scm:274
 msgid "Example app command|set-uri"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:277
+#: src/scm/webid-oidc/example-app.scm:276
 msgid "Example app command|set-method"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:279
+#: src/scm/webid-oidc/example-app.scm:278
 msgid "Example app command|view-headers"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:281
+#: src/scm/webid-oidc/example-app.scm:280
 msgid "Example app command|clear-headers"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:283
+#: src/scm/webid-oidc/example-app.scm:282
 msgid "Example app command|add-header"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:285
+#: src/scm/webid-oidc/example-app.scm:284
 msgid "Example app command|ok"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:287
+#: src/scm/webid-oidc/example-app.scm:286
 msgid "Example app command|undo"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:289
+#: src/scm/webid-oidc/example-app.scm:288
 msgid "Example app command|redo"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:299
+#: src/scm/webid-oidc/example-app.scm:298
 #, scheme-format
 msgid "To log in on ~a, please visit: ~a\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:302
+#: src/scm/webid-oidc/example-app.scm:301
 msgid "Then, paste the authorization code you get:\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:320
+#: src/scm/webid-oidc/example-app.scm:307
 #, scheme-format
 msgid ""
 "Account: ~a\n"
@@ -639,87 +639,87 @@ msgid ""
 "\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:339
+#: src/scm/webid-oidc/example-app.scm:326
 msgid "Account:|unset"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:343
+#: src/scm/webid-oidc/example-app.scm:330
 msgid "URI:|unset"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:347
+#: src/scm/webid-oidc/example-app.scm:334
 msgid "Method:|unset"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:350
+#: src/scm/webid-oidc/example-app.scm:337
 msgid "Headers:|none"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:354
+#: src/scm/webid-oidc/example-app.scm:341
 msgid "list separator|, "
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:364
+#: src/scm/webid-oidc/example-app.scm:351
 #, scheme-format
 msgid "You can undo your last command with \"~a\".\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:366
+#: src/scm/webid-oidc/example-app.scm:353
 #, scheme-format
 msgid "You can re-apply your last undone command with \"~a\".\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:367
+#: src/scm/webid-oidc/example-app.scm:354
 msgid "Readline prompt|Command: "
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:374
+#: src/scm/webid-oidc/example-app.scm:361
 #, scheme-format
 msgid "An error happened: ~a.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:386
+#: src/scm/webid-oidc/example-app.scm:373
 msgid "Please enter your identity provider: "
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:392
+#: src/scm/webid-oidc/example-app.scm:379
 msgid ""
 "You don’t have other accounts available. Please add one with \"add-account"
 "\".\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:398
+#: src/scm/webid-oidc/example-app.scm:385
 #, scheme-format
 msgid "- ~a: ~a\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:406
+#: src/scm/webid-oidc/example-app.scm:393
 #, scheme-format
 msgid "[1-~a] "
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:414
+#: src/scm/webid-oidc/example-app.scm:401
 msgid "Visit this URI: "
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:420
+#: src/scm/webid-oidc/example-app.scm:407
 msgid "Use this HTTP method [GET]: "
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:436
+#: src/scm/webid-oidc/example-app.scm:423
 msgid "Which header? "
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:439
+#: src/scm/webid-oidc/example-app.scm:426
 #, scheme-format
 msgid "Which header value for ~a? "
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:462
+#: src/scm/webid-oidc/example-app.scm:449
 msgid "Please define an account and the URI.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/example-app.scm:469
+#: src/scm/webid-oidc/example-app.scm:456
 msgid "I don’t know that command.\n"
 msgstr ""
 
@@ -761,15 +761,15 @@ msgstr ""
 msgid "<p>The client is compatible with Solid.</p>"
 msgstr ""
 
-#: src/scm/webid-oidc/hello-world.scm:64 src/scm/webid-oidc/program.scm:226
+#: src/scm/webid-oidc/hello-world.scm:64 src/scm/webid-oidc/program.scm:230
 msgid "command-line|version"
 msgstr ""
 
-#: src/scm/webid-oidc/hello-world.scm:66 src/scm/webid-oidc/program.scm:230
+#: src/scm/webid-oidc/hello-world.scm:66 src/scm/webid-oidc/program.scm:234
 msgid "command-line|complete-corresponding-source"
 msgstr ""
 
-#: src/scm/webid-oidc/hello-world.scm:68 src/scm/webid-oidc/program.scm:232
+#: src/scm/webid-oidc/hello-world.scm:68 src/scm/webid-oidc/program.scm:236
 msgid "command-line|help"
 msgstr ""
 
@@ -777,11 +777,11 @@ msgstr ""
 msgid "command-line|port"
 msgstr ""
 
-#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/program.scm:264
+#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/program.scm:268
 msgid "command-line|log-file"
 msgstr ""
 
-#: src/scm/webid-oidc/hello-world.scm:74 src/scm/webid-oidc/program.scm:266
+#: src/scm/webid-oidc/hello-world.scm:74 src/scm/webid-oidc/program.scm:270
 msgid "command-line|error-file"
 msgstr ""
 
@@ -819,7 +819,7 @@ msgstr ""
 msgid "~a version ~a\n"
 msgstr ""
 
-#: src/scm/webid-oidc/hello-world.scm:128 src/scm/webid-oidc/program.scm:628
+#: src/scm/webid-oidc/hello-world.scm:128 src/scm/webid-oidc/program.scm:632
 msgid ""
 "You are legally required to link to the complete corresponding source code.\n"
 msgstr ""
@@ -829,7 +829,7 @@ msgid "The port should be a number between 0 and 65535.\n"
 msgstr ""
 
 #: src/scm/webid-oidc/hello-world.scm:159
-#: src/scm/webid-oidc/resource-server.scm:331
+#: src/scm/webid-oidc/resource-server.scm:311
 msgid "reason-phrase|Unauthorized"
 msgstr ""
 
@@ -842,7 +842,7 @@ msgid "<p>This page requires authentication with Solid.</p>"
 msgstr ""
 
 #: src/scm/webid-oidc/hello-world.scm:179
-#: src/scm/webid-oidc/resource-server.scm:339
+#: src/scm/webid-oidc/resource-server.scm:319
 msgid "reason-phrase|Method Not Allowed"
 msgstr ""
 
@@ -854,11 +854,11 @@ msgstr ""
 msgid "<p>You can only use the <emph>GET</emph> method on this resource.</p>"
 msgstr ""
 
-#: src/scm/webid-oidc/identity-provider.scm:77
+#: src/scm/webid-oidc/identity-provider.scm:74
 msgid "Warning: generating a new key pair."
 msgstr ""
 
-#: src/scm/webid-oidc/identity-provider.scm:133
+#: src/scm/webid-oidc/identity-provider.scm:129
 msgid "reason-phrase|Not Found"
 msgstr ""
 
@@ -998,265 +998,260 @@ msgstr ""
 msgid "an unexpected error happened while verifying a JWS"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:482
+#: src/scm/webid-oidc/jws.scm:479
 #, scheme-format
 msgid "I cannot query the identity provider configuration: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:484
+#: src/scm/webid-oidc/jws.scm:481
 msgid "I cannot query the identity provider configuration"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:501
+#: src/scm/webid-oidc/jws.scm:497
 #, scheme-format
 msgid "I cannot query the JWKS URI of the identity provider: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:503
+#: src/scm/webid-oidc/jws.scm:499
 msgid "I cannot query the JWKS URI of the identity provider"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:528
+#: src/scm/webid-oidc/jws.scm:522
 #, scheme-format
 msgid "the token is signed in the future, ~a, relative to current ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:537
+#: src/scm/webid-oidc/jws.scm:531
 #, scheme-format
 msgid "the token expired ~a, which is in the past (from ~a)"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:560
+#: src/scm/webid-oidc/jws.scm:554
 #, scheme-format
 msgid "cannot decode a JWS: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:562
+#: src/scm/webid-oidc/jws.scm:556
 msgid "cannot decode a JWS"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:580
+#: src/scm/webid-oidc/jws.scm:574
 #, scheme-format
 msgid "cannot encode a JWS: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:582
+#: src/scm/webid-oidc/jws.scm:576
 msgid "cannot encode a JWS"
 msgstr ""
 
-#: src/scm/webid-oidc/jws.scm:629
+#: src/scm/webid-oidc/jws.scm:623
 msgid "cannot parse a token"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:120
+#: src/scm/webid-oidc/oidc-configuration.scm:118
 msgid "#:jwks-uri should be an URI"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:125
+#: src/scm/webid-oidc/oidc-configuration.scm:123
 msgid "#:token-endpoint should be an URI"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:130
+#: src/scm/webid-oidc/oidc-configuration.scm:128
 msgid "#:authorization-endpoint should be an URI"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:135
+#: src/scm/webid-oidc/oidc-configuration.scm:133
 msgid ""
 "#:solid-oidc-supported should be exactly 'https://solidproject.org/TR/solid-"
 "oidc'"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:144
+#: src/scm/webid-oidc/oidc-configuration.scm:142
 msgid "#:server should be an URI"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:161
+#: src/scm/webid-oidc/oidc-configuration.scm:159
 #, scheme-format
 msgid "cannot fetch the OIDC configuration: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:163
+#: src/scm/webid-oidc/oidc-configuration.scm:161
 msgid "cannot fetch the OIDC configuration"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:167
+#: src/scm/webid-oidc/oidc-configuration.scm:165
 #, scheme-format
 msgid "the server responded with ~s ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:172
+#: src/scm/webid-oidc/oidc-configuration.scm:170
 msgid "there is no content-type"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:177
+#: src/scm/webid-oidc/oidc-configuration.scm:175
 #, scheme-format
 msgid "unexpected content-type: ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-configuration.scm:187
+#: src/scm/webid-oidc/oidc-configuration.scm:185
 msgid ""
 "when making an OIDC configuration, either its required #:jwks-uri, #:"
-"authorization-endpoint and #:token-endpoint fields or #:server (and "
-"optionally #:http-request) or #:json-data should be passed"
+"authorization-endpoint and #:token-endpoint fields or #:server or #:json-"
+"data should be passed"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-id-token.scm:71
+#: src/scm/webid-oidc/oidc-id-token.scm:70
 #, scheme-format
 msgid "invalid OIDC ID token: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-id-token.scm:73
+#: src/scm/webid-oidc/oidc-id-token.scm:72
 msgid "invalid OIDC id token"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-id-token.scm:104
+#: src/scm/webid-oidc/oidc-id-token.scm:103
 msgid "#:sub should be a string"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-id-token.scm:109
+#: src/scm/webid-oidc/oidc-id-token.scm:108
 msgid "#:aud should be a string"
 msgstr ""
 
-#: src/scm/webid-oidc/oidc-id-token.scm:125
+#: src/scm/webid-oidc/oidc-id-token.scm:124
 msgid ""
 "when making an ID token either its required fields (#:alg, #:webid, #:iss, #:"
 "sub, #:aud, #:iat and #:exp) or (#:jwt-header and #:jwt-payload) should be "
 "passed"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:57
+#: src/scm/webid-oidc/program.scm:64
 #, scheme-format
 msgid "~a: Warning: XML_CATALOG_FILES is set to ~s.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:60
-#, scheme-format
-msgid "~a: GET ~a ~s...\n"
-msgstr ""
-
 #: src/scm/webid-oidc/program.scm:67
 #, scheme-format
-msgid "~a: Warning: loading XML catalog from the web, ~s.\n"
+msgid "~a: ~s ~a ~s...\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:75
+#: src/scm/webid-oidc/program.scm:73
 #, scheme-format
-msgid "~a: GET ~a ~s: ~s ~a bytes\n"
+msgid "~a: ~s ~a ~s: ~s ~a bytes\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:122
+#: src/scm/webid-oidc/program.scm:126
 msgid "really bad internal server error"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:129
+#: src/scm/webid-oidc/program.scm:133
 #, scheme-format
 msgid "~a: ~a: Internal server error: ~a\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:135
+#: src/scm/webid-oidc/program.scm:139
 msgid "Internal Server Error"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:138
+#: src/scm/webid-oidc/program.scm:142
 msgid "Sorry, there was an error."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:159
+#: src/scm/webid-oidc/program.scm:163
 #, scheme-format
 msgid "~a: ~s ~a ~s ~a\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:161
+#: src/scm/webid-oidc/program.scm:165
 #, scheme-format
 msgid "~a: ~a (~a)"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:165
+#: src/scm/webid-oidc/program.scm:169
 #, scheme-format
 msgid "~a: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:175
+#: src/scm/webid-oidc/program.scm:179
 #, scheme-format
 msgid "(there was an error: ~a)"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:228
+#: src/scm/webid-oidc/program.scm:232
 msgid "command-line|describe-project"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:234
+#: src/scm/webid-oidc/program.scm:238
 msgid "command-line|server|port"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:236
+#: src/scm/webid-oidc/program.scm:240
 msgid "command-line|server|server-name"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:238
+#: src/scm/webid-oidc/program.scm:242
 msgid "command-line|server|reverse-proxy|backend-uri"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:240
+#: src/scm/webid-oidc/program.scm:244
 msgid "command-line|server|reverse-proxy|header"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:242
+#: src/scm/webid-oidc/program.scm:246
 msgid "command-line|server|issuer|key-file"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:244
+#: src/scm/webid-oidc/program.scm:248
 msgid "command-line|server|issuer|subject"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:246
+#: src/scm/webid-oidc/program.scm:250
 msgid "command-line|server|issuer|encrypted-password"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:248
+#: src/scm/webid-oidc/program.scm:252
 msgid "command-line|server|issuer|encrypted-password-from-file"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:250
+#: src/scm/webid-oidc/program.scm:254
 msgid "command-line|server|issuer|jwks-uri"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:252
+#: src/scm/webid-oidc/program.scm:256
 msgid "command-line|server|issuer|authorization-endpoint-uri"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:254
+#: src/scm/webid-oidc/program.scm:258
 msgid "command-line|server|issuer|token-endpoint-uri"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:256
+#: src/scm/webid-oidc/program.scm:260
 msgid "command-line|server|client-id"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:258
+#: src/scm/webid-oidc/program.scm:262
 msgid "command-line|server|redirect-uri"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:260
+#: src/scm/webid-oidc/program.scm:264
 msgid "command-line|server|client-name"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:262
+#: src/scm/webid-oidc/program.scm:266
 msgid "command-line|server|client-uri"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:296
+#: src/scm/webid-oidc/program.scm:300
 #, scheme-format
 msgid "Usage: ~a COMMAND [OPTIONS]...\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:300
+#: src/scm/webid-oidc/program.scm:304
 msgid ""
 "\n"
 "Run the disfluid COMMAND."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:303
+#: src/scm/webid-oidc/program.scm:307
 msgid ""
 "\n"
 "This program is covered by the GNU Affero GPL, version 3 or\n"
@@ -1266,13 +1261,13 @@ msgid ""
 "to all responses."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:310
+#: src/scm/webid-oidc/program.scm:314
 msgid ""
 "\n"
 "Available commands:"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:312
+#: src/scm/webid-oidc/program.scm:316
 #, scheme-format
 msgid ""
 "\n"
@@ -1280,12 +1275,12 @@ msgid ""
 "      run an authenticating reverse proxy."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:315 src/scm/webid-oidc/program.scm:510
-#: src/scm/webid-oidc/program.scm:710
+#: src/scm/webid-oidc/program.scm:319 src/scm/webid-oidc/program.scm:514
+#: src/scm/webid-oidc/program.scm:714
 msgid "command-line|command|reverse-proxy"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:316
+#: src/scm/webid-oidc/program.scm:320
 #, scheme-format
 msgid ""
 "\n"
@@ -1293,12 +1288,12 @@ msgid ""
 "      run an identity provider."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:319 src/scm/webid-oidc/program.scm:535
-#: src/scm/webid-oidc/program.scm:732
+#: src/scm/webid-oidc/program.scm:323 src/scm/webid-oidc/program.scm:539
+#: src/scm/webid-oidc/program.scm:735
 msgid "command-line|command|identity-provider"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:320
+#: src/scm/webid-oidc/program.scm:324
 #, scheme-format
 msgid ""
 "\n"
@@ -1306,12 +1301,12 @@ msgid ""
 "      serve the pages for a public application."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:323 src/scm/webid-oidc/program.scm:556
-#: src/scm/webid-oidc/program.scm:774
+#: src/scm/webid-oidc/program.scm:327 src/scm/webid-oidc/program.scm:560
+#: src/scm/webid-oidc/program.scm:776
 msgid "command-line|command|client-service"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:324
+#: src/scm/webid-oidc/program.scm:328
 #, scheme-format
 msgid ""
 "\n"
@@ -1320,24 +1315,24 @@ msgid ""
 "      facility."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:328 src/scm/webid-oidc/program.scm:582
-#: src/scm/webid-oidc/program.scm:803
+#: src/scm/webid-oidc/program.scm:332 src/scm/webid-oidc/program.scm:586
+#: src/scm/webid-oidc/program.scm:805
 msgid "command-line|command|server"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:330
+#: src/scm/webid-oidc/program.scm:334
 msgid ""
 "\n"
 "If no command is specified, run the browser."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:333
+#: src/scm/webid-oidc/program.scm:337
 msgid ""
 "\n"
 "General options:"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:335
+#: src/scm/webid-oidc/program.scm:339
 #, scheme-format
 msgid ""
 "\n"
@@ -1346,7 +1341,7 @@ msgid ""
 "      code. For instance, this would be an URI pointing to a tarball."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:340
+#: src/scm/webid-oidc/program.scm:344
 #, scheme-format
 msgid ""
 "\n"
@@ -1354,7 +1349,7 @@ msgid ""
 "      display a short help message and exit."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:344
+#: src/scm/webid-oidc/program.scm:348
 #, scheme-format
 msgid ""
 "\n"
@@ -1362,7 +1357,7 @@ msgid ""
 "      display the version information (~a, released ~a) and exit."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:350
+#: src/scm/webid-oidc/program.scm:354
 #, scheme-format
 msgid ""
 "\n"
@@ -1370,7 +1365,7 @@ msgid ""
 "      describe the project in the DOAP vocabulary and exit."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:354
+#: src/scm/webid-oidc/program.scm:358
 #, scheme-format
 msgid ""
 "\n"
@@ -1378,7 +1373,7 @@ msgid ""
 "      redirect the program standard output to FILE.log."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:358
+#: src/scm/webid-oidc/program.scm:362
 #, scheme-format
 msgid ""
 "\n"
@@ -1386,13 +1381,13 @@ msgid ""
 "      redirect the program errors to FILE.err."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:363
+#: src/scm/webid-oidc/program.scm:367
 msgid ""
 "\n"
 "General server-side options:"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:365
+#: src/scm/webid-oidc/program.scm:369
 #, scheme-format
 msgid ""
 "\n"
@@ -1400,7 +1395,7 @@ msgid ""
 "      set the server port to bind, 8080 by default."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:369
+#: src/scm/webid-oidc/program.scm:373
 #, scheme-format
 msgid ""
 "\n"
@@ -1408,13 +1403,13 @@ msgid ""
 "      set the public server URI (scheme, userinfo, host, and port)."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:374
+#: src/scm/webid-oidc/program.scm:378
 msgid ""
 "\n"
 "Options for the resource server:"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:376
+#: src/scm/webid-oidc/program.scm:380
 #, scheme-format
 msgid ""
 "\n"
@@ -1424,7 +1419,7 @@ msgid ""
 "      authentication."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:382
+#: src/scm/webid-oidc/program.scm:386
 #, scheme-format
 msgid ""
 "\n"
@@ -1433,13 +1428,13 @@ msgid ""
 "      reverse-proxy command."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:388
+#: src/scm/webid-oidc/program.scm:392
 msgid ""
 "\n"
 "Options for the identity provider:"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:390
+#: src/scm/webid-oidc/program.scm:394
 #, scheme-format
 msgid ""
 "\n"
@@ -1448,7 +1443,7 @@ msgid ""
 "      key is generated. The server does not offer an HTTPS service."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:395
+#: src/scm/webid-oidc/program.scm:399
 #, scheme-format
 msgid ""
 "\n"
@@ -1456,7 +1451,7 @@ msgid ""
 "      set the identity of the subject."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:399
+#: src/scm/webid-oidc/program.scm:403
 #, scheme-format
 msgid ""
 "\n"
@@ -1464,7 +1459,7 @@ msgid ""
 "      set the encrypted password to recognize the user."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:403
+#: src/scm/webid-oidc/program.scm:407
 #, scheme-format
 msgid ""
 "\n"
@@ -1472,7 +1467,7 @@ msgid ""
 "      load the user’s encrypted password from ENCRYPTED_PASSWORD_FILE."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:407
+#: src/scm/webid-oidc/program.scm:411
 #, scheme-format
 msgid ""
 "\n"
@@ -1480,7 +1475,7 @@ msgid ""
 "      set the URI to query the key of the server."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:411
+#: src/scm/webid-oidc/program.scm:415
 #, scheme-format
 msgid ""
 "\n"
@@ -1488,7 +1483,7 @@ msgid ""
 "      set the authorization endpoint of the issuer."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:415
+#: src/scm/webid-oidc/program.scm:419
 #, scheme-format
 msgid ""
 "\n"
@@ -1496,13 +1491,13 @@ msgid ""
 "      set the token endpoint of the issuer."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:420
+#: src/scm/webid-oidc/program.scm:424
 msgid ""
 "\n"
 "Options for the client service:"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:422
+#: src/scm/webid-oidc/program.scm:426
 #, scheme-format
 msgid ""
 "\n"
@@ -1511,7 +1506,7 @@ msgid ""
 "      dereferenced to a semantic resource."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:427
+#: src/scm/webid-oidc/program.scm:431
 #, scheme-format
 msgid ""
 "\n"
@@ -1520,7 +1515,7 @@ msgid ""
 "      page is presented with the code to paste in the application."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:432
+#: src/scm/webid-oidc/program.scm:436
 #, scheme-format
 msgid ""
 "\n"
@@ -1528,7 +1523,7 @@ msgid ""
 "      set the user-visible application name (may be misleading...)."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:436
+#: src/scm/webid-oidc/program.scm:440
 #, scheme-format
 msgid ""
 "\n"
@@ -1537,13 +1532,13 @@ msgid ""
 "      application (again, may be misleading)."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:442
+#: src/scm/webid-oidc/program.scm:446
 msgid ""
 "\n"
 "Environment variables:"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:444
+#: src/scm/webid-oidc/program.scm:448
 msgid ""
 "\n"
 "  XML_CATALOG_FILES: the server will fetch resources on the web. By\n"
@@ -1554,23 +1549,23 @@ msgid ""
 "      content-type."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:452 src/scm/webid-oidc/program.scm:459
-#: src/scm/webid-oidc/program.scm:468 src/scm/webid-oidc/program.scm:476
-#: src/scm/webid-oidc/program.scm:484
+#: src/scm/webid-oidc/program.scm:456 src/scm/webid-oidc/program.scm:463
+#: src/scm/webid-oidc/program.scm:472 src/scm/webid-oidc/program.scm:480
+#: src/scm/webid-oidc/program.scm:488
 #, scheme-format
 msgid ""
 "the-environment-variable|\n"
 "      It is currently set to ~s."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:455
+#: src/scm/webid-oidc/program.scm:459
 msgid ""
 "\n"
 "  LANG: set the locale of the user interface (for the server commands,\n"
 "      the user is the system administrator)."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:462
+#: src/scm/webid-oidc/program.scm:466
 msgid ""
 "\n"
 "  XDG_DATA_HOME: where the program stores persistent data. The\n"
@@ -1579,7 +1574,7 @@ msgid ""
 "      recommended to set it to /var/lib."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:471
+#: src/scm/webid-oidc/program.scm:475
 msgid ""
 "\n"
 "  XDG_CACHE_HOME: where the program stores and updates the seed file,\n"
@@ -1587,7 +1582,7 @@ msgid ""
 "      time. The seed file will be initialized from /dev/random."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:479
+#: src/scm/webid-oidc/program.scm:483
 msgid ""
 "\n"
 "  HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n"
@@ -1595,13 +1590,13 @@ msgid ""
 "      not used otherwise."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:488
+#: src/scm/webid-oidc/program.scm:492
 msgid ""
 "\n"
 "Running a reverse proxy"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:490
+#: src/scm/webid-oidc/program.scm:494
 msgid ""
 "\n"
 "Suppose that you operate data.provider.com. You want to run an\n"
@@ -1614,7 +1609,7 @@ msgid ""
 "from this reverse proxy."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:500
+#: src/scm/webid-oidc/program.scm:504
 #, scheme-format
 msgid ""
 "\n"
@@ -1628,20 +1623,20 @@ msgid ""
 "      --~a '/var/log/proxy.err'"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:515
+#: src/scm/webid-oidc/program.scm:519
 msgid ""
 "\n"
 "Running an identity provider"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:517
+#: src/scm/webid-oidc/program.scm:521
 msgid ""
 "\n"
 "The identity provider running at webid-oidc-demo.planete-kraus.eu is\n"
 "invoked with the following options:"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:521
+#: src/scm/webid-oidc/program.scm:525
 #, scheme-format
 msgid ""
 "\n"
@@ -1660,20 +1655,20 @@ msgid ""
 "      --~a $PORT"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:541
+#: src/scm/webid-oidc/program.scm:545
 msgid ""
 "\n"
 "Running the public pages for an application"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:543
+#: src/scm/webid-oidc/program.scm:547
 msgid ""
 "\n"
 "The example client application pages for\n"
 "webid-oidc-demo.planete-kraus.eu are served this way:"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:547
+#: src/scm/webid-oidc/program.scm:551
 #, scheme-format
 msgid ""
 "\n"
@@ -1689,13 +1684,13 @@ msgid ""
 "      --~a $PORT"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:561
+#: src/scm/webid-oidc/program.scm:565
 msgid ""
 "\n"
 "Running a full server"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:564
+#: src/scm/webid-oidc/program.scm:568
 msgid ""
 "\n"
 "To run the server with identity provider and\n"
@@ -1703,7 +1698,7 @@ msgid ""
 "options for the parts."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:568
+#: src/scm/webid-oidc/program.scm:572
 #, scheme-format
 msgid ""
 "\n"
@@ -1722,14 +1717,14 @@ msgid ""
 "      --~a '...port...'"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:593
+#: src/scm/webid-oidc/program.scm:597
 #, scheme-format
 msgid ""
 "\n"
 "If you find a bug, then please send a report to ~a."
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:598
+#: src/scm/webid-oidc/program.scm:602
 #, scheme-format
 msgid ""
 "~a version ~a\n"
@@ -1737,101 +1732,101 @@ msgid ""
 "Rreleased ~a\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:635
+#: src/scm/webid-oidc/program.scm:639
 #, scheme-format
 msgid "The --~a argument must be a number, not ~s.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:641
+#: src/scm/webid-oidc/program.scm:645
 #, scheme-format
 msgid "The --~a argument must be an integer, not ~s.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:647
+#: src/scm/webid-oidc/program.scm:651
 #, scheme-format
 msgid "The --~a argument must be positive, ~s is invalid.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:652
+#: src/scm/webid-oidc/program.scm:656
 #, scheme-format
 msgid "The --~a argument must be less than 65536, ~s is invalid.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:680
+#: src/scm/webid-oidc/program.scm:684
 msgid ""
 "You specified two different passwords: one directly, and one from a file. "
 "Please set only one password.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:713 src/scm/webid-oidc/program.scm:735
-#: src/scm/webid-oidc/program.scm:805
+#: src/scm/webid-oidc/program.scm:717 src/scm/webid-oidc/program.scm:738
+#: src/scm/webid-oidc/program.scm:807
 #, scheme-format
 msgid "You must pass --~a to set the server name.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:717
+#: src/scm/webid-oidc/program.scm:721
 #, scheme-format
 msgid "You must pass --~a to set the backend URI.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:739 src/scm/webid-oidc/program.scm:809
+#: src/scm/webid-oidc/program.scm:742 src/scm/webid-oidc/program.scm:811
 #, scheme-format
 msgid ""
 "You must pass --~a to set the file where to store the identity provider "
 "key.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:743 src/scm/webid-oidc/program.scm:813
+#: src/scm/webid-oidc/program.scm:746 src/scm/webid-oidc/program.scm:815
 #, scheme-format
 msgid "You must pass --~a to set the subject of the identity provider.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:747
+#: src/scm/webid-oidc/program.scm:750
 #, scheme-format
 msgid "You must pass --~a or --~a to set the subject’s encrypted password.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:751 src/scm/webid-oidc/program.scm:821
+#: src/scm/webid-oidc/program.scm:754 src/scm/webid-oidc/program.scm:823
 #, scheme-format
 msgid "You must pass --~a to set the JWKS URI.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:755 src/scm/webid-oidc/program.scm:825
+#: src/scm/webid-oidc/program.scm:758 src/scm/webid-oidc/program.scm:827
 #, scheme-format
 msgid "You must pass --~a to set the authorization endpoint URI.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:759 src/scm/webid-oidc/program.scm:829
+#: src/scm/webid-oidc/program.scm:762 src/scm/webid-oidc/program.scm:831
 #, scheme-format
 msgid "You must pass --~a to set the token endpoint URI.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:777
+#: src/scm/webid-oidc/program.scm:779
 #, scheme-format
 msgid "You must pass --~a to set the application web ID.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:781
+#: src/scm/webid-oidc/program.scm:783
 #, scheme-format
 msgid "You must pass --~a to set the redirection URI.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:785
+#: src/scm/webid-oidc/program.scm:787
 #, scheme-format
 msgid "You must pass --~a to set the informative client name.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:789
+#: src/scm/webid-oidc/program.scm:791
 #, scheme-format
 msgid "You must pass --~a to set the informative client URI.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:817
+#: src/scm/webid-oidc/program.scm:819
 #, scheme-format
 msgid "You must pass --~a to set the subject’s encrypted password.\n"
 msgstr ""
 
-#: src/scm/webid-oidc/program.scm:872
+#: src/scm/webid-oidc/program.scm:871
 #, scheme-format
 msgid "Unknown command ~s\n"
 msgstr ""
@@ -1845,71 +1840,71 @@ msgstr ""
 msgid "the refresh token is bound to key ~s, which is not that one"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:61
+#: src/scm/webid-oidc/resource-server.scm:58
 msgid ""
 "You need to pass #:server-uri URI where URI is the public URI of the server, "
 "as a (web uri)."
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:88
+#: src/scm/webid-oidc/resource-server.scm:85
 #, scheme-format
 msgid "~a: authentication failure: ~a\n"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:92
+#: src/scm/webid-oidc/resource-server.scm:89
 #, scheme-format
 msgid "~a: authentication failure\n"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:171
-#: src/scm/webid-oidc/resource-server.scm:362
+#: src/scm/webid-oidc/resource-server.scm:157
+#: src/scm/webid-oidc/resource-server.scm:342
 msgid "reason-phrase|Precondition Failed"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:186
+#: src/scm/webid-oidc/resource-server.scm:172
 msgid "reason-phrase|Not Modified"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:202
+#: src/scm/webid-oidc/resource-server.scm:187
 msgid "The owner is not defined."
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:274
+#: src/scm/webid-oidc/resource-server.scm:256
 msgid "reason-phrase|Created"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:299
+#: src/scm/webid-oidc/resource-server.scm:279
 #, scheme-format
 msgid "~a: ignoring a group that cannot be fetched: ~a\n"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:303
+#: src/scm/webid-oidc/resource-server.scm:283
 #, scheme-format
 msgid "~a: ignoring a group that cannot be fetched\n"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:327
-#: src/scm/webid-oidc/token-endpoint.scm:105
+#: src/scm/webid-oidc/resource-server.scm:307
+#: src/scm/webid-oidc/token-endpoint.scm:104
 msgid "reason-phrase|Forbidden"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:348
+#: src/scm/webid-oidc/resource-server.scm:328
 msgid "reason-phrase|Conflict"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:355
+#: src/scm/webid-oidc/resource-server.scm:335
 msgid "reason-phrase|Unsupported Media Type"
 msgstr ""
 
-#: src/scm/webid-oidc/resource-server.scm:369
+#: src/scm/webid-oidc/resource-server.scm:349
 msgid "reason-phrase|Not Acceptable"
 msgstr ""
 
-#: src/scm/webid-oidc/reverse-proxy.scm:60
+#: src/scm/webid-oidc/reverse-proxy.scm:57
 msgid "#:endpoint argument is not present or not an URI."
 msgstr ""
 
-#: src/scm/webid-oidc/serve.scm:76
+#: src/scm/webid-oidc/serve.scm:77
 msgid "content negociation failed while serving a request"
 msgstr ""
 
@@ -1918,16 +1913,16 @@ msgstr ""
 msgid "only text/turtle is allowed for the target of a POST request, not ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/server/create.scm:105
+#: src/scm/webid-oidc/server/create.scm:106
 msgid "the created resource cannot have containment triples"
 msgstr ""
 
-#: src/scm/webid-oidc/server/create.scm:147
+#: src/scm/webid-oidc/server/create.scm:146
 #, scheme-format
 msgid "cannot POST to an auxiliary resource path, ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/server/read.scm:105
+#: src/scm/webid-oidc/server/read.scm:103
 #, scheme-format
 msgid "the auxiliary resource of type ~s at ~s is absent"
 msgstr ""
@@ -1980,46 +1975,46 @@ msgstr ""
 msgid "an error happened while updating file ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:93
+#: src/scm/webid-oidc/token-endpoint.scm:92
 #, scheme-format
 msgid "while handling web failure for the token endpoint: ~a"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:95
+#: src/scm/webid-oidc/token-endpoint.scm:94
 msgid "an error happened during the token endpoint failure handling"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:225
+#: src/scm/webid-oidc/token-endpoint.scm:224
 msgid "missing grant type"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:229
+#: src/scm/webid-oidc/token-endpoint.scm:228
 msgid "<p>You did not specify a grant_type for this request.</p>"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:243
+#: src/scm/webid-oidc/token-endpoint.scm:242
 msgid "missing authorization code"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:247
+#: src/scm/webid-oidc/token-endpoint.scm:246
 msgid ""
 "<p>You want to grant an authorization code, but you did not set one.</p>"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:268
+#: src/scm/webid-oidc/token-endpoint.scm:267
 msgid "missing refresh token"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:272
+#: src/scm/webid-oidc/token-endpoint.scm:271
 msgid "<p>You want to grant a refresh token, but you did not set one.</p>"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:285
+#: src/scm/webid-oidc/token-endpoint.scm:284
 #, scheme-format
 msgid "unsupported grant type: ~s"
 msgstr ""
 
-#: src/scm/webid-oidc/token-endpoint.scm:290
+#: src/scm/webid-oidc/token-endpoint.scm:289
 #, scheme-format
 msgid ""
 "<p>You want to use <pre>~s</pre> as a grant type, but this is not supported."
diff --git a/po/fr.po b/po/fr.po
index 8d7727d..7338871 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: webid-oidc 0.0.0\n"
 "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n"
-"POT-Creation-Date: 2021-09-21 22:31+0200\n"
-"PO-Revision-Date: 2021-09-21 22:33+0200\n"
+"POT-Creation-Date: 2021-09-22 14:08+0200\n"
+"PO-Revision-Date: 2021-09-22 14:10+0200\n"
 "Last-Translator: Vivien Kraus <vivien@planete-kraus.eu>\n"
 "Language-Team: French <vivien@planete-kraus.eu>\n"
 "Language: fr\n"
@@ -126,34 +126,34 @@ msgstr ""
 "Le module aléatoire n'a pas été initialisé. Veuillez appeler "
 "webid_oidc_random_init d'abort.\n"
 
-#: src/scm/webid-oidc/access-token.scm:72
+#: src/scm/webid-oidc/access-token.scm:71
 #, scheme-format
 msgid "invalid access token: ~a"
 msgstr "jeton d’accès invalide : ~a"
 
-#: src/scm/webid-oidc/access-token.scm:74
+#: src/scm/webid-oidc/access-token.scm:73
 msgid "invalid access token"
 msgstr "jeton d’accès invalide"
 
-#: src/scm/webid-oidc/access-token.scm:116
+#: src/scm/webid-oidc/access-token.scm:115
 #: src/scm/webid-oidc/authorization-code.scm:93
-#: src/scm/webid-oidc/oidc-id-token.scm:99
+#: src/scm/webid-oidc/oidc-id-token.scm:98
 msgid "#:webid should be an URI"
 msgstr "#:webid doit être une URI"
 
-#: src/scm/webid-oidc/access-token.scm:121
+#: src/scm/webid-oidc/access-token.scm:120
 msgid "#:client-id should be an URI"
 msgstr "#:client-id doit être une URI"
 
-#: src/scm/webid-oidc/access-token.scm:126
+#: src/scm/webid-oidc/access-token.scm:125
 msgid "#:cnf/jkt should be a string"
 msgstr "#:cnf/jkt doit être une chaîne de caractères"
 
-#: src/scm/webid-oidc/access-token.scm:131
+#: src/scm/webid-oidc/access-token.scm:130
 msgid "#:aud should be exactly \"solid\""
 msgstr "#:aud doit être exactement « solid »"
 
-#: src/scm/webid-oidc/access-token.scm:149
+#: src/scm/webid-oidc/access-token.scm:148
 msgid ""
 "when making an access token either its required fields (#:alg, #:webid, #:"
 "iss, #:aud, #:client-id, #:cnf/jkt, #:iat and #:exp) or (#:jwt-header and #:"
@@ -187,10 +187,10 @@ msgstr ""
 #: src/scm/webid-oidc/authorization-page-unsafe.scm:52
 #: src/scm/webid-oidc/hello-world.scm:40 src/scm/webid-oidc/hello-world.scm:167
 #: src/scm/webid-oidc/hello-world.scm:187
-#: src/scm/webid-oidc/identity-provider.scm:140
-#: src/scm/webid-oidc/token-endpoint.scm:113
-#: src/scm/webid-oidc/token-endpoint.scm:139
-#: src/scm/webid-oidc/token-endpoint.scm:166
+#: src/scm/webid-oidc/identity-provider.scm:136
+#: src/scm/webid-oidc/token-endpoint.scm:112
+#: src/scm/webid-oidc/token-endpoint.scm:138
+#: src/scm/webid-oidc/token-endpoint.scm:165
 msgid "xml-lang|en"
 msgstr "fr"
 
@@ -224,8 +224,8 @@ msgid "Allow"
 msgstr "Autoriser"
 
 #: src/scm/webid-oidc/authorization-page-unsafe.scm:95
-#: src/scm/webid-oidc/token-endpoint.scm:131
-#: src/scm/webid-oidc/token-endpoint.scm:158
+#: src/scm/webid-oidc/token-endpoint.scm:130
+#: src/scm/webid-oidc/token-endpoint.scm:157
 msgid "reason-phrase|Bad Request"
 msgstr "Requête Invalide"
 
@@ -251,7 +251,7 @@ msgstr ""
 "L’application que vous essayez d’autoriser se comporte de façon inattendue."
 
 #: src/scm/webid-oidc/authorization-page-unsafe.scm:126
-#: src/scm/webid-oidc/resource-server.scm:310
+#: src/scm/webid-oidc/resource-server.scm:290
 msgid "reason-phrase|Found"
 msgstr "Trouvé"
 
@@ -293,11 +293,11 @@ msgstr "Échec de cache pour ~a : ~s~%"
 msgid "Cache entry for ~a varies.\n"
 msgstr "L’entrée de cache pour ~a varie.\n"
 
-#: src/scm/webid-oidc/catalog.scm:167
+#: src/scm/webid-oidc/catalog.scm:166
 msgid "invalid relative URI"
 msgstr "URI relative invalide"
 
-#: src/scm/webid-oidc/catalog.scm:246
+#: src/scm/webid-oidc/catalog.scm:245
 #, scheme-format
 msgid "Unsupported delegate catalog URI scheme: ~s\n"
 msgstr "Schéma d’URI pour un catalogue délégé non supporté : ~s\n"
@@ -363,107 +363,107 @@ msgstr ""
 msgid "cannot serve the public manifest"
 msgstr "impossible de servir le manifeste public"
 
-#: src/scm/webid-oidc/client-manifest.scm:242
+#: src/scm/webid-oidc/client-manifest.scm:240
 #, scheme-format
 msgid "cannot fetch the client manifest ~s: ~a"
 msgstr "impossible de télécharger le manifeste client ~s : ~a"
 
-#: src/scm/webid-oidc/client-manifest.scm:245
+#: src/scm/webid-oidc/client-manifest.scm:243
 #, scheme-format
 msgid "cannot fetch the client manifest ~s"
 msgstr "impossible de télécharger le manifeste client ~s"
 
-#: src/scm/webid-oidc/client-manifest.scm:264
+#: src/scm/webid-oidc/client-manifest.scm:262
 #, scheme-format
 msgid "the client manifest is dereferenced from ~s, but it pretends to be ~s"
 msgstr "le manifeste client est déréférencé depuis ~s, mais il prétend être ~s"
 
-#: src/scm/webid-oidc/client/accounts.scm:285
+#: src/scm/webid-oidc/client/accounts.scm:273
 msgid "The refresh token has expired."
 msgstr "le jeton de rafraîchissement a expiré."
 
-#: src/scm/webid-oidc/client/accounts.scm:292
+#: src/scm/webid-oidc/client/accounts.scm:280
 #, scheme-format
 msgid "The token request failed with code ~s (~s)."
 msgstr "La requête de jeton a échoué avec un code ~s (~s)."
 
-#: src/scm/webid-oidc/client/accounts.scm:301
+#: src/scm/webid-oidc/client/accounts.scm:289
 msgid "The token response did not set the content type."
 msgstr "Le jeton de réponse n’a pas défini de type de contenu."
 
-#: src/scm/webid-oidc/client/accounts.scm:309
+#: src/scm/webid-oidc/client/accounts.scm:297
 msgid "The token endpoint did not respond in UTF-8."
 msgstr "Le terminal de jetonn n’a pas répondu en UTF-8."
 
-#: src/scm/webid-oidc/client/accounts.scm:321
+#: src/scm/webid-oidc/client/accounts.scm:309
 #, scheme-format
 msgid "The token response has content-type ~s, not application/json."
 msgstr "La réponse de jeton a un type de contenu ~s, pas application/json."
 
-#: src/scm/webid-oidc/client/accounts.scm:331
+#: src/scm/webid-oidc/client/accounts.scm:319
 msgid "The token response is not valid JSON."
 msgstr "La réponse de jeton n’est pas un JSON valide."
 
-#: src/scm/webid-oidc/client/accounts.scm:345
+#: src/scm/webid-oidc/client/accounts.scm:333
 #, scheme-format
 msgid "The token response did not include an ID token: ~s"
 msgstr "La réponse de jeton n’a pas inclus de jeton d’ID : ~s"
 
-#: src/scm/webid-oidc/client/accounts.scm:353
+#: src/scm/webid-oidc/client/accounts.scm:341
 #, scheme-format
 msgid "The token response did not include an access token: ~s\n"
 msgstr "La réponse de jeton n’a pas inclus de jeton d’accès : ~s\n"
 
-#: src/scm/webid-oidc/client/accounts.scm:364
+#: src/scm/webid-oidc/client/accounts.scm:352
 #, scheme-format
 msgid "the ID token signature is invalid: ~a"
 msgstr "la signature du jeton d’ID est invalide : ~a"
 
-#: src/scm/webid-oidc/client/accounts.scm:366
+#: src/scm/webid-oidc/client/accounts.scm:354
 msgid "the ID token signature is invalid"
 msgstr "la signature du jeton d’ID est invalide"
 
-#: src/scm/webid-oidc/client/accounts.scm:383
+#: src/scm/webid-oidc/client/accounts.scm:370
 #, scheme-format
 msgid "the ID token delivered by the identity provider for ~s has ~s as webid"
 msgstr ""
 "le jeton d’ID délivré par le fournisseur d’identité pour ~s a ~s pour webid"
 
-#: src/scm/webid-oidc/client/accounts.scm:393
+#: src/scm/webid-oidc/client/accounts.scm:380
 #, scheme-format
 msgid "The ID token delivered by the identity provider ~s is for issuer ~s."
 msgstr ""
 "Le jeton d’ID délivré par le fournisseur d’identité ~s est pour l’émetteur "
 "~s."
 
-#: src/scm/webid-oidc/client/accounts.scm:408
+#: src/scm/webid-oidc/client/accounts.scm:395
 msgid "The issuer is required."
 msgstr "L’émetteur est requis."
 
-#: src/scm/webid-oidc/client/accounts.scm:413
+#: src/scm/webid-oidc/client/accounts.scm:400
 msgid "The optional subject and required issuer should be strings or URI."
 msgstr ""
 "Le sujet optionnel et émetteur doivent être des chaînes de caractère ou des "
 "URIs."
 
-#: src/scm/webid-oidc/client/accounts.scm:449
+#: src/scm/webid-oidc/client/accounts.scm:436
 msgid "Cannot check the username and/or password."
 msgstr "Impossible de vérifier le nom d’utilisateur et/ou le mot de passe."
 
-#: src/scm/webid-oidc/client/accounts.scm:459
+#: src/scm/webid-oidc/client/accounts.scm:446
 msgid "The subject should be a string or URI."
 msgstr "Le sujet doit être une chaîne de caractères ou une URI."
 
-#: src/scm/webid-oidc/client/accounts.scm:473
+#: src/scm/webid-oidc/client/accounts.scm:460
 msgid "The issuer should be a string or URI."
 msgstr "L’émetteur doit être une chaîne de caractères ou une URI."
 
-#: src/scm/webid-oidc/client/application.scm:228
+#: src/scm/webid-oidc/client/application.scm:213
 #, scheme-format
 msgid "Add an account on ~a"
 msgstr "Ajouter un compte sur ~a"
 
-#: src/scm/webid-oidc/client/application.scm:243
+#: src/scm/webid-oidc/client/application.scm:228
 #, scheme-format
 msgid ""
 "You already have an account for ~a issued by ~a and it is currently selected."
@@ -471,12 +471,12 @@ msgstr ""
 "Vous avez déjà un compte pour ~a émis par ~a et il est actuellement "
 "sélectionné."
 
-#: src/scm/webid-oidc/client/application.scm:262
+#: src/scm/webid-oidc/client/application.scm:247
 #, scheme-format
 msgid "You already have an account for ~a issued by ~a."
 msgstr "Vous avez déjà un compte pour ~a émis par ~a."
 
-#: src/scm/webid-oidc/client/client.scm:107
+#: src/scm/webid-oidc/client/client.scm:106
 msgid ""
 "Client ID and redirect URIs should be URIs, and key pair should be a key "
 "pair.."
@@ -484,11 +484,11 @@ msgstr ""
 "L’ID de client et l’URI de redirection doivent être des URIs, et la paire de "
 "clés doit être une paire de clés."
 
-#: src/scm/webid-oidc/client/gui.scm:58
+#: src/scm/webid-oidc/client/gui.scm:57
 msgid "Hello, world!\n"
 msgstr "Bonjour, le monde !\n"
 
-#: src/scm/webid-oidc/client/gui.scm:63
+#: src/scm/webid-oidc/client/gui.scm:62
 msgid "Hello, world!"
 msgstr "Bonjour, le monde !"
 
@@ -506,23 +506,23 @@ msgstr "preuve DPoP invalide : ~a"
 msgid "invalid DPoP proof token"
 msgstr "jeton de preuve DPoP invalide"
 
-#: src/scm/webid-oidc/dpop-proof.scm:189
+#: src/scm/webid-oidc/dpop-proof.scm:195
 msgid "#:typ should be exactly \"dpop+jwt\""
 msgstr "#:typ doit être exactement « dpop+jwt »"
 
-#: src/scm/webid-oidc/dpop-proof.scm:194
+#: src/scm/webid-oidc/dpop-proof.scm:200
 msgid "#:jwk should be a public key"
 msgstr "#:jwk doit être une clé publique"
 
-#: src/scm/webid-oidc/dpop-proof.scm:199
+#: src/scm/webid-oidc/dpop-proof.scm:205
 msgid "#:htm should be a symbol"
 msgstr "#:htm doit être un symbole"
 
-#: src/scm/webid-oidc/dpop-proof.scm:205
+#: src/scm/webid-oidc/dpop-proof.scm:211
 msgid "when present, #:ath should be a string"
 msgstr "si présent, #:ath doit être une chaîne de caractères"
 
-#: src/scm/webid-oidc/dpop-proof.scm:226
+#: src/scm/webid-oidc/dpop-proof.scm:232
 msgid ""
 "when making a DPoP proof, either its required fields (#:typ, #:jwk, #:htm "
 "and #:htu) or (#:jwt-header and #:jwt-payload) should be passed"
@@ -530,14 +530,14 @@ msgstr ""
 "lors de la création d’une preuve DPoP, il faut passer soit les champs requis "
 "(#:typ, #:jwk, #:htm et #:htu) soit (#:jwt-header et #:jwt-payload)"
 
-#: src/scm/webid-oidc/dpop-proof.scm:259
+#: src/scm/webid-oidc/dpop-proof.scm:265
 #, scheme-format
 msgid "the DPoP proof is signed for access through ~s, but it is used with ~s"
 msgstr ""
 "la preuve DPoP est signée pour un accès avec ~s, mais elle est utilisée avec "
 "~s"
 
-#: src/scm/webid-oidc/dpop-proof.scm:269
+#: src/scm/webid-oidc/dpop-proof.scm:275
 #, scheme-format
 msgid ""
 "the DPoP proof should go along with an access token hashed to ~s, not ~s"
@@ -545,114 +545,114 @@ msgstr ""
 "la preuve DPoP devrait être accompagnée d’un jeton d’accès de condensat ~s, "
 "pas ~s"
 
-#: src/scm/webid-oidc/dpop-proof.scm:277 src/scm/webid-oidc/dpop-proof.scm:284
+#: src/scm/webid-oidc/dpop-proof.scm:283 src/scm/webid-oidc/dpop-proof.scm:290
 msgid "the DPoP proof is signed with the wrong key"
 msgstr "la preuve DPoP est signée avec la mauvaise clé"
 
-#: src/scm/webid-oidc/dpop-proof.scm:282
+#: src/scm/webid-oidc/dpop-proof.scm:288
 #, scheme-format
 msgid "the DPoP proof is signed with the wrong key: ~a"
 msgstr "la preuve DPoP est signée avec la mauvaise clé : ~a"
 
-#: src/scm/webid-oidc/dpop-proof.scm:293
+#: src/scm/webid-oidc/dpop-proof.scm:299
 msgid "the cnf/check function returned #f"
 msgstr "la fonction cnf/check a retourné #f"
 
-#: src/scm/webid-oidc/example-app.scm:96
+#: src/scm/webid-oidc/example-app.scm:95
 #, scheme-format
 msgid "~a (issued by ~a): no interaction required"
 msgstr "~a (émis par ~a) : aucune interaction nécessaire"
 
-#: src/scm/webid-oidc/example-app.scm:99
+#: src/scm/webid-oidc/example-app.scm:98
 #, scheme-format
 msgid "~a (issued by ~a): offline but accessible"
 msgstr "~a (émis par ~a) : hors ligne mais accessible"
 
-#: src/scm/webid-oidc/example-app.scm:102
+#: src/scm/webid-oidc/example-app.scm:101
 #, scheme-format
 msgid "~a (issued by ~a): online"
 msgstr "~a (émis par ~a) : en ligne"
 
-#: src/scm/webid-oidc/example-app.scm:105
+#: src/scm/webid-oidc/example-app.scm:104
 #, scheme-format
 msgid "~a (issued by ~a): inaccessible"
 msgstr "~a (émis par ~a) : inaccessible"
 
-#: src/scm/webid-oidc/example-app.scm:118
+#: src/scm/webid-oidc/example-app.scm:117
 #, scheme-format
 msgid "Your choice ~a does not exist.\n"
 msgstr "Votre choix, ~a, n’existe pas.\n"
 
-#: src/scm/webid-oidc/example-app.scm:136
+#: src/scm/webid-oidc/example-app.scm:135
 msgid "Your choice is not a valid URI.\n"
 msgstr "Votre choix doit être une URI valide.\n"
 
-#: src/scm/webid-oidc/example-app.scm:145
+#: src/scm/webid-oidc/example-app.scm:144
 msgid "This is not a valid HTTP method.\n"
 msgstr "ce n’est pas une méthode HTTP valide.\n"
 
-#: src/scm/webid-oidc/example-app.scm:161
+#: src/scm/webid-oidc/example-app.scm:160
 msgid "This is not a valid value for this header.\n"
 msgstr "Ce n’est pas une valeur valide pour cet en-tête.\n"
 
-#: src/scm/webid-oidc/example-app.scm:199
+#: src/scm/webid-oidc/example-app.scm:198
 msgid "Nothing to undo.\n"
 msgstr "Rien à annuler.\n"
 
-#: src/scm/webid-oidc/example-app.scm:211
+#: src/scm/webid-oidc/example-app.scm:210
 msgid "Nothing to redo.\n"
 msgstr "Rien à refaire.\n"
 
-#: src/scm/webid-oidc/example-app.scm:271
+#: src/scm/webid-oidc/example-app.scm:270
 msgid "Example app command|add-account"
 msgstr "ajouter-compte"
 
-#: src/scm/webid-oidc/example-app.scm:273
+#: src/scm/webid-oidc/example-app.scm:272
 msgid "Example app command|choose-account"
 msgstr "choisir-compte"
 
-#: src/scm/webid-oidc/example-app.scm:275
+#: src/scm/webid-oidc/example-app.scm:274
 msgid "Example app command|set-uri"
 msgstr "définir-uri"
 
-#: src/scm/webid-oidc/example-app.scm:277
+#: src/scm/webid-oidc/example-app.scm:276
 msgid "Example app command|set-method"
 msgstr "définir-méthode"
 
-#: src/scm/webid-oidc/example-app.scm:279
+#: src/scm/webid-oidc/example-app.scm:278
 msgid "Example app command|view-headers"
 msgstr "voir-en-têtes"
 
-#: src/scm/webid-oidc/example-app.scm:281
+#: src/scm/webid-oidc/example-app.scm:280
 msgid "Example app command|clear-headers"
 msgstr "effacer-en-têtes"
 
-#: src/scm/webid-oidc/example-app.scm:283
+#: src/scm/webid-oidc/example-app.scm:282
 msgid "Example app command|add-header"
 msgstr "ajouter-en-tête"
 
-#: src/scm/webid-oidc/example-app.scm:285
+#: src/scm/webid-oidc/example-app.scm:284
 msgid "Example app command|ok"
 msgstr "ok"
 
-#: src/scm/webid-oidc/example-app.scm:287
+#: src/scm/webid-oidc/example-app.scm:286
 msgid "Example app command|undo"
 msgstr "annuler"
 
-#: src/scm/webid-oidc/example-app.scm:289
+#: src/scm/webid-oidc/example-app.scm:288
 msgid "Example app command|redo"
 msgstr "refaire"
 
-#: src/scm/webid-oidc/example-app.scm:299
+#: src/scm/webid-oidc/example-app.scm:298
 #, scheme-format
 msgid "To log in on ~a, please visit: ~a\n"
 msgstr "Pour vous connecte avec ~a, veuillez visiter : ~a\n"
 
-#: src/scm/webid-oidc/example-app.scm:302
+#: src/scm/webid-oidc/example-app.scm:301
 msgid "Then, paste the authorization code you get:\n"
 msgstr "Ensuite, veuillez coller votre code d’autorisation :\n"
 
-#: src/scm/webid-oidc/example-app.scm:320
+#: src/scm/webid-oidc/example-app.scm:307
 #, scheme-format
 msgid ""
 "Account: ~a\n"
@@ -687,50 +687,50 @@ msgstr ""
 "  - ~a : effectuer la requête.\n"
 "\n"
 
-#: src/scm/webid-oidc/example-app.scm:339
+#: src/scm/webid-oidc/example-app.scm:326
 msgid "Account:|unset"
 msgstr "non défini"
 
-#: src/scm/webid-oidc/example-app.scm:343
+#: src/scm/webid-oidc/example-app.scm:330
 msgid "URI:|unset"
 msgstr "non défini"
 
-#: src/scm/webid-oidc/example-app.scm:347
+#: src/scm/webid-oidc/example-app.scm:334
 msgid "Method:|unset"
 msgstr "non définie"
 
-#: src/scm/webid-oidc/example-app.scm:350
+#: src/scm/webid-oidc/example-app.scm:337
 msgid "Headers:|none"
 msgstr "aucun"
 
-#: src/scm/webid-oidc/example-app.scm:354
+#: src/scm/webid-oidc/example-app.scm:341
 msgid "list separator|, "
 msgstr ", "
 
-#: src/scm/webid-oidc/example-app.scm:364
+#: src/scm/webid-oidc/example-app.scm:351
 #, scheme-format
 msgid "You can undo your last command with \"~a\".\n"
 msgstr "Vous pouvez annuler votre dernière commande avec « ~a ».\n"
 
-#: src/scm/webid-oidc/example-app.scm:366
+#: src/scm/webid-oidc/example-app.scm:353
 #, scheme-format
 msgid "You can re-apply your last undone command with \"~a\".\n"
 msgstr "Vous pouvez refaire votre dernière commande annulée avec « ~a ».\n"
 
-#: src/scm/webid-oidc/example-app.scm:367
+#: src/scm/webid-oidc/example-app.scm:354
 msgid "Readline prompt|Command: "
 msgstr "Commande : "
 
-#: src/scm/webid-oidc/example-app.scm:374
+#: src/scm/webid-oidc/example-app.scm:361
 #, scheme-format
 msgid "An error happened: ~a.\n"
 msgstr "Une erreur est survenue : ~a.\n"
 
-#: src/scm/webid-oidc/example-app.scm:386
+#: src/scm/webid-oidc/example-app.scm:373
 msgid "Please enter your identity provider: "
 msgstr "Veuillez entrer votre fournisseur d’identité : "
 
-#: src/scm/webid-oidc/example-app.scm:392
+#: src/scm/webid-oidc/example-app.scm:379
 msgid ""
 "You don’t have other accounts available. Please add one with \"add-account"
 "\".\n"
@@ -738,38 +738,38 @@ msgstr ""
 "Vous n’avez pas d’autre compte disponible. Veuillez en ajouter un avec "
 "« ajouter-compte ».\n"
 
-#: src/scm/webid-oidc/example-app.scm:398
+#: src/scm/webid-oidc/example-app.scm:385
 #, scheme-format
 msgid "- ~a: ~a\n"
 msgstr "- ~a : ~a\n"
 
-#: src/scm/webid-oidc/example-app.scm:406
+#: src/scm/webid-oidc/example-app.scm:393
 #, scheme-format
 msgid "[1-~a] "
 msgstr "[1-~a] "
 
-#: src/scm/webid-oidc/example-app.scm:414
+#: src/scm/webid-oidc/example-app.scm:401
 msgid "Visit this URI: "
 msgstr "Naviguer cette URI : "
 
-#: src/scm/webid-oidc/example-app.scm:420
+#: src/scm/webid-oidc/example-app.scm:407
 msgid "Use this HTTP method [GET]: "
 msgstr "Utiliser cette méthode HTTP [GET] : "
 
-#: src/scm/webid-oidc/example-app.scm:436
+#: src/scm/webid-oidc/example-app.scm:423
 msgid "Which header? "
 msgstr "Quel en-tête ? "
 
-#: src/scm/webid-oidc/example-app.scm:439
+#: src/scm/webid-oidc/example-app.scm:426
 #, scheme-format
 msgid "Which header value for ~a? "
 msgstr "Quelle valeur pour l’en-tête ~a ? "
 
-#: src/scm/webid-oidc/example-app.scm:462
+#: src/scm/webid-oidc/example-app.scm:449
 msgid "Please define an account and the URI.\n"
 msgstr "Veuillez définir un compte et une URI.\n"
 
-#: src/scm/webid-oidc/example-app.scm:469
+#: src/scm/webid-oidc/example-app.scm:456
 msgid "I don’t know that command.\n"
 msgstr "Je ne connais pas cette commande.\n"
 
@@ -811,15 +811,15 @@ msgstr "<h1>Bonjour, ~a !</h1>"
 msgid "<p>The client is compatible with Solid.</p>"
 msgstr "<p>Le client est compatible avec Solid.</p>"
 
-#: src/scm/webid-oidc/hello-world.scm:64 src/scm/webid-oidc/program.scm:226
+#: src/scm/webid-oidc/hello-world.scm:64 src/scm/webid-oidc/program.scm:230
 msgid "command-line|version"
 msgstr "version"
 
-#: src/scm/webid-oidc/hello-world.scm:66 src/scm/webid-oidc/program.scm:230
+#: src/scm/webid-oidc/hello-world.scm:66 src/scm/webid-oidc/program.scm:234
 msgid "command-line|complete-corresponding-source"
 msgstr "code-source-correspondant-complet"
 
-#: src/scm/webid-oidc/hello-world.scm:68 src/scm/webid-oidc/program.scm:232
+#: src/scm/webid-oidc/hello-world.scm:68 src/scm/webid-oidc/program.scm:236
 msgid "command-line|help"
 msgstr "aide"
 
@@ -827,11 +827,11 @@ msgstr "aide"
 msgid "command-line|port"
 msgstr "port"
 
-#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/program.scm:264
+#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/program.scm:268
 msgid "command-line|log-file"
 msgstr "fichier-journal"
 
-#: src/scm/webid-oidc/hello-world.scm:74 src/scm/webid-oidc/program.scm:266
+#: src/scm/webid-oidc/hello-world.scm:74 src/scm/webid-oidc/program.scm:270
 msgid "command-line|error-file"
 msgstr "fichier-erreur"
 
@@ -894,7 +894,7 @@ msgstr ""
 msgid "~a version ~a\n"
 msgstr "~a version ~a\n"
 
-#: src/scm/webid-oidc/hello-world.scm:128 src/scm/webid-oidc/program.scm:628
+#: src/scm/webid-oidc/hello-world.scm:128 src/scm/webid-oidc/program.scm:632
 msgid ""
 "You are legally required to link to the complete corresponding source code.\n"
 msgstr ""
@@ -906,7 +906,7 @@ msgid "The port should be a number between 0 and 65535.\n"
 msgstr "Le port doit être un nombre entre 0 et 65535.\n"
 
 #: src/scm/webid-oidc/hello-world.scm:159
-#: src/scm/webid-oidc/resource-server.scm:331
+#: src/scm/webid-oidc/resource-server.scm:311
 msgid "reason-phrase|Unauthorized"
 msgstr "Non Autorisé"
 
@@ -919,7 +919,7 @@ msgid "<p>This page requires authentication with Solid.</p>"
 msgstr "<p>Cette page requiert une authentification avec Solid.</p>"
 
 #: src/scm/webid-oidc/hello-world.scm:179
-#: src/scm/webid-oidc/resource-server.scm:339
+#: src/scm/webid-oidc/resource-server.scm:319
 msgid "reason-phrase|Method Not Allowed"
 msgstr "Méthode Non Autorisée"
 
@@ -933,11 +933,11 @@ msgstr ""
 "<p>Vous pouvez uniquement utiliser la méthode <emph>GET</emph> pour cette "
 "ressource.</p>"
 
-#: src/scm/webid-oidc/identity-provider.scm:77
+#: src/scm/webid-oidc/identity-provider.scm:74
 msgid "Warning: generating a new key pair."
 msgstr "Attention : génération d'une nouvelle paire de clé."
 
-#: src/scm/webid-oidc/identity-provider.scm:133
+#: src/scm/webid-oidc/identity-provider.scm:129
 msgid "reason-phrase|Not Found"
 msgstr "Non Trouvé"
 
@@ -1094,71 +1094,71 @@ msgstr "en vérifiant la signature du JWS : ~a"
 msgid "an unexpected error happened while verifying a JWS"
 msgstr "une erreur inattendue est survenue pendant la vérification d’un JWS"
 
-#: src/scm/webid-oidc/jws.scm:482
+#: src/scm/webid-oidc/jws.scm:479
 #, scheme-format
 msgid "I cannot query the identity provider configuration: ~a"
 msgstr ""
 "je ne peux pas requêter la configuration du fournisseur d’identité : ~a"
 
-#: src/scm/webid-oidc/jws.scm:484
+#: src/scm/webid-oidc/jws.scm:481
 msgid "I cannot query the identity provider configuration"
 msgstr "je ne peux pas requêter la configuration du fournisseur d’identité"
 
-#: src/scm/webid-oidc/jws.scm:501
+#: src/scm/webid-oidc/jws.scm:497
 #, scheme-format
 msgid "I cannot query the JWKS URI of the identity provider: ~a"
 msgstr "je ne peux pas requêter l’URI de JWKS du fournisseur d’identité : ~a"
 
-#: src/scm/webid-oidc/jws.scm:503
+#: src/scm/webid-oidc/jws.scm:499
 msgid "I cannot query the JWKS URI of the identity provider"
 msgstr "impossible de requêter l’URI de JWKS du fournisseur d’identité"
 
-#: src/scm/webid-oidc/jws.scm:528
+#: src/scm/webid-oidc/jws.scm:522
 #, scheme-format
 msgid "the token is signed in the future, ~a, relative to current ~a"
 msgstr ""
 "le jeton est signé dans le futur, ~a, par rapport à la date courante, ~a"
 
-#: src/scm/webid-oidc/jws.scm:537
+#: src/scm/webid-oidc/jws.scm:531
 #, scheme-format
 msgid "the token expired ~a, which is in the past (from ~a)"
 msgstr "le jeton a expiré le ~a, qui est dans le passé (depuis ~a)"
 
-#: src/scm/webid-oidc/jws.scm:560
+#: src/scm/webid-oidc/jws.scm:554
 #, scheme-format
 msgid "cannot decode a JWS: ~a"
 msgstr "impossible de décoder un JWS : ~a"
 
-#: src/scm/webid-oidc/jws.scm:562
+#: src/scm/webid-oidc/jws.scm:556
 msgid "cannot decode a JWS"
 msgstr "impossible de décoder un JWS"
 
-#: src/scm/webid-oidc/jws.scm:580
+#: src/scm/webid-oidc/jws.scm:574
 #, scheme-format
 msgid "cannot encode a JWS: ~a"
 msgstr "impossible d’encoder un JWS : ~a"
 
-#: src/scm/webid-oidc/jws.scm:582
+#: src/scm/webid-oidc/jws.scm:576
 msgid "cannot encode a JWS"
 msgstr "impossible d’encoder un JWS"
 
-#: src/scm/webid-oidc/jws.scm:629
+#: src/scm/webid-oidc/jws.scm:623
 msgid "cannot parse a token"
 msgstr "impossible d’analyser le jeton"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:120
+#: src/scm/webid-oidc/oidc-configuration.scm:118
 msgid "#:jwks-uri should be an URI"
 msgstr "#:jwks-uri doit être une URI"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:125
+#: src/scm/webid-oidc/oidc-configuration.scm:123
 msgid "#:token-endpoint should be an URI"
 msgstr "#:token-endpoint doit être une URI"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:130
+#: src/scm/webid-oidc/oidc-configuration.scm:128
 msgid "#:authorization-endpoint should be an URI"
 msgstr "#:authorization-endpoint doit être une URI"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:135
+#: src/scm/webid-oidc/oidc-configuration.scm:133
 msgid ""
 "#:solid-oidc-supported should be exactly 'https://solidproject.org/TR/solid-"
 "oidc'"
@@ -1166,61 +1166,61 @@ msgstr ""
 "#:solid-oidc-supported doit être exactement « https://solidproject.org/TR/"
 "solid-oidc »"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:144
+#: src/scm/webid-oidc/oidc-configuration.scm:142
 msgid "#:server should be an URI"
 msgstr "#:server doit être une URI"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:161
+#: src/scm/webid-oidc/oidc-configuration.scm:159
 #, scheme-format
 msgid "cannot fetch the OIDC configuration: ~a"
 msgstr "impossible de télécharger la configuration OIDC : ~a"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:163
+#: src/scm/webid-oidc/oidc-configuration.scm:161
 msgid "cannot fetch the OIDC configuration"
 msgstr "impossible de télécharger la configuration OIDC"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:167
+#: src/scm/webid-oidc/oidc-configuration.scm:165
 #, scheme-format
 msgid "the server responded with ~s ~s"
 msgstr "le serveur a répondu ~s ~s"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:172
+#: src/scm/webid-oidc/oidc-configuration.scm:170
 msgid "there is no content-type"
 msgstr "il n’y a pas de type de contenu"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:177
+#: src/scm/webid-oidc/oidc-configuration.scm:175
 #, scheme-format
 msgid "unexpected content-type: ~s"
 msgstr "type de contenu inattendu : ~s"
 
-#: src/scm/webid-oidc/oidc-configuration.scm:187
+#: src/scm/webid-oidc/oidc-configuration.scm:185
 msgid ""
 "when making an OIDC configuration, either its required #:jwks-uri, #:"
-"authorization-endpoint and #:token-endpoint fields or #:server (and "
-"optionally #:http-request) or #:json-data should be passed"
+"authorization-endpoint and #:token-endpoint fields or #:server or #:json-"
+"data should be passed"
 msgstr ""
 "pour construire une configuration OIDC, il faut soit définir les paramètres "
 "requis #:jwks-uri, #:authorization-endpoint et #:token-endpoint, soit #:"
-"server (et potentiellement #:http-request), soit #:json-data"
+"server, soit #:json-data"
 
-#: src/scm/webid-oidc/oidc-id-token.scm:71
+#: src/scm/webid-oidc/oidc-id-token.scm:70
 #, scheme-format
 msgid "invalid OIDC ID token: ~a"
 msgstr "jeton d’identité OIDC invalide : ~a"
 
-#: src/scm/webid-oidc/oidc-id-token.scm:73
+#: src/scm/webid-oidc/oidc-id-token.scm:72
 msgid "invalid OIDC id token"
 msgstr "jeton d’identité OIDC invalide"
 
-#: src/scm/webid-oidc/oidc-id-token.scm:104
+#: src/scm/webid-oidc/oidc-id-token.scm:103
 msgid "#:sub should be a string"
 msgstr "#:sub doit être une chaîne de caractères"
 
-#: src/scm/webid-oidc/oidc-id-token.scm:109
+#: src/scm/webid-oidc/oidc-id-token.scm:108
 msgid "#:aud should be a string"
 msgstr "#:aud doit être une chaîne de caractères"
 
-#: src/scm/webid-oidc/oidc-id-token.scm:125
+#: src/scm/webid-oidc/oidc-id-token.scm:124
 msgid ""
 "when making an ID token either its required fields (#:alg, #:webid, #:iss, #:"
 "sub, #:aud, #:iat and #:exp) or (#:jwt-header and #:jwt-payload) should be "
@@ -1230,133 +1230,128 @@ msgstr ""
 "requis (#:alg, #:webid, #:iss, #:sub, #:aud, #:iat et #:exp) soit (#:jwt-"
 "header et #:jwt-payload)"
 
-#: src/scm/webid-oidc/program.scm:57
+#: src/scm/webid-oidc/program.scm:64
 #, scheme-format
 msgid "~a: Warning: XML_CATALOG_FILES is set to ~s.\n"
 msgstr "~a : Attention : XML_CATALOG_FILES vaut ~s.\n"
 
-#: src/scm/webid-oidc/program.scm:60
-#, scheme-format
-msgid "~a: GET ~a ~s...\n"
-msgstr "~a : GET ~a ~s…\n"
-
 #: src/scm/webid-oidc/program.scm:67
 #, scheme-format
-msgid "~a: Warning: loading XML catalog from the web, ~s.\n"
-msgstr "~a : Attention : chargement d’un catalogue XML depuis le web, ~s.\n"
+msgid "~a: ~s ~a ~s...\n"
+msgstr "~a : ~s ~a ~s…\n"
 
-#: src/scm/webid-oidc/program.scm:75
+#: src/scm/webid-oidc/program.scm:73
 #, scheme-format
-msgid "~a: GET ~a ~s: ~s ~a bytes\n"
-msgstr "~a : GET ~a ~s : ~s ~a octets\n"
+msgid "~a: ~s ~a ~s: ~s ~a bytes\n"
+msgstr "~a : ~s ~a ~s : ~s ~a octets\n"
 
-#: src/scm/webid-oidc/program.scm:122
+#: src/scm/webid-oidc/program.scm:126
 msgid "really bad internal server error"
 msgstr "erreur interne du serveur vraiment grave"
 
-#: src/scm/webid-oidc/program.scm:129
+#: src/scm/webid-oidc/program.scm:133
 #, scheme-format
 msgid "~a: ~a: Internal server error: ~a\n"
 msgstr "~a : ~a : Erreur interne du serveur : ~a\n"
 
-#: src/scm/webid-oidc/program.scm:135
+#: src/scm/webid-oidc/program.scm:139
 msgid "Internal Server Error"
 msgstr "Erreur Interne du Serveur"
 
-#: src/scm/webid-oidc/program.scm:138
+#: src/scm/webid-oidc/program.scm:142
 msgid "Sorry, there was an error."
 msgstr "Toutes nos excuses, il y a eu une erreurr."
 
-#: src/scm/webid-oidc/program.scm:159
+#: src/scm/webid-oidc/program.scm:163
 #, scheme-format
 msgid "~a: ~s ~a ~s ~a\n"
 msgstr "~a : ~s ~a ~s ~a\n"
 
-#: src/scm/webid-oidc/program.scm:161
+#: src/scm/webid-oidc/program.scm:165
 #, scheme-format
 msgid "~a: ~a (~a)"
 msgstr "~a : ~a (~a)"
 
-#: src/scm/webid-oidc/program.scm:165
+#: src/scm/webid-oidc/program.scm:169
 #, scheme-format
 msgid "~a: ~a"
 msgstr "~a : ~a"
 
-#: src/scm/webid-oidc/program.scm:175
+#: src/scm/webid-oidc/program.scm:179
 #, scheme-format
 msgid "(there was an error: ~a)"
 msgstr "(il y a eu une erreur : ~a)"
 
-#: src/scm/webid-oidc/program.scm:228
+#: src/scm/webid-oidc/program.scm:232
 msgid "command-line|describe-project"
 msgstr "décrire-projet"
 
-#: src/scm/webid-oidc/program.scm:234
+#: src/scm/webid-oidc/program.scm:238
 msgid "command-line|server|port"
 msgstr "port"
 
-#: src/scm/webid-oidc/program.scm:236
+#: src/scm/webid-oidc/program.scm:240
 msgid "command-line|server|server-name"
 msgstr "nom-du-serveur"
 
-#: src/scm/webid-oidc/program.scm:238
+#: src/scm/webid-oidc/program.scm:242
 msgid "command-line|server|reverse-proxy|backend-uri"
 msgstr "uri-arrière-plan"
 
-#: src/scm/webid-oidc/program.scm:240
+#: src/scm/webid-oidc/program.scm:244
 msgid "command-line|server|reverse-proxy|header"
 msgstr "en-tête"
 
-#: src/scm/webid-oidc/program.scm:242
+#: src/scm/webid-oidc/program.scm:246
 msgid "command-line|server|issuer|key-file"
 msgstr "fichier-clé"
 
-#: src/scm/webid-oidc/program.scm:244
+#: src/scm/webid-oidc/program.scm:248
 msgid "command-line|server|issuer|subject"
 msgstr "sujet"
 
-#: src/scm/webid-oidc/program.scm:246
+#: src/scm/webid-oidc/program.scm:250
 msgid "command-line|server|issuer|encrypted-password"
 msgstr "mot-de-passe-chiffré"
 
-#: src/scm/webid-oidc/program.scm:248
+#: src/scm/webid-oidc/program.scm:252
 msgid "command-line|server|issuer|encrypted-password-from-file"
 msgstr "fichier-de-mot-de-passe-chiffré"
 
-#: src/scm/webid-oidc/program.scm:250
+#: src/scm/webid-oidc/program.scm:254
 msgid "command-line|server|issuer|jwks-uri"
 msgstr "uri-jwks"
 
-#: src/scm/webid-oidc/program.scm:252
+#: src/scm/webid-oidc/program.scm:256
 msgid "command-line|server|issuer|authorization-endpoint-uri"
 msgstr "uri-terminal-autorisation"
 
-#: src/scm/webid-oidc/program.scm:254
+#: src/scm/webid-oidc/program.scm:258
 msgid "command-line|server|issuer|token-endpoint-uri"
 msgstr "uri-terminal-jeton"
 
-#: src/scm/webid-oidc/program.scm:256
+#: src/scm/webid-oidc/program.scm:260
 msgid "command-line|server|client-id"
 msgstr "id-client"
 
-#: src/scm/webid-oidc/program.scm:258
+#: src/scm/webid-oidc/program.scm:262
 msgid "command-line|server|redirect-uri"
 msgstr "uri-redirection"
 
-#: src/scm/webid-oidc/program.scm:260
+#: src/scm/webid-oidc/program.scm:264
 msgid "command-line|server|client-name"
 msgstr "nom-client"
 
-#: src/scm/webid-oidc/program.scm:262
+#: src/scm/webid-oidc/program.scm:266
 msgid "command-line|server|client-uri"
 msgstr "uri-client"
 
-#: src/scm/webid-oidc/program.scm:296
+#: src/scm/webid-oidc/program.scm:300
 #, scheme-format
 msgid "Usage: ~a COMMAND [OPTIONS]...\n"
 msgstr "Utilisation : ~a COMMANDE [OPTIONS]...\n"
 
-#: src/scm/webid-oidc/program.scm:300
+#: src/scm/webid-oidc/program.scm:304
 msgid ""
 "\n"
 "Run the disfluid COMMAND."
@@ -1364,7 +1359,7 @@ msgstr ""
 "\n"
 "Exécute la COMMANDE disfluid."
 
-#: src/scm/webid-oidc/program.scm:303
+#: src/scm/webid-oidc/program.scm:307
 msgid ""
 "\n"
 "This program is covered by the GNU Affero GPL, version 3 or\n"
@@ -1380,7 +1375,7 @@ msgstr ""
 "code source complet correspondant (avec vos modifications) sans\n"
 "frais. Le serveur ajoute un en-tête « Source: » à toutes les réponses."
 
-#: src/scm/webid-oidc/program.scm:310
+#: src/scm/webid-oidc/program.scm:314
 msgid ""
 "\n"
 "Available commands:"
@@ -1388,7 +1383,7 @@ msgstr ""
 "\n"
 "Commandes disponibles :"
 
-#: src/scm/webid-oidc/program.scm:312
+#: src/scm/webid-oidc/program.scm:316
 #, scheme-format
 msgid ""
 "\n"
@@ -1399,12 +1394,12 @@ msgstr ""
 "  ~a :\n"
 "      exécute le proxy inverse authentifiant."
 
-#: src/scm/webid-oidc/program.scm:315 src/scm/webid-oidc/program.scm:510
-#: src/scm/webid-oidc/program.scm:710
+#: src/scm/webid-oidc/program.scm:319 src/scm/webid-oidc/program.scm:514
+#: src/scm/webid-oidc/program.scm:714
 msgid "command-line|command|reverse-proxy"
 msgstr "proxy-inversé"
 
-#: src/scm/webid-oidc/program.scm:316
+#: src/scm/webid-oidc/program.scm:320
 #, scheme-format
 msgid ""
 "\n"
@@ -1415,12 +1410,12 @@ msgstr ""
 "  ~a :\n"
 "      exécute un fournisseur d’identité."
 
-#: src/scm/webid-oidc/program.scm:319 src/scm/webid-oidc/program.scm:535
-#: src/scm/webid-oidc/program.scm:732
+#: src/scm/webid-oidc/program.scm:323 src/scm/webid-oidc/program.scm:539
+#: src/scm/webid-oidc/program.scm:735
 msgid "command-line|command|identity-provider"
 msgstr "fournisseur-identité"
 
-#: src/scm/webid-oidc/program.scm:320
+#: src/scm/webid-oidc/program.scm:324
 #, scheme-format
 msgid ""
 "\n"
@@ -1431,12 +1426,12 @@ msgstr ""
 "  ~a :\n"
 "      sert les pages d’une application publique."
 
-#: src/scm/webid-oidc/program.scm:323 src/scm/webid-oidc/program.scm:556
-#: src/scm/webid-oidc/program.scm:774
+#: src/scm/webid-oidc/program.scm:327 src/scm/webid-oidc/program.scm:560
+#: src/scm/webid-oidc/program.scm:776
 msgid "command-line|command|client-service"
 msgstr "service-client"
 
-#: src/scm/webid-oidc/program.scm:324
+#: src/scm/webid-oidc/program.scm:328
 #, scheme-format
 msgid ""
 "\n"
@@ -1449,12 +1444,12 @@ msgstr ""
 "      exécute un serveur complet, avec un fournisseur d’identité et\n"
 "      une fonction de stockage de ressources."
 
-#: src/scm/webid-oidc/program.scm:328 src/scm/webid-oidc/program.scm:582
-#: src/scm/webid-oidc/program.scm:803
+#: src/scm/webid-oidc/program.scm:332 src/scm/webid-oidc/program.scm:586
+#: src/scm/webid-oidc/program.scm:805
 msgid "command-line|command|server"
 msgstr "serveur"
 
-#: src/scm/webid-oidc/program.scm:330
+#: src/scm/webid-oidc/program.scm:334
 msgid ""
 "\n"
 "If no command is specified, run the browser."
@@ -1462,7 +1457,7 @@ msgstr ""
 "\n"
 "Si aucune commande n’est spécifiée, exécute le navigateur."
 
-#: src/scm/webid-oidc/program.scm:333
+#: src/scm/webid-oidc/program.scm:337
 msgid ""
 "\n"
 "General options:"
@@ -1470,7 +1465,7 @@ msgstr ""
 "\n"
 "Options générales :"
 
-#: src/scm/webid-oidc/program.scm:335
+#: src/scm/webid-oidc/program.scm:339
 #, scheme-format
 msgid ""
 "\n"
@@ -1484,7 +1479,7 @@ msgstr ""
 "      correspondant. Par exemple, MOYEN serait une URI pointant vers\n"
 "      l’archive de code."
 
-#: src/scm/webid-oidc/program.scm:340
+#: src/scm/webid-oidc/program.scm:344
 #, scheme-format
 msgid ""
 "\n"
@@ -1495,7 +1490,7 @@ msgstr ""
 "  -h, --~a :\n"
 "      affiche un court message d’aide et quitte."
 
-#: src/scm/webid-oidc/program.scm:344
+#: src/scm/webid-oidc/program.scm:348
 #, scheme-format
 msgid ""
 "\n"
@@ -1506,7 +1501,7 @@ msgstr ""
 "  -v, --~a :\n"
 "      affiche le numéro de version (~a, publiée le ~a) et quitte."
 
-#: src/scm/webid-oidc/program.scm:350
+#: src/scm/webid-oidc/program.scm:354
 #, scheme-format
 msgid ""
 "\n"
@@ -1517,7 +1512,7 @@ msgstr ""
 "      --~a :\n"
 "      décrit le projet dans le vocabulaire DOAP et quitte."
 
-#: src/scm/webid-oidc/program.scm:354
+#: src/scm/webid-oidc/program.scm:358
 #, scheme-format
 msgid ""
 "\n"
@@ -1528,7 +1523,7 @@ msgstr ""
 "  -l FICHIER.journal, --~a=FICHIER.journal :\n"
 "      redirige la sortie standard du programme vers FICHIER.journal."
 
-#: src/scm/webid-oidc/program.scm:358
+#: src/scm/webid-oidc/program.scm:362
 #, scheme-format
 msgid ""
 "\n"
@@ -1539,7 +1534,7 @@ msgstr ""
 "  -e FICHIER.erreurs, --~a=FICHIER.erreurs :\n"
 "      redirige les erreurs du programme vers FICHIER.erreurs."
 
-#: src/scm/webid-oidc/program.scm:363
+#: src/scm/webid-oidc/program.scm:367
 msgid ""
 "\n"
 "General server-side options:"
@@ -1547,7 +1542,7 @@ msgstr ""
 "\n"
 "Options générales pour un serveur :"
 
-#: src/scm/webid-oidc/program.scm:365
+#: src/scm/webid-oidc/program.scm:369
 #, scheme-format
 msgid ""
 "\n"
@@ -1558,7 +1553,7 @@ msgstr ""
 "  -p PORT, --~a=PORT :\n"
 "      définit le port à lier, 8080 par défaut."
 
-#: src/scm/webid-oidc/program.scm:369
+#: src/scm/webid-oidc/program.scm:373
 #, scheme-format
 msgid ""
 "\n"
@@ -1570,7 +1565,7 @@ msgstr ""
 "      définit l’URI publique du serveur (schéma, identifiant de\n"
 "      l’utilisateur, hôte et port)."
 
-#: src/scm/webid-oidc/program.scm:374
+#: src/scm/webid-oidc/program.scm:378
 msgid ""
 "\n"
 "Options for the resource server:"
@@ -1578,7 +1573,7 @@ msgstr ""
 "\n"
 "Options pour le serveur de ressources :"
 
-#: src/scm/webid-oidc/program.scm:376
+#: src/scm/webid-oidc/program.scm:380
 #, scheme-format
 msgid ""
 "\n"
@@ -1593,7 +1588,7 @@ msgstr ""
 "      authentifié, XXX-Agent par défaut. Pour un serveur complet, ceci\n"
 "      désactive l’authentification par Solid-OIDC."
 
-#: src/scm/webid-oidc/program.scm:382
+#: src/scm/webid-oidc/program.scm:386
 #, scheme-format
 msgid ""
 "\n"
@@ -1606,7 +1601,7 @@ msgstr ""
 "      définit l’URI sortante du proxy inversé, seulement pour la\n"
 "      commande proxy-inversé."
 
-#: src/scm/webid-oidc/program.scm:388
+#: src/scm/webid-oidc/program.scm:392
 msgid ""
 "\n"
 "Options for the identity provider:"
@@ -1614,7 +1609,7 @@ msgstr ""
 "\n"
 "Options du fournisseur d’identité :"
 
-#: src/scm/webid-oidc/program.scm:390
+#: src/scm/webid-oidc/program.scm:394
 #, scheme-format
 msgid ""
 "\n"
@@ -1628,7 +1623,7 @@ msgstr ""
 "      nouvelle clé sera générée. Le serveur n’offre pas de service\n"
 "      HTTPS."
 
-#: src/scm/webid-oidc/program.scm:395
+#: src/scm/webid-oidc/program.scm:399
 #, scheme-format
 msgid ""
 "\n"
@@ -1639,7 +1634,7 @@ msgstr ""
 "  -s WEBID, --~a=WEBID :\n"
 "      définit l'identité du sujet."
 
-#: src/scm/webid-oidc/program.scm:399
+#: src/scm/webid-oidc/program.scm:403
 #, scheme-format
 msgid ""
 "\n"
@@ -1650,7 +1645,7 @@ msgstr ""
 "  -w MOT_DE_PASSE_CHIFFRÉ, --~a=MOT_DE_PASSE_CHIFFRÉ :\n"
 "      définit le mot de passe chiffré pour reconnaître l’utilisateur."
 
-#: src/scm/webid-oidc/program.scm:403
+#: src/scm/webid-oidc/program.scm:407
 #, scheme-format
 msgid ""
 "\n"
@@ -1663,7 +1658,7 @@ msgstr ""
 "      lit le mot de passe chiffré de l’utilisateur dans "
 "FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ."
 
-#: src/scm/webid-oidc/program.scm:407
+#: src/scm/webid-oidc/program.scm:411
 #, scheme-format
 msgid ""
 "\n"
@@ -1674,7 +1669,7 @@ msgstr ""
 "  -j URI, --~a=URI :\n"
 "        définit l’URI pour requêter les clés du serveur."
 
-#: src/scm/webid-oidc/program.scm:411
+#: src/scm/webid-oidc/program.scm:415
 #, scheme-format
 msgid ""
 "\n"
@@ -1686,7 +1681,7 @@ msgstr ""
 "      définit l'URI du terminal d'autorisation de l’émetteur\n"
 "      d’identité."
 
-#: src/scm/webid-oidc/program.scm:415
+#: src/scm/webid-oidc/program.scm:419
 #, scheme-format
 msgid ""
 "\n"
@@ -1697,7 +1692,7 @@ msgstr ""
 "  -t URI, --~a=URI :\n"
 "      définit le terminal de jeton de l’émetteur d’identité."
 
-#: src/scm/webid-oidc/program.scm:420
+#: src/scm/webid-oidc/program.scm:424
 msgid ""
 "\n"
 "Options for the client service:"
@@ -1705,7 +1700,7 @@ msgstr ""
 "\n"
 "Options pour le service associé à un client :"
 
-#: src/scm/webid-oidc/program.scm:422
+#: src/scm/webid-oidc/program.scm:426
 #, scheme-format
 msgid ""
 "\n"
@@ -1718,7 +1713,7 @@ msgstr ""
 "      définit l’identifiant web de l’application client, qui est\n"
 "      déréférencé pour une ressource sémantique."
 
-#: src/scm/webid-oidc/program.scm:427
+#: src/scm/webid-oidc/program.scm:431
 #, scheme-format
 msgid ""
 "\n"
@@ -1732,7 +1727,7 @@ msgstr ""
 "      d’autorisation. La page de redirection affiche le code à coller\n"
 "      dans l’application."
 
-#: src/scm/webid-oidc/program.scm:432
+#: src/scm/webid-oidc/program.scm:436
 #, scheme-format
 msgid ""
 "\n"
@@ -1744,7 +1739,7 @@ msgstr ""
 "      définit le nom de l’application visible par l’utilisateur (peut\n"
 "      être trompeur…)."
 
-#: src/scm/webid-oidc/program.scm:436
+#: src/scm/webid-oidc/program.scm:440
 #, scheme-format
 msgid ""
 "\n"
@@ -1757,7 +1752,7 @@ msgstr ""
 "      définit l’URI présentant plus d’informations à propos de\n"
 "      l’application (peut aussi être trompeur)."
 
-#: src/scm/webid-oidc/program.scm:442
+#: src/scm/webid-oidc/program.scm:446
 msgid ""
 "\n"
 "Environment variables:"
@@ -1765,7 +1760,7 @@ msgstr ""
 "\n"
 "Variables d’environnement :"
 
-#: src/scm/webid-oidc/program.scm:444
+#: src/scm/webid-oidc/program.scm:448
 msgid ""
 "\n"
 "  XML_CATALOG_FILES: the server will fetch resources on the web. By\n"
@@ -1784,9 +1779,9 @@ msgstr ""
 "      fichiers depuis le système de fichiers, parce qu’il n’y a pas de\n"
 "      moyen de spécifier le type de contenu."
 
-#: src/scm/webid-oidc/program.scm:452 src/scm/webid-oidc/program.scm:459
-#: src/scm/webid-oidc/program.scm:468 src/scm/webid-oidc/program.scm:476
-#: src/scm/webid-oidc/program.scm:484
+#: src/scm/webid-oidc/program.scm:456 src/scm/webid-oidc/program.scm:463
+#: src/scm/webid-oidc/program.scm:472 src/scm/webid-oidc/program.scm:480
+#: src/scm/webid-oidc/program.scm:488
 #, scheme-format
 msgid ""
 "the-environment-variable|\n"
@@ -1795,7 +1790,7 @@ msgstr ""
 " \n"
 "      Elle vaut actuellement ~s."
 
-#: src/scm/webid-oidc/program.scm:455
+#: src/scm/webid-oidc/program.scm:459
 msgid ""
 "\n"
 "  LANG: set the locale of the user interface (for the server commands,\n"
@@ -1805,7 +1800,7 @@ msgstr ""
 "  LANG : définit la locale de l’interface utilisateur (pour les\n"
 "      commandes serveur, l’utilisateur est l’administrateur système)."
 
-#: src/scm/webid-oidc/program.scm:462
+#: src/scm/webid-oidc/program.scm:466
 msgid ""
 "\n"
 "  XDG_DATA_HOME: where the program stores persistent data. The\n"
@@ -1820,7 +1815,7 @@ msgstr ""
 "      ici. Pour un service système, il est recommandé d’utiliser\n"
 "      /var/lib."
 
-#: src/scm/webid-oidc/program.scm:471
+#: src/scm/webid-oidc/program.scm:475
 msgid ""
 "\n"
 "  XDG_CACHE_HOME: where the program stores and updates the seed file,\n"
@@ -1833,7 +1828,7 @@ msgstr ""
 "      supprimer ce dossier n’importe quand. Le fichier de graine sera\n"
 "      initialisé à partir de /dev/random."
 
-#: src/scm/webid-oidc/program.scm:479
+#: src/scm/webid-oidc/program.scm:483
 msgid ""
 "\n"
 "  HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n"
@@ -1845,7 +1840,7 @@ msgstr ""
 "      valeur est calculée à partir de la variable d’environnement\n"
 "      HOME. Elle n’est pas utilisée autrement."
 
-#: src/scm/webid-oidc/program.scm:488
+#: src/scm/webid-oidc/program.scm:492
 msgid ""
 "\n"
 "Running a reverse proxy"
@@ -1853,7 +1848,7 @@ msgstr ""
 "\n"
 "Exécution d’un proxy inversé"
 
-#: src/scm/webid-oidc/program.scm:490
+#: src/scm/webid-oidc/program.scm:494
 msgid ""
 "\n"
 "Suppose that you operate data.provider.com. You want to run an\n"
@@ -1875,7 +1870,7 @@ msgstr ""
 "authentifié. https://private.data.provider.com ne doit accepter que\n"
 "les requêtes depuis ce proxy inversé."
 
-#: src/scm/webid-oidc/program.scm:500
+#: src/scm/webid-oidc/program.scm:504
 #, scheme-format
 msgid ""
 "\n"
@@ -1899,7 +1894,7 @@ msgstr ""
 "      --~a '/var/log/proxy.log' \\\n"
 "      --~a '/var/log/proxy.err'"
 
-#: src/scm/webid-oidc/program.scm:515
+#: src/scm/webid-oidc/program.scm:519
 msgid ""
 "\n"
 "Running an identity provider"
@@ -1907,7 +1902,7 @@ msgstr ""
 "\n"
 "Exécution d’un fournisseur d’identité"
 
-#: src/scm/webid-oidc/program.scm:517
+#: src/scm/webid-oidc/program.scm:521
 msgid ""
 "\n"
 "The identity provider running at webid-oidc-demo.planete-kraus.eu is\n"
@@ -1918,7 +1913,7 @@ msgstr ""
 "webid-oidc-demo.planete-kraus.eu est invoqué avec les options\n"
 "suivantes :"
 
-#: src/scm/webid-oidc/program.scm:521
+#: src/scm/webid-oidc/program.scm:525
 #, scheme-format
 msgid ""
 "\n"
@@ -1952,7 +1947,7 @@ msgstr ""
 "      --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n"
 "      --~a $PORT"
 
-#: src/scm/webid-oidc/program.scm:541
+#: src/scm/webid-oidc/program.scm:545
 msgid ""
 "\n"
 "Running the public pages for an application"
@@ -1960,7 +1955,7 @@ msgstr ""
 "\n"
 "Service des pages publiques pour une application"
 
-#: src/scm/webid-oidc/program.scm:543
+#: src/scm/webid-oidc/program.scm:547
 msgid ""
 "\n"
 "The example client application pages for\n"
@@ -1970,7 +1965,7 @@ msgstr ""
 "Les pages de l’application client d’exemple pour\n"
 "webid-oidc-demo.planete-kraus.eu sont servies de cette façon :"
 
-#: src/scm/webid-oidc/program.scm:547
+#: src/scm/webid-oidc/program.scm:551
 #, scheme-format
 msgid ""
 "\n"
@@ -1998,7 +1993,7 @@ msgstr ""
 "html#Running-a-client' \\\n"
 "      --~a $PORT"
 
-#: src/scm/webid-oidc/program.scm:561
+#: src/scm/webid-oidc/program.scm:565
 msgid ""
 "\n"
 "Running a full server"
@@ -2006,7 +2001,7 @@ msgstr ""
 "\n"
 "Exécution d’un serveur complet"
 
-#: src/scm/webid-oidc/program.scm:564
+#: src/scm/webid-oidc/program.scm:568
 msgid ""
 "\n"
 "To run the server with identity provider and\n"
@@ -2018,7 +2013,7 @@ msgstr ""
 "un serveur de ressources pour un utilisateur particulier, vous devez\n"
 "combiner les options des parties."
 
-#: src/scm/webid-oidc/program.scm:568
+#: src/scm/webid-oidc/program.scm:572
 #, scheme-format
 msgid ""
 "\n"
@@ -2052,7 +2047,7 @@ msgstr ""
 "      --~a 'https://data.planete-kraus.eu/token' \\\n"
 "      --~a '...port...'"
 
-#: src/scm/webid-oidc/program.scm:593
+#: src/scm/webid-oidc/program.scm:597
 #, scheme-format
 msgid ""
 "\n"
@@ -2061,7 +2056,7 @@ msgstr ""
 "\n"
 "Si vous trouvez une erreur, veuillez en envoyer un rapport à ~a."
 
-#: src/scm/webid-oidc/program.scm:598
+#: src/scm/webid-oidc/program.scm:602
 #, scheme-format
 msgid ""
 "~a version ~a\n"
@@ -2072,27 +2067,27 @@ msgstr ""
 "\n"
 "Publiée le ~a\n"
 
-#: src/scm/webid-oidc/program.scm:635
+#: src/scm/webid-oidc/program.scm:639
 #, scheme-format
 msgid "The --~a argument must be a number, not ~s.\n"
 msgstr "L’argument de --~a doit être un nombre, pas ~s.\n"
 
-#: src/scm/webid-oidc/program.scm:641
+#: src/scm/webid-oidc/program.scm:645
 #, scheme-format
 msgid "The --~a argument must be an integer, not ~s.\n"
 msgstr "L’argument de --~a doit être un entier, pas ~s.\n"
 
-#: src/scm/webid-oidc/program.scm:647
+#: src/scm/webid-oidc/program.scm:651
 #, scheme-format
 msgid "The --~a argument must be positive, ~s is invalid.\n"
 msgstr "L’argument de --~a doit être positif, ~s est invalide.\n"
 
-#: src/scm/webid-oidc/program.scm:652
+#: src/scm/webid-oidc/program.scm:656
 #, scheme-format
 msgid "The --~a argument must be less than 65536, ~s is invalid.\n"
 msgstr "L’argument de --~a doit être inférieur à 65536, ~s est invalide.\n"
 
-#: src/scm/webid-oidc/program.scm:680
+#: src/scm/webid-oidc/program.scm:684
 msgid ""
 "You specified two different passwords: one directly, and one from a file. "
 "Please set only one password.\n"
@@ -2100,18 +2095,18 @@ msgstr ""
 "Vous avez spécifié deux mots de passe différents : l’un directement,\n"
 "et un autre depuis un fichier. Veuillez n’en spécifier qu’un.\n"
 
-#: src/scm/webid-oidc/program.scm:713 src/scm/webid-oidc/program.scm:735
-#: src/scm/webid-oidc/program.scm:805
+#: src/scm/webid-oidc/program.scm:717 src/scm/webid-oidc/program.scm:738
+#: src/scm/webid-oidc/program.scm:807
 #, scheme-format
 msgid "You must pass --~a to set the server name.\n"
 msgstr "Vous devez passer --~a pour définir le nom du serveur.\n"
 
-#: src/scm/webid-oidc/program.scm:717
+#: src/scm/webid-oidc/program.scm:721
 #, scheme-format
 msgid "You must pass --~a to set the backend URI.\n"
 msgstr "Vous devez passer --~a pour définir l'URI du service d’arrière-plan.\n"
 
-#: src/scm/webid-oidc/program.scm:739 src/scm/webid-oidc/program.scm:809
+#: src/scm/webid-oidc/program.scm:742 src/scm/webid-oidc/program.scm:811
 #, scheme-format
 msgid ""
 "You must pass --~a to set the file where to store the identity provider "
@@ -2120,66 +2115,66 @@ msgstr ""
 "Vous devez passer --~a pour définir le nom du fichier pour sauvegarder\n"
 "la clé du fournisseur d’identité.\n"
 
-#: src/scm/webid-oidc/program.scm:743 src/scm/webid-oidc/program.scm:813
+#: src/scm/webid-oidc/program.scm:746 src/scm/webid-oidc/program.scm:815
 #, scheme-format
 msgid "You must pass --~a to set the subject of the identity provider.\n"
 msgstr ""
 "Vous devez passer --~a pour définir le sujet du fournisseur d’identité.\n"
 
-#: src/scm/webid-oidc/program.scm:747
+#: src/scm/webid-oidc/program.scm:750
 #, scheme-format
 msgid "You must pass --~a or --~a to set the subject’s encrypted password.\n"
 msgstr ""
 "Vous devez passer --~a ou --~a pour définir le mot de passe chiffré du "
 "sujet.\n"
 
-#: src/scm/webid-oidc/program.scm:751 src/scm/webid-oidc/program.scm:821
+#: src/scm/webid-oidc/program.scm:754 src/scm/webid-oidc/program.scm:823
 #, scheme-format
 msgid "You must pass --~a to set the JWKS URI.\n"
 msgstr "Vous devez passer --~a pour définir l'URI du JWKS.\n"
 
-#: src/scm/webid-oidc/program.scm:755 src/scm/webid-oidc/program.scm:825
+#: src/scm/webid-oidc/program.scm:758 src/scm/webid-oidc/program.scm:827
 #, scheme-format
 msgid "You must pass --~a to set the authorization endpoint URI.\n"
 msgstr ""
 "Vous devez passer --~a pour définir l'URI du terminal d'autorisation.\n"
 
-#: src/scm/webid-oidc/program.scm:759 src/scm/webid-oidc/program.scm:829
+#: src/scm/webid-oidc/program.scm:762 src/scm/webid-oidc/program.scm:831
 #, scheme-format
 msgid "You must pass --~a to set the token endpoint URI.\n"
 msgstr "Vous devez passer --~a pour définir l'URI du terminal de jeton.\n"
 
-#: src/scm/webid-oidc/program.scm:777
+#: src/scm/webid-oidc/program.scm:779
 #, scheme-format
 msgid "You must pass --~a to set the application web ID.\n"
 msgstr ""
 "Vous devez passer --~a pour définir l'identifiant web de l’application.\n"
 
-#: src/scm/webid-oidc/program.scm:781
+#: src/scm/webid-oidc/program.scm:783
 #, scheme-format
 msgid "You must pass --~a to set the redirection URI.\n"
 msgstr "Vous devez passer --~a pour définir l'URI de redirection.\n"
 
-#: src/scm/webid-oidc/program.scm:785
+#: src/scm/webid-oidc/program.scm:787
 #, scheme-format
 msgid "You must pass --~a to set the informative client name.\n"
 msgstr ""
 "Vous devez passer --~a pour donner un nom pour l’application à titre "
 "informatif.\n"
 
-#: src/scm/webid-oidc/program.scm:789
+#: src/scm/webid-oidc/program.scm:791
 #, scheme-format
 msgid "You must pass --~a to set the informative client URI.\n"
 msgstr ""
 "Vous devez passer --~a pour définir l'URI du client, à titre informatif.\n"
 
-#: src/scm/webid-oidc/program.scm:817
+#: src/scm/webid-oidc/program.scm:819
 #, scheme-format
 msgid "You must pass --~a to set the subject’s encrypted password.\n"
 msgstr ""
 "Vous devez passer --~a pour définir le mot de passe chiffré du sujet.\n"
 
-#: src/scm/webid-oidc/program.scm:872
+#: src/scm/webid-oidc/program.scm:871
 #, scheme-format
 msgid "Unknown command ~s\n"
 msgstr "Commande inconnue ~s\n"
@@ -2194,7 +2189,7 @@ msgid "the refresh token is bound to key ~s, which is not that one"
 msgstr ""
 "le jeton de rafraîchissement est lié à la clé ~s, ce n’est pas celle utilisée"
 
-#: src/scm/webid-oidc/resource-server.scm:61
+#: src/scm/webid-oidc/resource-server.scm:58
 msgid ""
 "You need to pass #:server-uri URI where URI is the public URI of the server, "
 "as a (web uri)."
@@ -2202,65 +2197,65 @@ msgstr ""
 "Vous devez passer #:server-uri URI où URI est l’URI publique du serveur, "
 "comme dans (web uri)."
 
-#: src/scm/webid-oidc/resource-server.scm:88
+#: src/scm/webid-oidc/resource-server.scm:85
 #, scheme-format
 msgid "~a: authentication failure: ~a\n"
 msgstr "~a : échec d’authentificationn : ~a\n"
 
-#: src/scm/webid-oidc/resource-server.scm:92
+#: src/scm/webid-oidc/resource-server.scm:89
 #, scheme-format
 msgid "~a: authentication failure\n"
 msgstr "~a : échec d’authentification\n"
 
-#: src/scm/webid-oidc/resource-server.scm:171
-#: src/scm/webid-oidc/resource-server.scm:362
+#: src/scm/webid-oidc/resource-server.scm:157
+#: src/scm/webid-oidc/resource-server.scm:342
 msgid "reason-phrase|Precondition Failed"
 msgstr "Échec de Précondition"
 
-#: src/scm/webid-oidc/resource-server.scm:186
+#: src/scm/webid-oidc/resource-server.scm:172
 msgid "reason-phrase|Not Modified"
 msgstr "Non Modifié"
 
-#: src/scm/webid-oidc/resource-server.scm:202
+#: src/scm/webid-oidc/resource-server.scm:187
 msgid "The owner is not defined."
 msgstr "Le propriétaire n’est pas défini."
 
-#: src/scm/webid-oidc/resource-server.scm:274
+#: src/scm/webid-oidc/resource-server.scm:256
 msgid "reason-phrase|Created"
 msgstr "Créé"
 
-#: src/scm/webid-oidc/resource-server.scm:299
+#: src/scm/webid-oidc/resource-server.scm:279
 #, scheme-format
 msgid "~a: ignoring a group that cannot be fetched: ~a\n"
 msgstr "~a : j’ignore un groupe qui n’a pas pu être téléchargé : ~a\n"
 
-#: src/scm/webid-oidc/resource-server.scm:303
+#: src/scm/webid-oidc/resource-server.scm:283
 #, scheme-format
 msgid "~a: ignoring a group that cannot be fetched\n"
 msgstr "~a : j’ignore un groupe qui ne peut pas être téléchargé\n"
 
-#: src/scm/webid-oidc/resource-server.scm:327
-#: src/scm/webid-oidc/token-endpoint.scm:105
+#: src/scm/webid-oidc/resource-server.scm:307
+#: src/scm/webid-oidc/token-endpoint.scm:104
 msgid "reason-phrase|Forbidden"
 msgstr "Interdit"
 
-#: src/scm/webid-oidc/resource-server.scm:348
+#: src/scm/webid-oidc/resource-server.scm:328
 msgid "reason-phrase|Conflict"
 msgstr "Conflit"
 
-#: src/scm/webid-oidc/resource-server.scm:355
+#: src/scm/webid-oidc/resource-server.scm:335
 msgid "reason-phrase|Unsupported Media Type"
 msgstr "Type de Média Non Supporté"
 
-#: src/scm/webid-oidc/resource-server.scm:369
+#: src/scm/webid-oidc/resource-server.scm:349
 msgid "reason-phrase|Not Acceptable"
 msgstr "Inacceptable"
 
-#: src/scm/webid-oidc/reverse-proxy.scm:60
+#: src/scm/webid-oidc/reverse-proxy.scm:57
 msgid "#:endpoint argument is not present or not an URI."
 msgstr "l’argument de #:endpoint n’est pas présent, ou pas une URI."
 
-#: src/scm/webid-oidc/serve.scm:76
+#: src/scm/webid-oidc/serve.scm:77
 msgid "content negociation failed while serving a request"
 msgstr "la négociation de contenu a échoué pour le service d’une requête"
 
@@ -2269,16 +2264,16 @@ msgstr "la négociation de contenu a échoué pour le service d’une requête"
 msgid "only text/turtle is allowed for the target of a POST request, not ~s"
 msgstr "seul text/turtle est autorisé comme cible d’une requête POST, pas ~s"
 
-#: src/scm/webid-oidc/server/create.scm:105
+#: src/scm/webid-oidc/server/create.scm:106
 msgid "the created resource cannot have containment triples"
 msgstr "la ressource créée ne peut pas avoir de triplets de contention"
 
-#: src/scm/webid-oidc/server/create.scm:147
+#: src/scm/webid-oidc/server/create.scm:146
 #, scheme-format
 msgid "cannot POST to an auxiliary resource path, ~s"
 msgstr "impossible de POSTer vers un chemin de ressource auxiliaire, ~s"
 
-#: src/scm/webid-oidc/server/read.scm:105
+#: src/scm/webid-oidc/server/read.scm:103
 #, scheme-format
 msgid "the auxiliary resource of type ~s at ~s is absent"
 msgstr "la ressource auxiliaire de type ~s à ~s est absente"
@@ -2331,51 +2326,51 @@ msgstr "pendant la mise à jour du fichier ~s : ~a"
 msgid "an error happened while updating file ~s"
 msgstr "une erreur est survenue pendant la mise à jour du fichier ~s"
 
-#: src/scm/webid-oidc/token-endpoint.scm:93
+#: src/scm/webid-oidc/token-endpoint.scm:92
 #, scheme-format
 msgid "while handling web failure for the token endpoint: ~a"
 msgstr "lors de la gestion d’un échec web pour le terminal de jeton : ~a"
 
-#: src/scm/webid-oidc/token-endpoint.scm:95
+#: src/scm/webid-oidc/token-endpoint.scm:94
 msgid "an error happened during the token endpoint failure handling"
 msgstr ""
 "une erreur est survenue pendant la gestion d’un échec du terminal de jeton"
 
-#: src/scm/webid-oidc/token-endpoint.scm:225
+#: src/scm/webid-oidc/token-endpoint.scm:224
 msgid "missing grant type"
 msgstr "type d’offre manquant"
 
-#: src/scm/webid-oidc/token-endpoint.scm:229
+#: src/scm/webid-oidc/token-endpoint.scm:228
 msgid "<p>You did not specify a grant_type for this request.</p>"
 msgstr "<p>Vous n’avez pas spécifié de grant_type pour cette requête.</p>"
 
-#: src/scm/webid-oidc/token-endpoint.scm:243
+#: src/scm/webid-oidc/token-endpoint.scm:242
 msgid "missing authorization code"
 msgstr "code d’autorisation manquant"
 
-#: src/scm/webid-oidc/token-endpoint.scm:247
+#: src/scm/webid-oidc/token-endpoint.scm:246
 msgid ""
 "<p>You want to grant an authorization code, but you did not set one.</p>"
 msgstr ""
 "<p>Vous voulez offrir un code d’autorisation, mais vous n’en avez pas défini."
 "</p>"
 
-#: src/scm/webid-oidc/token-endpoint.scm:268
+#: src/scm/webid-oidc/token-endpoint.scm:267
 msgid "missing refresh token"
 msgstr "jeton de rafraîchissement manquant"
 
-#: src/scm/webid-oidc/token-endpoint.scm:272
+#: src/scm/webid-oidc/token-endpoint.scm:271
 msgid "<p>You want to grant a refresh token, but you did not set one.</p>"
 msgstr ""
 "<p>Vous voulez offrir un jeton de rafraîchissement, mais vous n’en avez pas "
 "défini.</p>"
 
-#: src/scm/webid-oidc/token-endpoint.scm:285
+#: src/scm/webid-oidc/token-endpoint.scm:284
 #, scheme-format
 msgid "unsupported grant type: ~s"
 msgstr "type d’offre non supporté : ~s"
 
-#: src/scm/webid-oidc/token-endpoint.scm:290
+#: src/scm/webid-oidc/token-endpoint.scm:289
 #, scheme-format
 msgid ""
 "<p>You want to use <pre>~s</pre> as a grant type, but this is not supported."
@@ -2385,6 +2380,10 @@ msgstr ""
 "supporté.</p>"
 
 #, scheme-format
+#~ msgid "~a: Warning: loading XML catalog from the web, ~s.\n"
+#~ msgstr "~a : Attention : chargement d’un catalogue XML depuis le web, ~s.\n"
+
+#, scheme-format
 #~ msgid "the OIDC configuration is invalid: ~a"
 #~ msgstr "la configuration OIDC est invalide : ~a"
 
diff --git a/src/scm/webid-oidc/access-token.scm b/src/scm/webid-oidc/access-token.scm
index 0960069..d40e0da 100644
--- a/src/scm/webid-oidc/access-token.scm
+++ b/src/scm/webid-oidc/access-token.scm
@@ -22,7 +22,6 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (ice-9 optargs)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-19)
diff --git a/src/scm/webid-oidc/authorization-endpoint.scm b/src/scm/webid-oidc/authorization-endpoint.scm
index 4f171a2..e859d47 100644
--- a/src/scm/webid-oidc/authorization-endpoint.scm
+++ b/src/scm/webid-oidc/authorization-endpoint.scm
@@ -22,7 +22,6 @@
   #:use-module (webid-oidc client-manifest)
   #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web request)
   #:use-module (web response)
   #:use-module (rnrs bytevectors)
@@ -43,9 +42,7 @@
   (let ((c (crypt password encrypted-password)))
     (string=? c encrypted-password)))
 
-(define* (make-authorization-endpoint subject encrypted-password jwk validity
-                                      #:key
-                                      (http-get http-get))
+(define (make-authorization-endpoint subject encrypted-password jwk)
   (define (parse-arg x decode-plus-to-space?)
     (map (lambda (x) (uri-decode
                       x
@@ -110,8 +107,7 @@
                            jwk
                            #:webid subject
                            #:client-id client-id))
-                    (mf (get-client-manifest client-id
-                                             #:http-get http-get)))
+                    (mf (get-client-manifest client-id)))
                 (client-manifest-check-redirect-uri mf redirect-uri)
                 (let ((query
                        (if state
@@ -135,4 +131,3 @@
                                         (verify-password encrypted-password password)))
                               client-id
                               uri)))))))
-
diff --git a/src/scm/webid-oidc/cache.scm b/src/scm/webid-oidc/cache.scm
index c9d7b26..4bd3e09 100644
--- a/src/scm/webid-oidc/cache.scm
+++ b/src/scm/webid-oidc/cache.scm
@@ -18,13 +18,13 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (webid-oidc web-i18n)
-  #:use-module (web client)
   #:use-module (web request)
   #:use-module (web response)
   #:use-module (web uri)
   #:use-module (ice-9 ftw)
   #:use-module (ice-9 receive)
   #:use-module (ice-9 optargs)
+  #:use-module (ice-9 match)
   #:use-module (srfi srfi-19)
   #:use-module (rnrs bytevectors)
   #:declarative? #t
@@ -36,7 +36,7 @@
    varies?
    valid?
    revalidate
-   with-cache
+   use-cache
    ))
 
 ;; The cache follows the recommendations of
@@ -216,8 +216,7 @@
 
 (define* (revalidate uri response body
                      #:key
-                     (headers '())
-                     (http-get http-get))
+                     (headers '()))
   (define (keep-header? h)
     (case (car h)
       ((if-none-match if-unmodified-since) #f)
@@ -225,10 +224,10 @@
   (let ((etag (response-etag response)))
     (if etag
         (receive (new-response new-response-body)
-            (http-get uri
-                      #:headers
-                      (acons 'if-none-match (list etag)
-                             (filter keep-header? headers)))
+            ((p:anonymous-http-request) uri
+             #:headers
+             `((if-none-match . (,etag))
+               ,@(filter keep-header? headers)))
           (if (eqv? (response-code new-response) 304)
               (values
                (build-response
@@ -245,30 +244,49 @@
                   (response-headers response))))
                body)
               (values new-response new-response-body)))
-        (http-get uri #:headers headers))))
+        ((p:anonymous-http-request) uri #:headers headers))))
 
-(define* (with-cache #:key (http-get http-get))
+(define (with-cache http-get)
   (lambda* (uri #:key (headers '()))
-    (when (string? uri)
-      (set! uri (string->uri uri)))
-    (let ((request (build-request uri #:headers headers)))
-      (receive (stored-request stored-response body) (read uri)
-        (if stored-response
-            (let ((valid (valid? stored-response))
-                  (invariant (not (varies? request stored-request stored-response))))
-              (unless invariant
-                (format (current-error-port)
-                        (G_ "Cache entry for ~a varies.\n")
-                        (uri->string uri)))
-              (if (and valid invariant)
-                  (values stored-response body)
-                  (receive (final-response final-body)
-                      (revalidate uri stored-response body
-                                  #:headers headers
-                                  #:http-get http-get)
-                    (add request final-response final-body)
-                    (values final-response final-body))))
-            (receive (final-response final-body)
-                (http-get uri #:headers headers)
-              (add request final-response final-body)
-              (values final-response final-body)))))))
+    (parameterize ((p:anonymous-http-request http-get))
+      (when (string? uri)
+        (set! uri (string->uri uri)))
+      (let ((request (build-request uri #:headers headers)))
+        (receive (stored-request stored-response body) (read uri)
+          (if stored-response
+              (let ((valid (valid? stored-response))
+                    (invariant (not (varies? request stored-request stored-response))))
+                (unless invariant
+                  (format (current-error-port)
+                          (G_ "Cache entry for ~a varies.\n")
+                          (uri->string uri)))
+                (if (and valid invariant)
+                    (values stored-response body)
+                    (receive (final-response final-body)
+                        (revalidate uri stored-response body
+                                    #:headers headers)
+                      (add request final-response final-body)
+                      (values final-response final-body))))
+              (receive (final-response final-body)
+                  (http-get uri #:headers headers)
+                (add request final-response final-body)
+                (values final-response final-body))))))))
+
+(define (use-cache f)
+  (let ((http-request (p:anonymous-http-request)))
+    (let ((http-get-with-cache (with-cache http-request)))
+      (parameterize
+          ((p:anonymous-http-request
+            (lambda* (uri . all-args)
+              (let try-using-cache ((args all-args)
+                                    (headers #f))
+                (match args
+                  (()
+                   (http-get-with-cache uri #:headers (or headers '())))
+                  ((#:method 'GET args ...)
+                   (try-using-cache args headers))
+                  ((#:headers new-headers args ...)
+                   (try-using-cache args (or headers new-headers)))
+                  (else
+                   (apply http-request uri all-args)))))))
+        (f)))))
diff --git a/src/scm/webid-oidc/catalog.scm b/src/scm/webid-oidc/catalog.scm
index dd24ffb..c85510a 100644
--- a/src/scm/webid-oidc/catalog.scm
+++ b/src/scm/webid-oidc/catalog.scm
@@ -16,10 +16,9 @@
 
 (define-module (webid-oidc catalog)
   #:use-module (webid-oidc errors)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (ice-9 match)
-  #:use-module (web client)
   #:use-module (rnrs bytevectors)
   #:use-module (sxml simple)
   #:use-module (sxml match)
@@ -27,7 +26,7 @@
   #:use-module (ice-9 receive)
   #:use-module (webid-oidc web-i18n)
   #:declarative? #t
-  #:export (resolve-uri))
+  #:export (resolve-uri use-catalog))
 
 (define useful-namespaces  
   '((ct . "urn:oasis:names:tc:entity:xmlns:xml:catalog")
@@ -231,10 +230,10 @@
        match-length
        next-catalogs-rev)))))
 
-(define* (get-catalog uri #:key (http-get http-get))
+(define (get-catalog uri)
   (case (uri-scheme uri)
     ((http https)
-     (receive (response response-body) (http-get uri)
+     (receive (response response-body) ((p:anonymous-http-request) uri)
        (when (bytevector? response-body)
          (set! response-body (utf8->string response-body)))
        (xml->sxml response-body #:namespaces useful-namespaces)))
@@ -246,7 +245,7 @@
      (error (format #f (G_ "Unsupported delegate catalog URI scheme: ~s\n")
                     (uri-scheme uri))))))
 
-(define* (resolve-uri uri #:key (http-get http-get))
+(define (resolve-uri uri)
   (when (string? uri)
     (set! uri (string->uri uri)))
   (let do-examine ((uris
@@ -259,10 +258,17 @@
     (match uris
       (() uri)
       ((catalog-uri uris ...)
-       (let ((catalog (get-catalog catalog-uri
-                                   #:http-get http-get)))
+       (let ((catalog (get-catalog catalog-uri)))
          (receive (candidate match-length next-uris)
              (resolve-uri-in-catalog uri catalog-uri catalog uris)
            (if (null? next-uris)
                candidate
                (do-examine next-uris))))))))
+
+(define (use-catalog f)
+  (let ((http-request (p:anonymous-http-request)))
+    (parameterize ((p:anonymous-http-request
+                    (lambda* (uri . all-args)
+                      (parameterize ((p:anonymous-http-request http-request))
+                        (apply http-request (resolve-uri uri) all-args)))))
+      (f))))
diff --git a/src/scm/webid-oidc/client-manifest.scm b/src/scm/webid-oidc/client-manifest.scm
index 847fc54..7ea4931 100644
--- a/src/scm/webid-oidc/client-manifest.scm
+++ b/src/scm/webid-oidc/client-manifest.scm
@@ -19,8 +19,8 @@
   #:use-module (webid-oidc fetch)
   #:use-module (webid-oidc web-i18n)
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web response)
   #:use-module (rnrs bytevectors)
   #:use-module (srfi srfi-19)
@@ -230,9 +230,7 @@ approved.</p>"))
                                         (expires . ,expiration-date)))
             json-object)))
 
-(define* (get-client-manifest id
-                              #:key
-                              (http-get http-get))
+(define* (get-client-manifest id)
   (unless (uri? id)
     (set! id (string->uri id)))
   (with-exception-handler
@@ -255,7 +253,7 @@ approved.</p>"))
                    "http://www.w3.org/ns/solid/terms#PublicOidcClient"))
           public-oidc-client
           (receive (response response-body)
-              (http-get id)
+              ((p:anonymous-http-request) id)
             (when (bytevector? response-body)
               (set! response-body (utf8->string response-body)))
             (let ((mf (the-client-manifest (stubs:json-string->scm response-body))))
diff --git a/src/scm/webid-oidc/client.scm b/src/scm/webid-oidc/client.scm
index 2c16fb1..7eb8fe3 100644
--- a/src/scm/webid-oidc/client.scm
+++ b/src/scm/webid-oidc/client.scm
@@ -27,7 +27,6 @@
   #:use-module ((webid-oidc client accounts) #:prefix account:)
   #:use-module ((webid-oidc client client) #:prefix client:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web request)
   #:use-module (web response)
   #:use-module (web server)
@@ -54,7 +53,6 @@
    (client:client . client)
    (account:authorization-process . authorization-process)
    (account:authorization-state . authorization-state)
-   (account:anonymous-http-request . anonymous-http-request)
 
    (client:->sexp . ->sexp)
    )
@@ -106,25 +104,9 @@
        ((value port)
         (original-writer value port))))))
 
-(define default-http-get-with-cache
-  (cache:with-cache))
-
-(define* (default-http-request uri . all-args)
-  (let try-get-with-cache ((args all-args))
-    (match args
-      ((#:headers _)
-       (apply default-http-get-with-cache all-args))
-      ((#:headers _ other-args ...)
-       (try-get-with-cache other-args))
-      (else
-       (apply http-request all-args)))))
-
-(define* (initial-login client issuer
-                        #:key
-                        (http-request default-http-request))
+(define* (initial-login client issuer)
   (setup-headers!)
-  (parameterize ((account:anonymous-http-request default-http-request)
-                 (client:client client))
+  (parameterize ((client:client client))
     (make <account:account>
       #:issuer issuer)))
 
@@ -147,7 +129,7 @@
                (authorization . (dpop . ,access-token))
                ,@headers)))
         (receive (response body)
-            (apply (account:anonymous-http-request) uri
+            (apply (p:anonymous-http-request) uri
                    #:headers all-headers
                    non-header-args)
           (let ((code (response-code response)))
diff --git a/src/scm/webid-oidc/client/accounts.scm b/src/scm/webid-oidc/client/accounts.scm
index 7e14000..31d105d 100644
--- a/src/scm/webid-oidc/client/accounts.scm
+++ b/src/scm/webid-oidc/client/accounts.scm
@@ -37,14 +37,9 @@
   #:use-module ((webid-oidc client client) #:prefix client:)
   #:use-module (web uri)
   #:use-module (web response)
-  #:use-module (web client)
   #:use-module (rnrs bytevectors)
   #:use-module (oop goops)
   #:declarative? #t
-  #:re-export
-  (
-   (p:anonymous-http-request . anonymous-http-request)
-   )
   #:export
   (
    <account>
@@ -132,13 +127,6 @@
 (define authorization-state
   (make-parameter #f))
 
-(define (http-request->http-get http-request)
-  (lambda* (uri . all-args)
-    (apply http-request uri #:method 'GET all-args)))
-
-(define (http-get-implementation)
-  (http-request->http-get (p:anonymous-http-request)))
-
 (define-class <account> ()
   (subject #:init-keyword #:subject #:getter subject)
   (issuer #:init-keyword #:issuer #:getter issuer)
@@ -371,8 +359,7 @@
                             decoding-error))))
                     (lambda ()
                       (set! id-token
-                            (decode <id:id-token> id-token
-                                    #:http-request (p:anonymous-http-request)))))
+                            (decode <id:id-token> id-token))))
                   ;; We are not interested in the ID token
                   ;; signature anymore, because it won’t be
                   ;; transmitted to other parties and we know that
diff --git a/src/scm/webid-oidc/client/application.scm b/src/scm/webid-oidc/client/application.scm
index 5839195..d448976 100644
--- a/src/scm/webid-oidc/client/application.scm
+++ b/src/scm/webid-oidc/client/application.scm
@@ -39,7 +39,6 @@
   #:use-module (webid-oidc web-i18n)
   #:use-module (web uri)
   #:use-module (web response)
-  #:use-module (web client)
   #:use-module (rnrs bytevectors)
   #:use-module (oop goops)
   #:declarative? #t
@@ -155,21 +154,6 @@
           ((hd tl ...)
            (apply-finished-jobs (hd state) tl)))))))
 
-(define http-request-with-cache
-  (let ((default-http-get-with-cache (cache:with-cache)))
-    (lambda* (uri . all-args)
-      (let try-get-with-cache ((args all-args)
-                               (args-for-get '()))
-        (match args
-          (()
-           (apply default-http-get-with-cache uri (reverse args-for-get)))
-          ((#:headers arg other-args ...)
-           (try-get-with-cache other-args `(,arg #:headers ,@args-for-get)))
-          ((#:method 'GET other-args ...)
-           (try-get-with-cache other-args args-for-get))
-          (else
-           (apply http-request uri all-args)))))))
-
 (define-method (add-job (state <application-state>) (description <string>) f)
   (let ((job (make <job> #:description description)))
     (call-with-new-thread
@@ -197,25 +181,26 @@
                             (slot-set! ret 'authorization-prompts
                                        `((,uri . ,continue)
                                          ,@(authorization-prompts previous-state)))
-                            ret))))))
-                  (account:anonymous-http-request http-request-with-cache))
-               (with-exception-handler
-                   (lambda (exn)
-                     (let ((msg (if (exception-with-message? exn)
-                                    (exception-message exn)
-                                    (format #f "~s" exn))))
-                       (abort-to-prompt
-                        tag
-                        (lambda (_)
-                          ;; We won’t continue, but we will show the error message
-                          (lambda (previous-state)
-                            (let ((ret (shallow-clone previous-state)))
-                              (slot-set! ret 'error-messages
-                                         `(,msg ,@(error-messages previous-state)))
-                              ret))))))
-                 (lambda ()
-                   (let ((updater (f)))
-                     (atomic-box-set! (result-box job) updater))))))
+                            ret)))))))
+               (cache:use-cache
+                (lambda ()
+                  (with-exception-handler
+                      (lambda (exn)
+                        (let ((msg (if (exception-with-message? exn)
+                                       (exception-message exn)
+                                       (format #f "~s" exn))))
+                          (abort-to-prompt
+                           tag
+                           (lambda (_)
+                             ;; We won’t continue, but we will show the error message
+                             (lambda (previous-state)
+                               (let ((ret (shallow-clone previous-state)))
+                                 (slot-set! ret 'error-messages
+                                            `(,msg ,@(error-messages previous-state)))
+                                 ret))))))
+                    (lambda ()
+                      (let ((updater (f)))
+                        (atomic-box-set! (result-box job) updater))))))))
            (lambda (continuation get-updater)
              (atomic-box-set! (result-box job) (get-updater continuation)))))))
     (let ((ret (shallow-clone state)))
diff --git a/src/scm/webid-oidc/client/client.scm b/src/scm/webid-oidc/client/client.scm
index 01f8da1..3d02630 100644
--- a/src/scm/webid-oidc/client/client.scm
+++ b/src/scm/webid-oidc/client/client.scm
@@ -26,7 +26,6 @@
   #:use-module ((webid-oidc config) #:prefix cfg:)
   #:use-module ((webid-oidc client accounts) #:prefix client:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web request)
   #:use-module (web response)
   #:use-module (web server)
diff --git a/src/scm/webid-oidc/client/gui.scm b/src/scm/webid-oidc/client/gui.scm
index c0d0767..97e9d0e 100644
--- a/src/scm/webid-oidc/client/gui.scm
+++ b/src/scm/webid-oidc/client/gui.scm
@@ -36,7 +36,6 @@
   #:use-module ((webid-oidc client client) #:prefix client:)
   #:use-module (web uri)
   #:use-module (web response)
-  #:use-module (web client)
   #:use-module (rnrs bytevectors)
   #:use-module (oop goops)
   #:declarative? #t
diff --git a/src/scm/webid-oidc/dpop-proof.scm b/src/scm/webid-oidc/dpop-proof.scm
index 318ebb8..c492436 100644
--- a/src/scm/webid-oidc/dpop-proof.scm
+++ b/src/scm/webid-oidc/dpop-proof.scm
@@ -136,7 +136,7 @@
   (ath #:init-keyword #:ath #:accessor ath))
 
 (define-method (default-validity (proof <dpop-proof>))
-  30)
+  (p:dpop-proof-validity))
 
 (define-method (has-explicit-exp? (proof <dpop-proof>))
   #f)
@@ -158,6 +158,12 @@
           error)))
     (lambda ()
       (next-method)
+      ;; Override the validity
+      (slot-set! token 'exp
+                 (let ((iat (time-second (date->time-utc (iat token)))))
+                   (time-utc->date
+                    (make-time time-utc 0
+                               (+ iat (p:dpop-proof-validity))))))
       (let-keywords
        initargs #t
        ((typ "dpop+jwt")
diff --git a/src/scm/webid-oidc/errors.scm b/src/scm/webid-oidc/errors.scm
index 4e24659..aabb6ea 100644
--- a/src/scm/webid-oidc/errors.scm
+++ b/src/scm/webid-oidc/errors.scm
@@ -22,7 +22,6 @@
   #:use-module (srfi srfi-19)
   #:use-module (web uri)
   #:use-module (web response)
-  #:use-module (web client)
   #:declarative? #t
   #:export
   (
diff --git a/src/scm/webid-oidc/example-app.scm b/src/scm/webid-oidc/example-app.scm
index 67d959f..fb12431 100644
--- a/src/scm/webid-oidc/example-app.scm
+++ b/src/scm/webid-oidc/example-app.scm
@@ -23,7 +23,6 @@
   #:use-module ((webid-oidc refresh-token) #:prefix refresh:)
   #:use-module ((webid-oidc config) #:prefix cfg:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web request)
   #:use-module (web response)
   #:use-module (web server)
@@ -301,23 +300,11 @@
                   (uri->string uri))
           (format (current-error-port) (G_ "Then, paste the authorization code you get:\n"))
           (read-line (current-input-port) 'trim)))
-       (client:authorization-state #f)
-       (client:anonymous-http-request
-        (let ((default-http-get-with-cache (cache:with-cache)))
-          (lambda* (uri . all-args)
-            (let try-get-with-cache ((args all-args)
-                                     (args-for-get '()))
-              (match args
-                (()
-                 (apply default-http-get-with-cache uri (reverse args-for-get)))
-                ((#:headers arg other-args ...)
-                 (try-get-with-cache other-args `(,arg #:headers ,@args-for-get)))
-                ((#:method 'GET other-args ...)
-                 (try-get-with-cache other-args args-for-get))
-                (else
-                 (apply http-request uri all-args))))))))
-    (let menu ((state (make <undoable-app-state>)))
-      (format #t (G_ "Account: ~a
+       (client:authorization-state #f))
+    (cache:use-cache
+     (lambda ()
+       (let menu ((state (make <undoable-app-state>)))
+         (format #t (G_ "Account: ~a
 URI: ~a
 Method: ~a
 Headers: ~a
@@ -333,138 +320,138 @@ Available commands:
   - ~a: perform the request.
 
 ")
-              (let ((acct (app-state-account (current-state state))))
-                (if acct
-                    (account-summary acct)
-                    (G_ "Account:|unset")))
-              (let ((uri (app-state-uri (current-state state))))
-                (if uri
-                    (uri->string uri)
-                    (G_ "URI:|unset")))
-              (let ((method (app-state-method (current-state state))))
-                (if method
-                    (symbol->string method)
-                    (G_ "Method:|unset")))
-              (let ((headers (app-state-headers (current-state state))))
-                (if (null? headers)
-                    (G_ "Headers:|none")
-                    (string-join
-                     (map (match-lambda ((header . _) (symbol->string header)))
-                          headers)
-                     (G_ "list separator|, "))))
-              add-account-command
-              choose-account-command
-              set-uri-command
-              set-method-command
-              view-headers-command
-              clear-headers-command
-              add-header-command
-              ok-command)
-      (when (can-undo? state)
-        (format #t (G_ "You can undo your last command with \"~a\".\n") undo-command))
-      (when (can-redo? state)
-        (format #t (G_ "You can re-apply your last undone command with \"~a\".\n") redo-command))
-      (let ((command (readline (G_ "Readline prompt|Command: "))))
-        (if (eof-object? command)
-            (exit 0)
-            (with-exception-handler
-                (lambda (exn)
-                  (if (exception-with-message? exn)
-                      (begin
-                        (format #t (G_ "An error happened: ~a.\n")
-                                (exception-message exn))
-                        (menu state))
-                      (raise-exception exn)))
-              (lambda ()
-                (cond
-                 ((equal? command add-account-command)
-                  (let ((identity-provider
-                         (with-sigint-handler
-                          (lambda ()
-                            (menu state))
-                          (lambda ()
-                            (readline (G_ "Please enter your identity provider: "))))))
-                    (menu (add-account state (make <account:account> #:issuer identity-provider)))))
-                 ((equal? command choose-account-command)
-                  (let ((accounts (enumerate-accounts state)))
-                    (if (null? accounts)
-                        (begin
-                          (format #t (G_ "You don’t have other accounts available. Please add one with \"add-account\".\n"))
-                          (menu state))
-                        (begin
-                          (let enumerate-accounts ((accounts accounts))
-                            (match accounts
-                              (((i . account) rest ...)
-                               (format #t (G_ "- ~a: ~a\n") i (account-summary account))
-                               (enumerate-accounts rest))
-                              (() #t)))
-                          (with-sigint-handler
-                           (lambda ()
+                 (let ((acct (app-state-account (current-state state))))
+                   (if acct
+                       (account-summary acct)
+                       (G_ "Account:|unset")))
+                 (let ((uri (app-state-uri (current-state state))))
+                   (if uri
+                       (uri->string uri)
+                       (G_ "URI:|unset")))
+                 (let ((method (app-state-method (current-state state))))
+                   (if method
+                       (symbol->string method)
+                       (G_ "Method:|unset")))
+                 (let ((headers (app-state-headers (current-state state))))
+                   (if (null? headers)
+                       (G_ "Headers:|none")
+                       (string-join
+                        (map (match-lambda ((header . _) (symbol->string header)))
+                             headers)
+                        (G_ "list separator|, "))))
+                 add-account-command
+                 choose-account-command
+                 set-uri-command
+                 set-method-command
+                 view-headers-command
+                 clear-headers-command
+                 add-header-command
+                 ok-command)
+         (when (can-undo? state)
+           (format #t (G_ "You can undo your last command with \"~a\".\n") undo-command))
+         (when (can-redo? state)
+           (format #t (G_ "You can re-apply your last undone command with \"~a\".\n") redo-command))
+         (let ((command (readline (G_ "Readline prompt|Command: "))))
+           (if (eof-object? command)
+               (exit 0)
+               (with-exception-handler
+                   (lambda (exn)
+                     (if (exception-with-message? exn)
+                         (begin
+                           (format #t (G_ "An error happened: ~a.\n")
+                                   (exception-message exn))
+                           (menu state))
+                         (raise-exception exn)))
+                 (lambda ()
+                   (cond
+                    ((equal? command add-account-command)
+                     (let ((identity-provider
+                            (with-sigint-handler
+                             (lambda ()
+                               (menu state))
+                             (lambda ()
+                               (readline (G_ "Please enter your identity provider: "))))))
+                       (menu (add-account state (make <account:account> #:issuer identity-provider)))))
+                    ((equal? command choose-account-command)
+                     (let ((accounts (enumerate-accounts state)))
+                       (if (null? accounts)
+                           (begin
+                             (format #t (G_ "You don’t have other accounts available. Please add one with \"add-account\".\n"))
                              (menu state))
-                           (lambda ()
-                             (let ((choice (string->number
-                                            (readline (format #f (G_ "[1-~a] ")
-                                                              (length accounts))))))
-                               (menu (choose-account state choice)))))))))
-                 ((equal? command set-uri-command)
-                  (with-sigint-handler
-                   (lambda ()
-                     (menu state))
-                   (lambda ()
-                     (menu (set-uri state (readline (G_ "Visit this URI: ")))))))
-                 ((equal? command set-method-command)
-                  (with-sigint-handler
-                   (lambda ()
-                     (menu state))
-                   (lambda ()
-                     (let ((method (readline (G_ "Use this HTTP method [GET]: "))))
-                       (when (equal? method "")
-                         (set! method "GET"))
-                       (menu (set-method state method))))))
-                 ((equal? command view-headers-command)
-                  (write-headers (app-state-headers (current-state state))
-                                 (current-output-port))
-                  (newline)
-                  (menu state))
-                 ((equal? command clear-headers-command)
-                  (menu (clear-headers state)))
-                 ((equal? command add-header-command)
-                  (with-sigint-handler
-                   (lambda ()
+                           (begin
+                             (let enumerate-accounts ((accounts accounts))
+                               (match accounts
+                                 (((i . account) rest ...)
+                                  (format #t (G_ "- ~a: ~a\n") i (account-summary account))
+                                  (enumerate-accounts rest))
+                                 (() #t)))
+                             (with-sigint-handler
+                              (lambda ()
+                                (menu state))
+                              (lambda ()
+                                (let ((choice (string->number
+                                               (readline (format #f (G_ "[1-~a] ")
+                                                                 (length accounts))))))
+                                  (menu (choose-account state choice)))))))))
+                    ((equal? command set-uri-command)
+                     (with-sigint-handler
+                      (lambda ()
+                        (menu state))
+                      (lambda ()
+                        (menu (set-uri state (readline (G_ "Visit this URI: ")))))))
+                    ((equal? command set-method-command)
+                     (with-sigint-handler
+                      (lambda ()
+                        (menu state))
+                      (lambda ()
+                        (let ((method (readline (G_ "Use this HTTP method [GET]: "))))
+                          (when (equal? method "")
+                            (set! method "GET"))
+                          (menu (set-method state method))))))
+                    ((equal? command view-headers-command)
+                     (write-headers (app-state-headers (current-state state))
+                                    (current-output-port))
+                     (newline)
                      (menu state))
-                   (lambda ()
-                     (let ((header (string-downcase (readline (G_ "Which header? ")))))
-                       (let ((value
-                              (readline
-                               (format #f (G_ "Which header value for ~a? ")
-                                       header))))
-                         (menu (add-header state header value)))))))
-                 ((equal? command ok-command)
-                  (receive (account uri)
-                      (let ((state (current-state state)))
-                        (values
-                         (app-state-account state)
-                         (app-state-uri state)))
-                    (if (and account uri)
-                        (receive (account response body)
-                            (client:request (app-state-account (current-state state))
-                                            (app-state-uri (current-state state))
-                                            #:method (app-state-method (current-state state))
-                                            #:headers (app-state-headers (current-state state)))
-                          (let ((ready-to-write-body
-                                 (write-response response (current-output-port))))
-                            (unless (response-must-not-include-body? ready-to-write-body)
-                              (write-response-body ready-to-write-body
-                                                   (if (string? body)
-                                                       (string->utf8 body)
-                                                       body)))
-                            (newline)))
-                        (format #t (G_ "Please define an account and the URI.\n")))
-                    (menu state)))
-                 ((equal? command undo-command)
-                  (menu (undo state)))
-                 ((equal? command redo-command)
-                  (menu (redo state)))
-                 (else
-                  (format #t (G_ "I don’t know that command.\n"))
-                  (menu state))))))))))
+                    ((equal? command clear-headers-command)
+                     (menu (clear-headers state)))
+                    ((equal? command add-header-command)
+                     (with-sigint-handler
+                      (lambda ()
+                        (menu state))
+                      (lambda ()
+                        (let ((header (string-downcase (readline (G_ "Which header? ")))))
+                          (let ((value
+                                 (readline
+                                  (format #f (G_ "Which header value for ~a? ")
+                                          header))))
+                            (menu (add-header state header value)))))))
+                    ((equal? command ok-command)
+                     (receive (account uri)
+                         (let ((state (current-state state)))
+                           (values
+                            (app-state-account state)
+                            (app-state-uri state)))
+                       (if (and account uri)
+                           (receive (account response body)
+                               (client:request (app-state-account (current-state state))
+                                               (app-state-uri (current-state state))
+                                               #:method (app-state-method (current-state state))
+                                               #:headers (app-state-headers (current-state state)))
+                             (let ((ready-to-write-body
+                                    (write-response response (current-output-port))))
+                               (unless (response-must-not-include-body? ready-to-write-body)
+                                 (write-response-body ready-to-write-body
+                                                      (if (string? body)
+                                                          (string->utf8 body)
+                                                          body)))
+                               (newline)))
+                           (format #t (G_ "Please define an account and the URI.\n")))
+                       (menu state)))
+                    ((equal? command undo-command)
+                     (menu (undo state)))
+                    ((equal? command redo-command)
+                     (menu (redo state)))
+                    (else
+                     (format #t (G_ "I don’t know that command.\n"))
+                     (menu state))))))))))))
diff --git a/src/scm/webid-oidc/fetch.scm b/src/scm/webid-oidc/fetch.scm
index aed4512..e18cc60 100644
--- a/src/scm/webid-oidc/fetch.scm
+++ b/src/scm/webid-oidc/fetch.scm
@@ -16,12 +16,12 @@
 
 (define-module (webid-oidc fetch)
   #:use-module (webid-oidc web-i18n)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (ice-9 optargs)
   #:use-module (ice-9 receive)
   #:use-module (ice-9 match)
   #:use-module (ice-9 exceptions)
   #:use-module (rnrs bytevectors)
-  #:use-module (web client)
   #:use-module (web request)
   #:use-module (web response)
   #:use-module (web uri)
@@ -49,7 +49,7 @@
   cannot-fetch-linked-data?
   (uri cannot-fetch-linked-data-uri))
 
-(define* (fetch uri #:key (http-get http-get))
+(define (fetch uri)
   (unless (uri? uri)
     (set! uri (string->uri uri)))
   (with-exception-handler
@@ -68,8 +68,8 @@
             error))))
     (lambda ()
       (receive (response response-body)
-          (http-get uri
-                    #:headers `((accept (text/turtle application/n-quads application/ld+json))))
+          ((p:anonymous-http-request) uri
+           #:headers `((accept (text/turtle application/n-quads application/ld+json))))
         (with-exception-handler
             (lambda (error)
               (let ((final-message
diff --git a/src/scm/webid-oidc/identity-provider.scm b/src/scm/webid-oidc/identity-provider.scm
index 46de33c..de56228 100644
--- a/src/scm/webid-oidc/identity-provider.scm
+++ b/src/scm/webid-oidc/identity-provider.scm
@@ -27,7 +27,6 @@
   #:use-module (web request)
   #:use-module (web response)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web server)
   #:use-module (webid-oidc cache)
   #:use-module (ice-9 optargs)
@@ -62,9 +61,7 @@
           encrypted-password
           jwks-uri
           authorization-endpoint-uri
-          token-endpoint-uri
-          #:key
-          (http-get http-get))
+          token-endpoint-uri)
   (let ((key
          (catch #t
            (lambda ()
@@ -82,10 +79,9 @@
                   (stubs:scm->json (key->jwk k) port #:pretty #t)))
                k)))))
     (let ((authorization-endpoint
-           (make-authorization-endpoint subject encrypted-password key 120
-                                        #:http-get http-get))
+           (make-authorization-endpoint subject encrypted-password key))
           (token-endpoint
-           (make-token-endpoint token-endpoint-uri issuer key 3600))
+           (make-token-endpoint token-endpoint-uri issuer key))
           (openid-configuration
            (make <oidc-configuration>
              #:jwks-uri jwks-uri
diff --git a/src/scm/webid-oidc/jwk.scm b/src/scm/webid-oidc/jwk.scm
index f1078aa..9dae649 100644
--- a/src/scm/webid-oidc/jwk.scm
+++ b/src/scm/webid-oidc/jwk.scm
@@ -16,6 +16,7 @@
 
 (define-module (webid-oidc jwk)
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (webid-oidc errors)
   #:use-module (webid-oidc web-i18n)
   #:use-module (ice-9 receive)
@@ -25,7 +26,6 @@
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-19)
   #:use-module (web response)
-  #:use-module (web client)
   #:use-module (rnrs bytevectors)
   #:use-module (oop goops)
   #:use-module (sxml match)
@@ -495,8 +495,8 @@
        . ,(list->vector
            (map key->jwk (keys jwks))))))))
 
-(define* (get-jwks uri #:key (http-request http-request))
-  (receive (response response-body) (http-request uri)
+(define (get-jwks uri)
+  (receive (response response-body) ((p:anonymous-http-request) uri)
     (with-exception-handler
         (lambda (error)
           (raise-exception
diff --git a/src/scm/webid-oidc/jws.scm b/src/scm/webid-oidc/jws.scm
index bfb941f..e0eba54 100644
--- a/src/scm/webid-oidc/jws.scm
+++ b/src/scm/webid-oidc/jws.scm
@@ -225,7 +225,7 @@
 
 (define-method (default-validity (token <oidc-token>))
   (let ((next (next-method))
-        (mine 3600))
+        (mine (p:oidc-token-default-validity)))
     (if (and next (< next mine))
         next
         mine)))
@@ -264,7 +264,7 @@
 
 (define-method (default-validity (token <single-use-token>))
   (let ((next (next-method))
-        (mine 120))
+        (mine (p:authorization-code-default-validity)))
     (if (and next (< next mine))
         next
         mine)))
@@ -470,43 +470,37 @@
     #:neutral (list '())))
 
 (define-method (lookup-keys (token <oidc-token>) args)
-  (let-keywords
-   args #f
-   ((http-request (p:anonymous-http-request)))
-   (let ((iss (iss token)))
-     (let ((cfg
-            (with-exception-handler
-                (lambda (error)
-                  (let ((final-message
-                         (if (exception-with-message? error)
-                             (format #f (G_ "I cannot query the identity provider configuration: ~a")
-                                     (exception-message error))
-                             (format #f (G_ "I cannot query the identity provider configuration")))))
-                    (raise-exception
-                     (make-exception
-                      (make-cannot-query-identity-provider iss)
-                      (make-exception-with-message final-message)
-                      error))))
-              (lambda ()
-                (make <oidc-configuration>
-                  #:server iss
-                  #:http-request http-request)))))
-       (with-exception-handler
-           (lambda (error)
-             (raise-exception
-              (make-exception
-               (make-cannot-query-identity-provider iss)
-               (make-exception-with-message
-                (if (exception-with-message? error)
-                    (format #f (G_ "I cannot query the JWKS URI of the identity provider: ~a")
-                            (exception-message error))
-                    (format #f (G_ "I cannot query the JWKS URI of the identity provider")))))))
-         (lambda ()
-           (append
-               (keys (next-method))
-               (keys
-                (parameterize ((p:anonymous-http-request http-request))
-                  (jwks cfg))))))))))
+  (let ((iss (iss token)))
+    (let ((cfg
+           (with-exception-handler
+               (lambda (error)
+                 (let ((final-message
+                        (if (exception-with-message? error)
+                            (format #f (G_ "I cannot query the identity provider configuration: ~a")
+                                    (exception-message error))
+                            (format #f (G_ "I cannot query the identity provider configuration")))))
+                   (raise-exception
+                    (make-exception
+                     (make-cannot-query-identity-provider iss)
+                     (make-exception-with-message final-message)
+                     error))))
+             (lambda ()
+               (make <oidc-configuration>
+                 #:server iss)))))
+      (with-exception-handler
+          (lambda (error)
+            (raise-exception
+             (make-exception
+              (make-cannot-query-identity-provider iss)
+              (make-exception-with-message
+               (if (exception-with-message? error)
+                   (format #f (G_ "I cannot query the JWKS URI of the identity provider: ~a")
+                           (exception-message error))
+                   (format #f (G_ "I cannot query the JWKS URI of the identity provider")))))))
+        (lambda ()
+          (append
+           (keys (next-method))
+           (keys (jwks cfg))))))))
 
 (define verify
   (make <generic-with-default>
diff --git a/src/scm/webid-oidc/oidc-configuration.scm b/src/scm/webid-oidc/oidc-configuration.scm
index 0a776d1..d0d1e20 100644
--- a/src/scm/webid-oidc/oidc-configuration.scm
+++ b/src/scm/webid-oidc/oidc-configuration.scm
@@ -21,7 +21,6 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web response)
   #:use-module (rnrs bytevectors)
   #:use-module (srfi srfi-19)
@@ -67,8 +66,7 @@
     (token-endpoint #f)
     (solid-oidc-supported "https://solidproject.org/TR/solid-oidc")
     (json-data #f)
-    (server #f)
-    (http-request (p:anonymous-http-request)))
+    (server #f))
    (let do-initialize ((jwks-uri jwks-uri)
                        (authorization-endpoint authorization-endpoint)
                        (token-endpoint token-endpoint)
@@ -150,7 +148,7 @@
                          #:host (uri-host server)
                          #:port (uri-port server)
                          #:path "/.well-known/openid-configuration")))
-         (receive (response response-body) (http-request discovery-uri)
+         (receive (response response-body) ((p:anonymous-http-request) discovery-uri)
            (with-exception-handler
                (lambda (error)
                  (raise-exception
@@ -184,7 +182,7 @@
         (make-exception
          (make-invalid-oidc-configuratin)
          (make-exception-with-message
-          (G_ "when making an OIDC configuration, either its required #:jwks-uri, #:authorization-endpoint and #:token-endpoint fields or #:server (and optionally #:http-request) or #:json-data should be passed")))))))))
+          (G_ "when making an OIDC configuration, either its required #:jwks-uri, #:authorization-endpoint and #:token-endpoint fields or #:server or #:json-data should be passed")))))))))
 
 (define-method (->json-data (cfg <oidc-configuration>))
   `((jwks_uri . ,(uri->string (jwks-uri cfg)))
@@ -198,4 +196,4 @@
           (stubs:scm->json-string (->json-data cfg))))
 
 (define-method (jwks (cfg <oidc-configuration>))
-  (get-jwks (jwks-uri cfg) #:http-request (p:anonymous-http-request)))
+  (get-jwks (jwks-uri cfg)))
diff --git a/src/scm/webid-oidc/oidc-id-token.scm b/src/scm/webid-oidc/oidc-id-token.scm
index a33351b..19e22d7 100644
--- a/src/scm/webid-oidc/oidc-id-token.scm
+++ b/src/scm/webid-oidc/oidc-id-token.scm
@@ -23,7 +23,6 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (ice-9 optargs)
   #:use-module (ice-9 exceptions)
   #:use-module (ice-9 match)
diff --git a/src/scm/webid-oidc/parameters.scm b/src/scm/webid-oidc/parameters.scm
index 7d10798..df879ef 100644
--- a/src/scm/webid-oidc/parameters.scm
+++ b/src/scm/webid-oidc/parameters.scm
@@ -17,7 +17,16 @@
 (define-module (webid-oidc parameters)
   #:use-module (srfi srfi-19)
   #:use-module (web client)
-  #:export (data-home cache-home current-date anonymous-http-request)
+  #:export
+  (
+   data-home
+   cache-home
+   current-date
+   authorization-code-default-validity
+   oidc-token-default-validity
+   dpop-proof-validity
+   anonymous-http-request
+   )
   #:declarative? #t)
 
 (define data-home
@@ -52,3 +61,12 @@
 
 (define anonymous-http-request
   (make-parameter http-request))
+
+(define authorization-code-default-validity
+  (make-parameter 120))
+
+(define oidc-token-default-validity
+  (make-parameter 3600))
+
+(define dpop-proof-validity
+  (make-parameter 30))
diff --git a/src/scm/webid-oidc/program.scm b/src/scm/webid-oidc/program.scm
index 760734e..00c929a 100644
--- a/src/scm/webid-oidc/program.scm
+++ b/src/scm/webid-oidc/program.scm
@@ -43,48 +43,52 @@
   #:use-module (web uri)
   #:use-module (web request)
   #:use-module (web response)
-  #:use-module (web client)
   #:use-module (webid-oidc cache)
   #:use-module (web server))
 
 (define logging-mutex (make-mutex))
 
-(define* (http-get-with-log uri #:key (headers '()))
-  (define date (date->string (time-utc->date (current-time))))
-  (define uri-string (if (uri? uri) (uri->string uri) uri))
-  (with-mutex logging-mutex
-    (when (getenv "XML_CATALOG_FILES")
-      (format (current-error-port) (G_ "~a: Warning: XML_CATALOG_FILES is set to ~s.\n")
-              date
-              (getenv "XML_CATALOG_FILES")))
-    (format (current-error-port) (G_ "~a: GET ~a ~s...\n")
-            date uri-string headers))
-  (set! uri (resolve-uri uri
-                         #:http-get
-                         (lambda* (uri . args)
-                           (with-mutex logging-mutex
-                             (format (current-error-port)
-                                     (G_ "~a: Warning: loading XML catalog from the web, ~s.\n")
-                                     date
-                                     (uri->string uri)))
-                           (apply http-get uri args))))
-  (receive (response response-body)
-      (in-another-thread
-       (http-get uri #:headers headers))
-    (with-mutex logging-mutex
-      (format (current-error-port) (G_ "~a: GET ~a ~s: ~s ~a bytes\n")
-              date uri-string headers response
-              (cond
-               ((bytevector? response-body)
-                (bytevector-length response-body))
-               ((string? response-body)
-                (string-length response-body))
-               (else 0))))
-    (values response response-body)))
+(define (use-logging-request f)
+  (let ((backend (p:anonymous-http-request)))
+    (parameterize
+        ((p:anonymous-http-request
+          (lambda* (uri . all-args)
+            (define date (date->string (time-utc->date (current-time))))
+            (define uri-string (if (uri? uri) (uri->string uri) uri))
+            (let-keywords
+             all-args #t
+             ((headers '())
+              (method 'GET))
+             (with-mutex logging-mutex
+               (when (getenv "XML_CATALOG_FILES")
+                 (format (current-error-port) (G_ "~a: Warning: XML_CATALOG_FILES is set to ~s.\n")
+                         date
+                         (getenv "XML_CATALOG_FILES")))
+               (format (current-error-port) (G_ "~a: ~s ~a ~s...\n")
+                       date method uri-string headers))
+             (receive (response response-body)
+                 (in-another-thread
+                  (apply backend uri all-args))
+               (with-mutex logging-mutex
+                 (format (current-error-port) (G_ "~a: ~s ~a ~s: ~s ~a bytes\n")
+                         date method uri-string headers response
+                         (cond
+                          ((bytevector? response-body)
+                           (bytevector-length response-body))
+                          ((string? response-body)
+                           (string-length response-body))
+                          (else 0))))
+               (values response response-body))))))
+      (f))))
 
-(define cache-http-get
-  (with-cache
-   #:http-get http-get-with-log))
+(define (setup-http-request f)
+  (use-cache
+   (lambda ()
+     (use-catalog
+      (lambda ()
+        (use-logging-request
+         (lambda ()
+           (f))))))))
 
 (define (request-ip-address request)
   ;; The IP address of the remote end
@@ -216,7 +220,7 @@
       (serve-one-client* handler implementation server state)
       (lp))))
 
-(define-public (main)
+(define (inner-main)
   (setvbuf (current-output-port) 'none)
   (setvbuf (current-error-port) 'none)
   (setlocale LC_ALL "")
@@ -724,7 +728,6 @@ Rreleased ~a\n")
                   complete-corresponding-source
                   (make-reverse-proxy
                    #:server-uri server-name
-                   #:http-get cache-http-get
                    #:endpoint backend-uri
                    #:auth-header header))
                  'http
@@ -762,8 +765,7 @@ Rreleased ~a\n")
                 (let ((handler
                        (make-identity-provider
                         server-name key-file subject encrypted-password jwks-uri
-                        authorization-endpoint-uri token-endpoint-uri
-                        #:http-get cache-http-get)))
+                        authorization-endpoint-uri token-endpoint-uri)))
                   (run-server*
                    (handler-with-log
                     (option-ref options log-file-sym #f)
@@ -844,14 +846,11 @@ Rreleased ~a\n")
                               (let ((value (assq-ref (request-headers request) header)))
                                 (and value (string->uri value)))))
                           (make-authenticator
-                           #:server-uri server-name
-                           #:http-get cache-http-get))
-                      #:http-get cache-http-get))
+                           #:server-uri server-name))))
                     (identity-provider-handler
                      (make-identity-provider
                       server-name key-file subject encrypted-password jwks-uri
-                      authorization-endpoint-uri token-endpoint-uri
-                      #:http-get cache-http-get)))
+                      authorization-endpoint-uri token-endpoint-uri)))
                 (create-root server-name subject)
                 (run-server*
                  (handler-with-log
@@ -872,3 +871,6 @@ Rreleased ~a\n")
               (format (current-error-port) (G_ "Unknown command ~s\n")
                       command)
               (exit 1))))))))))
+
+(define-public (main)
+  (setup-http-request inner-main))
diff --git a/src/scm/webid-oidc/provider-confirmation.scm b/src/scm/webid-oidc/provider-confirmation.scm
index c0d7ea8..e46663e 100644
--- a/src/scm/webid-oidc/provider-confirmation.scm
+++ b/src/scm/webid-oidc/provider-confirmation.scm
@@ -17,8 +17,8 @@
 (define-module (webid-oidc provider-confirmation)
   #:use-module (webid-oidc errors)
   #:use-module (webid-oidc fetch)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web response)
   #:use-module (rnrs bytevectors)
   #:use-module (srfi srfi-19)
@@ -81,9 +81,7 @@
                                         (expires . ,expiration-date)))
             resource)))
 
-(define* (get-provider-confirmations subject
-                                     #:key
-                                     (http-get http-get))
+(define (get-provider-confirmations subject)
   (unless (equal? (uri-scheme subject) 'https)
     (set! subject (build-uri 'https
                              #:userinfo (uri-userinfo subject)
@@ -92,19 +90,16 @@
                              #:path (uri-path subject)
                              #:query (uri-query subject)
                              #:fragment (uri-fragment subject))))
-  (let ((graph (fetch subject #:http-get http-get)))
+  (let ((graph (fetch subject)))
     (cons (build-uri 'https
                      #:userinfo (uri-userinfo subject)
                      #:host (uri-host subject)
                      #:port (uri-port subject))
           (find-confirmations (uri->string subject) graph))))
 
-(define* (confirm-provider subject issuer
-                           #:key (http-get http-get))
+(define (confirm-provider subject issuer)
   (unless (string=? (uri-host subject) (uri-host issuer))
-    (let search ((providers (get-provider-confirmations
-                             subject
-                             #:http-get http-get)))
+    (let search ((providers (get-provider-confirmations subject)))
       (match providers
         (()
          (let ((final-message
diff --git a/src/scm/webid-oidc/resource-server.scm b/src/scm/webid-oidc/resource-server.scm
index bae9db9..50e5b64 100644
--- a/src/scm/webid-oidc/resource-server.scm
+++ b/src/scm/webid-oidc/resource-server.scm
@@ -36,7 +36,6 @@
   #:use-module (web response)
   #:use-module (web uri)
   #:use-module (web server)
-  #:use-module (web client)
   #:use-module (ice-9 optargs)
   #:use-module (ice-9 receive)
   #:use-module (webid-oidc web-i18n)
@@ -54,9 +53,7 @@
    make-resource-server
    ))
 
-(define* (make-authenticator #:key
-                             (server-uri #f)
-                             (http-get http-get))
+(define* (make-authenticator #:key (server-uri #f))
   (unless (and server-uri (uri? server-uri))
     (fail (G_ "You need to pass #:server-uri URI where URI is the public URI of the server, as a (web uri).")))
   (lambda (request request-body)
@@ -106,18 +103,7 @@
                              (('dpop . (? string? string-value))
                               string-value)))
                           (access-token
-                           (decode <access-token> lit-access-token
-                                   #:http-request
-                                   (lambda* (uri . args)
-                                     (let without-method ((remaining-args args)
-                                                          (kept-args '()))
-                                       (match remaining-args
-                                         (() (apply http-get uri (reverse kept-args)))
-                                         ((#:method 'GET remaining-args ...)
-                                          (without-method remaining-args kept-args))
-                                         (((? keyword? key) value remaining-args ...)
-                                          (without-method remaining-args
-                                                          `(,value ,key ,@kept-args))))))))
+                           (decode <access-token> lit-access-token))
                           (cnf/jkt (cnf/jkt access-token))
                           (dpop-proof
                            (decode <dpop-proof> dpop
@@ -127,7 +113,7 @@
                                    #:access-token lit-access-token)))
                      (let ((subject (webid access-token))
                            (issuer (iss access-token)))
-                       (confirm-provider subject issuer #:http-get http-get)
+                       (confirm-provider subject issuer)
                        subject)))
                  #:unwind? #t)))))))
 
@@ -196,16 +182,14 @@
           #:key
           (server-uri #f)
           (owner #f)
-          (authenticator #f)
-          (http-get http-get))
+          (authenticator #f))
   (unless owner
     (fail (G_ "The owner is not defined.")))
   (declare-link-header!)
   (unless authenticator
     (set! authenticator
           (make-authenticator
-           #:server-uri server-uri
-           #:http-get http-get)))
+           #:server-uri server-uri)))
   (lambda (request request-body)
     (parameterize ((p:current-date ((p:current-date))) ;; Fix the date
                    (web-locale request))
@@ -217,8 +201,7 @@
                ((GET HEAD OPTIONS)
                 (receive (headers content)
                     (ldp:read server-uri owner user
-                              (uri-path (request-uri request))
-                              #:http-get http-get)
+                              (uri-path (request-uri request)))
                   (let ((true-content-type
                          (car (assq-ref headers 'content-type)))
                         (other-headers
@@ -255,8 +238,7 @@
                                             (request-if-match request)
                                             (request-if-none-match request)
                                             content-type
-                                            content
-                                            #:http-get http-get)
+                                            content)
                                . #f))))
                    ""
                    user)))
@@ -278,16 +260,14 @@
                                                  types
                                                  (assq-ref (request-headers request) 'slug)
                                                  content-type
-                                                 content
-                                                 #:http-get http-get))))
+                                                 content))))
                      ""
                      user))))
                ((DELETE)
                 (ldp:delete server-uri owner user
                             (uri-path (request-uri request))
                             (request-if-match request)
-                            (request-if-none-match request)
-                            #:http-get http-get)
+                            (request-if-none-match request))
                 (return
                  (build-response)
                  ""
diff --git a/src/scm/webid-oidc/reverse-proxy.scm b/src/scm/webid-oidc/reverse-proxy.scm
index 30e6d48..ee4878e 100644
--- a/src/scm/webid-oidc/reverse-proxy.scm
+++ b/src/scm/webid-oidc/reverse-proxy.scm
@@ -28,9 +28,9 @@
   #:use-module (srfi srfi-19)
   #:use-module (rnrs bytevectors)
   #:use-module (web uri)
+  #:use-module (web client) ;; required to pass the request along
   #:use-module (web request)
   #:use-module (web response)
-  #:use-module (web client)
   #:use-module (webid-oidc cache)
   #:use-module (webid-oidc web-i18n)
   #:use-module (web server)
@@ -43,7 +43,6 @@
 (define* (make-reverse-proxy
           #:key
           (server-uri #f)
-          (http-get http-get)
           (endpoint #f)
           (auth-header 'XXX-Agent))
   (set! auth-header
@@ -54,8 +53,7 @@
           (symbol->string auth-header))))
   (define authenticate
     (make-authenticator
-     #:server-uri server-uri
-     #:http-get http-get))
+     #:server-uri server-uri))
   (unless (and endpoint (uri? endpoint))
     (fail (G_ "#:endpoint argument is not present or not an URI.")))
   (lambda (request request-body)
diff --git a/src/scm/webid-oidc/serve.scm b/src/scm/webid-oidc/serve.scm
index 66a156c..76c58fc 100644
--- a/src/scm/webid-oidc/serve.scm
+++ b/src/scm/webid-oidc/serve.scm
@@ -18,11 +18,11 @@
   #:use-module (webid-oidc errors)
   #:use-module (webid-oidc fetch)
   #:use-module (webid-oidc web-i18n)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (ice-9 optargs)
   #:use-module (ice-9 receive)
   #:use-module (ice-9 exceptions)
   #:use-module (rnrs bytevectors)
-  #:use-module (web client)
   #:use-module (web request)
   #:use-module (web response)
   #:use-module (web uri)
@@ -57,17 +57,18 @@
 (define (convert client-accepts server-name path content-type content)
   (let ((data-as-rdf
          (false-if-exception
-          (fetch
-           (build-uri (uri-scheme server-name)
-                      #:userinfo (uri-userinfo server-name)
-                      #:host (uri-host server-name)
-                      #:port (uri-port server-name)
-                      #:path path)
-           #:http-get
-           (lambda args
-             (values (build-response
-                      #:headers `((content-type ,content-type)))
-                     content))))))
+          (parameterize
+              ((p:anonymous-http-request
+                (lambda _
+                  (values (build-response
+                           #:headers `((content-type ,content-type)))
+                          content))))
+            (fetch
+             (build-uri (uri-scheme server-name)
+                        #:userinfo (uri-userinfo server-name)
+                        #:host (uri-host server-name)
+                        #:port (uri-port server-name)
+                        #:path path))))))
     (if client-accepts
         ;; Content negociation is asked
         (let try-satisfy ((accepts client-accepts))
diff --git a/src/scm/webid-oidc/server/create.scm b/src/scm/webid-oidc/server/create.scm
index dc9651e..0558ff3 100644
--- a/src/scm/webid-oidc/server/create.scm
+++ b/src/scm/webid-oidc/server/create.scm
@@ -27,8 +27,8 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module (webid-oidc rdf-index)
   #:use-module ((webid-oidc refresh-token) #:prefix refresh:)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web response)
   #:use-module (rdf rdf)
   #:use-module (turtle tordf)
@@ -88,13 +88,14 @@
         (make-exception
          (make-unsupported-media-type content-type)
          (make-exception-with-message final-message))))))
-  (let ((graph (fetch
-                doc-uri
-                #:http-get
-                (lambda (uri . args)
-                  (values
-                   (build-response #:headers `((content-type ,content-type)))
-                   content)))))
+  (let ((graph
+         (parameterize
+             ((p:anonymous-http-request
+               (lambda* (uri . args)
+                 (values
+                  (build-response #:headers `((content-type ,content-type)))
+                  content))))
+           (fetch doc-uri))))
     (with-index
      graph
      (lambda (rdf-match)
@@ -117,10 +118,8 @@
          (or (equal? next "http://www.w3.org/ns/ldp#BasicContainer")
              (types-indicate-container? (cdr types))))))
 
-(define* (create server-name owner user container types slug content-type content
-                 #:key
-                 (http-get http-get))
-  (check-acl-can-append server-name container owner user #:http-get http-get)
+(define* (create server-name owner user container types slug content-type content)
+  (check-acl-can-append server-name container owner user)
   (unless (and slug (not (equal? slug "")))
     (set! slug (stubs:random 12)))
   (when (string-contains slug "/")
@@ -171,8 +170,7 @@
            (lambda error
              (create server-name owner user container types
                      (string-append slug "-" (stubs:random 12))
-                     content-type content
-                     #:http-get http-get))))))))
+                     content-type content))))))))
 
 (define (create-root server-name owner)
   (define (fix-angle-aux accu chars)
diff --git a/src/scm/webid-oidc/server/delete.scm b/src/scm/webid-oidc/server/delete.scm
index 4e4ce66..02344ad 100644
--- a/src/scm/webid-oidc/server/delete.scm
+++ b/src/scm/webid-oidc/server/delete.scm
@@ -26,8 +26,8 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module (webid-oidc rdf-index)
   #:use-module ((webid-oidc refresh-token) #:prefix refresh:)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web response)
   #:use-module (rdf rdf)
   #:use-module (turtle tordf)
@@ -51,9 +51,7 @@
 
    ))
 
-(define* (delete server-name owner user path if-match if-none-match
-                 #:key
-                 (http-get http-get))
+(define* (delete server-name owner user path if-match if-none-match)
   (check-acl-can-write server-name path owner user)
   (with-session
    (lambda (load-content-type load-contained load-static-content
diff --git a/src/scm/webid-oidc/server/precondition.scm b/src/scm/webid-oidc/server/precondition.scm
index 03ee967..7e3a4bb 100644
--- a/src/scm/webid-oidc/server/precondition.scm
+++ b/src/scm/webid-oidc/server/precondition.scm
@@ -25,8 +25,8 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module (webid-oidc rdf-index)
   #:use-module ((webid-oidc refresh-token) #:prefix refresh:)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web response)
   #:use-module (rdf rdf)
   #:use-module (turtle tordf)
diff --git a/src/scm/webid-oidc/server/read.scm b/src/scm/webid-oidc/server/read.scm
index cc74898..0cd49fd 100644
--- a/src/scm/webid-oidc/server/read.scm
+++ b/src/scm/webid-oidc/server/read.scm
@@ -26,8 +26,8 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module (webid-oidc rdf-index)
   #:use-module ((webid-oidc refresh-token) #:prefix refresh:)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web response)
   #:use-module (rdf rdf)
   #:use-module (turtle tordf)
@@ -63,14 +63,12 @@
   (base-path auxiliary-resource-absent-base-path)
   (path-type auxiliary-resource-absent-path-type))
 
-(define* (read server-name owner user path
-               #:key
-               (http-get http-get))
+(define* (read server-name owner user path)
   (declare-link-header!)
   (with-session
    (lambda (load-content-type load-contained load-static-content
                               do-create do-delete)
-     (check-acl-can-read server-name path owner user #:http-get http-get)
+     (check-acl-can-read server-name path owner user)
      (receive (base-path path-type)
          (base-path path)
        (let ((container? (container-path? path))
@@ -183,19 +181,20 @@
                 ;; Content
                 (if container?
                     (let ((static-graph
-                           (fetch
-                            (build-uri
-                             'https
-                             #:userinfo (uri-userinfo server-name)
-                             #:host (uri-host server-name)
-                             #:port (uri-port server-name)
-                             #:path path)
-                            #:http-get
-                            (lambda (uri . args)
-                              (values
-                               (build-response
-                                #:headers `((content-type ,(load-content-type relevant-etag))))
-                               (load-static-content relevant-etag))))))
+                           (parameterize
+                               ((p:anonymous-http-request
+                                 (lambda (uri . args)
+                                   (values
+                                    (build-response
+                                     #:headers `((content-type ,(load-content-type relevant-etag))))
+                                    (load-static-content relevant-etag)))))
+                             (fetch
+                              (build-uri
+                               'https
+                               #:userinfo (uri-userinfo server-name)
+                               #:host (uri-host server-name)
+                               #:port (uri-port server-name)
+                               #:path path)))))
                       (let ((final-graph
                              (reverse
                               (append
diff --git a/src/scm/webid-oidc/server/resource/wac.scm b/src/scm/webid-oidc/server/resource/wac.scm
index e3ed089..d3f4adf 100644
--- a/src/scm/webid-oidc/server/resource/wac.scm
+++ b/src/scm/webid-oidc/server/resource/wac.scm
@@ -23,9 +23,9 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module (webid-oidc rdf-index)
   #:use-module ((webid-oidc refresh-token) #:prefix refresh:)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (webid-oidc web-i18n)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (rdf rdf)
   #:use-module (turtle tordf)
   #:use-module (rnrs bytevectors)
@@ -82,7 +82,7 @@
   (owner forbidden-owner)
   (expected-mode forbidden-expected-mode))
 
-(define (group-member? http-get group-uri agent)
+(define (group-member? group-uri agent)
   (when (string? group-uri)
     (set! group-uri (string->uri group-uri)))
   (when (string? agent)
@@ -111,7 +111,7 @@
              #:continuable? #t))
           #f)
       (lambda ()
-        (let ((data (fetch group-doc-uri #:http-get http-get)))
+        (let ((data (fetch group-doc-uri)))
           (with-index
            data
            (lambda (rdf-match)
@@ -137,7 +137,7 @@
                                #:path (string-append path ".acl"))))))
    f))
 
-(define (check-authorization path check-default? server-name final-path http-get user rdf-match id)
+(define (check-authorization path check-default? server-name final-path user rdf-match id)
   ;; The authorization should give accessTo path,
   ;; or to a prefix of final-path; and it should
   ;; be for agent user, or a group that contains
@@ -211,7 +211,7 @@
                (and user
                     (not (null?
                           (filter (lambda (group)
-                                    (group-member? http-get group user))
+                                    (group-member? group user))
                                   groups))))))))
     (or
      (and access-to-ok
@@ -227,23 +227,21 @@
                            #f))))
      '())))
 
-(define (check-authorizations path check-default? server-name final-path http-get user rdf-match
+(define (check-authorizations path check-default? server-name final-path user rdf-match
                               allowed-modes authorizations)
   (if (null? authorizations)
       (reverse allowed-modes)
       (let ((new-modes
-             (check-authorization path check-default? server-name final-path http-get user rdf-match
+             (check-authorization path check-default? server-name final-path user rdf-match
                                   (car authorizations))))
         (check-authorizations
-         path check-default? server-name final-path http-get user rdf-match
+         path check-default? server-name final-path user rdf-match
          (append (reverse new-modes) allowed-modes)
          (cdr authorizations)))))
 
 (define acl-aux (string->uri "http://www.w3.org/ns/auth/acl#accessControl"))
 
-(define* (wac-get-modes server-name final-path user
-                        #:key
-                        (http-get http-get))
+(define (wac-get-modes server-name final-path user)
   (with-session
    (lambda (content-type contained static-content create delete)
      (define (wac-check-recursive path check-default?)
@@ -263,7 +261,7 @@
                 server-name path (content-type acl-etag) (static-content acl-etag)
                 (lambda (rdf-match)
                   (check-authorizations
-                   path check-default? server-name final-path http-get user rdf-match
+                   path check-default? server-name final-path user rdf-match
                    '()
                    (map rdf-triple-subject
                         (rdf-match #f
@@ -300,7 +298,7 @@
                   (? uri? (= uri->string b)))
                  (string< a b)))))))))
 
-(define (check-mode server-name path owner user http-get expected-mode)
+(define (check-mode server-name path owner user expected-mode)
   (unless (equal? owner user)
     (receive (base-path type)
         (base-path path)
@@ -313,7 +311,7 @@
         ;; for Control over the base resource.
         (set! path base-path)
         (set! expected-mode (string->uri "http://www.w3.org/ns/auth/acl#Control"))))
-    (let ((modes (wac-get-modes server-name path user #:http-get http-get)))
+    (let ((modes (wac-get-modes server-name path user)))
       (define (check-modes modes)
         (if (null? modes)
             (let ((final-message
@@ -337,26 +335,18 @@
              (check-modes (cdr modes)))))
       (check-modes modes))))
 
-(define* (check-acl-can-read server-name path owner user
-                             #:key
-                             (http-get http-get))
-  (check-mode server-name path owner user http-get
+(define (check-acl-can-read server-name path owner user)
+  (check-mode server-name path owner user
               (string->uri "http://www.w3.org/ns/auth/acl#Read")))
 
-(define* (check-acl-can-write server-name path owner user
-                             #:key
-                             (http-get http-get))
-  (check-mode server-name path owner user http-get
+(define (check-acl-can-write server-name path owner user)
+  (check-mode server-name path owner user
               (string->uri "http://www.w3.org/ns/auth/acl#Write")))
 
-(define* (check-acl-can-append server-name path owner user
-                             #:key
-                             (http-get http-get))
-  (check-mode server-name path owner user http-get
+(define (check-acl-can-append server-name path owner user)
+  (check-mode server-name path owner user
               (string->uri "http://www.w3.org/ns/auth/acl#Append")))
 
-(define* (check-acl-can-control server-name path owner user
-                             #:key
-                             (http-get http-get))
-  (check-mode server-name path owner user http-get
+(define (check-acl-can-control server-name path owner user)
+  (check-mode server-name path owner user
               (string->uri "http://www.w3.org/ns/auth/acl#Control")))
diff --git a/src/scm/webid-oidc/server/update.scm b/src/scm/webid-oidc/server/update.scm
index 589de44..d568d06 100644
--- a/src/scm/webid-oidc/server/update.scm
+++ b/src/scm/webid-oidc/server/update.scm
@@ -27,8 +27,8 @@
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module (webid-oidc rdf-index)
   #:use-module ((webid-oidc refresh-token) #:prefix refresh:)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module (web uri)
-  #:use-module (web client)
   #:use-module (web response)
   #:use-module (rdf rdf)
   #:use-module (turtle tordf)
@@ -60,13 +60,14 @@
      (raise-exception
       (make-exception
        (make-unsupported-media-type content-type)))))
-  (let ((graph (fetch
-                doc-uri
-                #:http-get
-                (lambda (uri . args)
-                  (values
-                   (build-response #:headers `((content-type ,content-type)))
-                   content)))))
+  (let ((graph
+         (parameterize
+             ((p:anonymous-http-request
+               (lambda (uri . args)
+                 (values
+                  (build-response #:headers `((content-type ,content-type)))
+                  content))))
+           (fetch doc-uri))))
     (with-index
      graph
      (lambda (rdf-match)
@@ -90,9 +91,7 @@
                    (rdf->turtle final-graph))))))))))
 
 (define* (update server-name owner user path if-match if-none-match
-                 content-type content
-                 #:key
-                 (http-get http-get))
+                 content-type content)
   (define updated-etag #f)
   (with-session
    (lambda (load-content-type load-contained load-static-content
diff --git a/src/scm/webid-oidc/simulation.scm b/src/scm/webid-oidc/simulation.scm
index 30f7b43..0accdc4 100644
--- a/src/scm/webid-oidc/simulation.scm
+++ b/src/scm/webid-oidc/simulation.scm
@@ -153,17 +153,11 @@
           (crypt "password" "xxx")
           (with-path server-uri "/keys")
           (with-path server-uri "/authorize")
-          (with-path server-uri "/token")
-          #:http-get
-          (lambda* (uri . args)
-            (apply request simulation uri #:method 'GET args))))
+          (with-path server-uri "/token")))
         (server
          (make-resource-server
           #:server-uri server-uri
-          #:owner owner
-          #:http-get
-          (lambda* (uri . args)
-            (apply request simulation uri #:method 'GET args)))))
+          #:owner owner)))
     (define (handle request body)
       (let ((path (uri-path (request-uri request))))
         (if (member path
diff --git a/src/scm/webid-oidc/testing.scm b/src/scm/webid-oidc/testing.scm
index 06d0127..c26ab5e 100644
--- a/src/scm/webid-oidc/testing.scm
+++ b/src/scm/webid-oidc/testing.scm
@@ -28,7 +28,13 @@
 
 (define-public (with-test-environment test-name f)
   (parameterize ((data-home (format #f "tests/~a.home/disfluid" test-name))
-                 (cache-home (format #f "tests/~a.cache/disfluid" test-name)))
+                 (cache-home (format #f "tests/~a.cache/disfluid" test-name))
+                 (anonymous-http-request
+                  (lambda _
+                    (error "cannot request the world-wide web from within a test")))
+                 (current-date
+                  (lambda ()
+                    (error "cannot use the current date from within a test"))))
     (call-with-output-file*
      (format #f "~a/seed" (cache-home))
      (lambda (port)
diff --git a/src/scm/webid-oidc/token-endpoint.scm b/src/scm/webid-oidc/token-endpoint.scm
index 292df4d..a10c843 100644
--- a/src/scm/webid-oidc/token-endpoint.scm
+++ b/src/scm/webid-oidc/token-endpoint.scm
@@ -26,7 +26,6 @@
   #:use-module ((webid-oidc parameters) #:prefix p:)
   #:use-module ((webid-oidc stubs) #:prefix stubs:)
   #:use-module ((webid-oidc refresh-token) #:prefix refresh:)
-  #:use-module (web client)
   #:use-module (web request)
   #:use-module (web response)
   #:use-module (web uri)
@@ -179,7 +178,7 @@
                    port)))))))
        thunk))))
 
-(define (make-token-endpoint token-endpoint-uri iss issuer-key validity)
+(define (make-token-endpoint token-endpoint-uri iss issuer-key)
   (lambda (request request-body)
     (when (bytevector? request-body)
       (set! request-body (utf8->string request-body)))
@@ -295,35 +294,33 @@
                         (make-unsupported-grant-type grant-type)
                         (make-exception-with-message final-message)
                         (make-message-for-the-user final-user-message))))))
-               (let* ((iat (time-second (date->time-utc current-time)))
-                      (exp (+ iat validity)))
-                 (let ((id-token
-                        (issue <id-token>
-                         issuer-key
-                         #:webid webid
-                         #:iss iss
-                         #:aud client-id))
-                       (access-token
-                        (issue <access-token>
-                         issuer-key
-                         #:webid webid
-                         #:iss iss
-                         #:client-key (jwk dpop)
-                         #:client-id client-id))
-                       (refresh-token
-                        (if (equal? grant-type "refresh_token")
-                            (assoc-ref form-args "refresh_token")
-                            (refresh:issue-refresh-token webid client-id
-                                                         (jkt (jwk dpop))))))
-                   (values
-                    (build-response #:headers '((content-type application/json)
-                                                (cache-control (no-cache no-store)))
-                                    #:port #f)
-                    (stubs:scm->json-string
-                     `((id_token . ,id-token)
-                       (access_token . ,access-token)
-                       (token_type . "DPoP")
-                       (expires_in . ,validity)
-                       (refresh_token . ,refresh-token)))
-                    client-id
-                    #f)))))))))))
+               (let ((id-token
+                      (issue <id-token>
+                             issuer-key
+                             #:webid webid
+                             #:iss iss
+                             #:aud client-id))
+                     (access-token
+                      (issue <access-token>
+                             issuer-key
+                             #:webid webid
+                             #:iss iss
+                             #:client-key (jwk dpop)
+                             #:client-id client-id))
+                     (refresh-token
+                      (if (equal? grant-type "refresh_token")
+                          (assoc-ref form-args "refresh_token")
+                          (refresh:issue-refresh-token webid client-id
+                                                       (jkt (jwk dpop))))))
+                 (values
+                  (build-response #:headers '((content-type application/json)
+                                              (cache-control (no-cache no-store)))
+                                  #:port #f)
+                  (stubs:scm->json-string
+                   `((id_token . ,id-token)
+                     (access_token . ,access-token)
+                     (token_type . "DPoP")
+                     (expires_in . ,(p:oidc-token-default-validity))
+                     (refresh_token . ,refresh-token)))
+                  client-id
+                  #f))))))))))
diff --git a/tests/acl-with-group.scm b/tests/acl-with-group.scm
deleted file mode 100644
index 3e715d9..0000000
--- a/tests/acl-with-group.scm
+++ /dev/null
@@ -1,27 +0,0 @@
-;; webid-oidc, implementation of the Solid specification
-;; Copyright (C) 2020, 2021  Vivien Kraus
-
-;; This program is free software: you can redistribute it and/or modify
-;; it under the terms of the GNU Affero General Public License as
-;; published by the Free Software Foundation, either version 3 of the
-;; License, or (at your option) any later version.
-
-;; This program is distributed in the hope that it will be useful,
-;; but WITHOUT ANY WARRANTY; without even the implied warranty of
-;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;; GNU Affero General Public License for more details.
-
-;; You should have received a copy of the GNU Affero General Public License
-;; along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-(define (http-get uri)
-  (unless (equal? uri
-                  (string->uri "https://group-server.example.com/the#group"))
-    (exit 1)
-    (values
-     (build-response #:headers '((content-type text/turtle)))
-     "@prefix vcard: <http://www.w3.org/2006/vcard/ns#>.
-
-<#group> a vcard:Group;
-  vcard:hasMember <https://other-user.example.com/profile/card#me> .
-")))
diff --git a/tests/acl.scm b/tests/acl.scm
index 3d76c54..9a11eb6 100644
--- a/tests/acl.scm
+++ b/tests/acl.scm
@@ -17,6 +17,7 @@
 (use-modules (webid-oidc server resource wac)
              (webid-oidc server resource content)
              (webid-oidc server resource path)
+             ((webid-oidc parameters) #:prefix p:)
              (webid-oidc testing)
              (web http)
              (web request)
@@ -203,54 +204,52 @@
           (define (run-test path modes-alice modes-bob modes-fbi modes-anonymous)
             (define (uri< a b)
               (string< (uri->string a) (uri->string b)))
-            (let ((alice (wac-get-modes
+            (parameterize
+                ((p:anonymous-http-request http-get))
+              (let ((alice (wac-get-modes
+                            server-name path
+                            (string->uri "https://alice.databox.me/profile/card#me")))
+                    (bob (wac-get-modes
                           server-name path
-                          (string->uri "https://alice.databox.me/profile/card#me")
-                          #:http-get http-get))
-                  (bob (wac-get-modes
-                        server-name path
-                        (string->uri "https://bob.databox.me/profile/card#me")
-                        #:http-get http-get))
-                  (fbi (wac-get-modes
-                        server-name path
-                        (string->uri "https://the-spy.databox.me/profile/card#me")
-                        #:http-get http-get))
-                  (anonymous (wac-get-modes
-                              server-name path
-                              #f
-                              #:http-get http-get)))
-              (unless (equal? alice
-                              modes-alice)
-                (format (current-error-port)
-                        "Alice’s modes for path ~s:\n  expected:\n    ~s\n  got:\n    ~s\n"
-                        path
-                        (map uri->string modes-alice)
-                        (map uri->string alice))
-                (exit 2))
-              (unless (equal? bob
-                              modes-bob)
-                (format (current-error-port)
-                        "Bob’s modes for path ~s:\n  expected:\n    ~s\n  got:\n    ~s\n"
-                        path
-                        (map uri->string modes-bob)
-                        (map uri->string bob))
-                (exit 3))
-              (unless (equal? fbi
-                              modes-fbi)
-                (format (current-error-port)
-                        "Spy’s modes for path ~s:\n  expected:\n    ~s\n  got:\n    ~s\n"
-                        path
-                        (map uri->string modes-fbi)
-                        (map uri->string fbi))
-                (exit 4))
-              (unless (equal? anonymous
-                              modes-anonymous)
-                (format (current-error-port)
-                        "Anonymous modes for path ~s:\n  expected:\n    ~s\n  got:\n    ~s\n"
-                        path
-                        (map uri->string modes-anonymous)
-                        (map uri->string anonymous))
-                (exit 5))))
+                          (string->uri "https://bob.databox.me/profile/card#me")))
+                    (fbi (wac-get-modes
+                          server-name path
+                          (string->uri "https://the-spy.databox.me/profile/card#me")))
+                    (anonymous (wac-get-modes
+                                server-name path
+                                #f)))
+                (unless (equal? alice
+                                modes-alice)
+                  (format (current-error-port)
+                          "Alice’s modes for path ~s:\n  expected:\n    ~s\n  got:\n    ~s\n"
+                          path
+                          (map uri->string modes-alice)
+                          (map uri->string alice))
+                  (exit 2))
+                (unless (equal? bob
+                                modes-bob)
+                  (format (current-error-port)
+                          "Bob’s modes for path ~s:\n  expected:\n    ~s\n  got:\n    ~s\n"
+                          path
+                          (map uri->string modes-bob)
+                          (map uri->string bob))
+                  (exit 3))
+                (unless (equal? fbi
+                                modes-fbi)
+                  (format (current-error-port)
+                          "Spy’s modes for path ~s:\n  expected:\n    ~s\n  got:\n    ~s\n"
+                          path
+                          (map uri->string modes-fbi)
+                          (map uri->string fbi))
+                  (exit 4))
+                (unless (equal? anonymous
+                                modes-anonymous)
+                  (format (current-error-port)
+                          "Anonymous modes for path ~s:\n  expected:\n    ~s\n  got:\n    ~s\n"
+                          path
+                          (map uri->string modes-anonymous)
+                          (map uri->string anonymous))
+                  (exit 5)))))
           (let ((read (string->uri "http://www.w3.org/ns/auth/acl#Read"))
                 (write (string->uri "http://www.w3.org/ns/auth/acl#Write"))
                 (control (string->uri "http://www.w3.org/ns/auth/acl#Control")))
diff --git a/tests/authorization-endpoint-get-form.scm b/tests/authorization-endpoint-get-form.scm
index 6830df8..27f22f9 100644
--- a/tests/authorization-endpoint-get-form.scm
+++ b/tests/authorization-endpoint-get-form.scm
@@ -32,13 +32,9 @@
    (define key (generate-key #:n-size 2048))
    (define subject (string->uri "https://authorization-endpoint-get-form.scm/profile/card#me"))
    (define password "p4ssw0rd")
-   (define validity 120)
-   (define* (http-get uri #:key (headers '()))
-     (exit 2))
    (define endpoint
      (make-authorization-endpoint
-      subject password key validity
-      #:http-get http-get))
+      subject password key))
    (receive (response response-body)
        (parameterize ((p:current-date 0))
          (endpoint
diff --git a/tests/authorization-endpoint-no-args.scm b/tests/authorization-endpoint-no-args.scm
index a9661cd..164e345 100644
--- a/tests/authorization-endpoint-no-args.scm
+++ b/tests/authorization-endpoint-no-args.scm
@@ -32,13 +32,8 @@
    (define key (generate-key #:n-size 2048))
    (define subject (string->uri "https://authorization-endpoint-get-form.scm/profile/card#me"))
    (define password "p4ssw0rd")
-   (define validity 120)
-   (define* (http-get uri #:key (headers '()))
-     (exit 2))
    (define endpoint
-     (make-authorization-endpoint
-      subject password key validity
-      #:http-get http-get))
+     (make-authorization-endpoint subject password key))
    (receive (response response-body)
        (parameterize ((p:current-date 0))
          (endpoint
diff --git a/tests/authorization-endpoint-submit-form.scm b/tests/authorization-endpoint-submit-form.scm
index 2fc7197..3de3e19 100644
--- a/tests/authorization-endpoint-submit-form.scm
+++ b/tests/authorization-endpoint-submit-form.scm
@@ -39,7 +39,6 @@
    (define redirect (string->uri "https://authorization-endpoint-submit-form.scm/client/redirect"))
    (define password "p4ssw0rd")
    (define encrypted-password (crypt password "$6$this.is.the.salt"))
-   (define validity 120)
    (define what-uri-to-expect client)
    (define served
      (receive (response response-body)
@@ -49,66 +48,66 @@
        (cons response response-body)))
    (define the-response (car served))
    (define the-response-body (cdr served))
-   (define* (http-get uri #:key (headers '()))
-     (unless (equal? uri what-uri-to-expect)
-       (exit 2))
-     (values the-response the-response-body))
-   (define cached-http-get
-     (with-cache #:http-get http-get))
    (define endpoint
      (make-authorization-endpoint
-      subject encrypted-password key validity
-      #:http-get cached-http-get))
-   (receive (response response-body)
-       ;; The password is fake!
-       (parameterize ((p:current-date 0))
-         (endpoint
-          (build-request (string->uri
-                          (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
-                                  (uri-encode (uri->string client))
-                                  (uri-encode (uri->string redirect))))
-                         #:headers '((content-type application/x-www-form-urlencoded))
-                         #:method 'POST
-                         #:port #t)
-          "password=fake"))
-     (when (eq? (response-code response) 302)
-       (exit 3)))
-   (receive (response response-body)
-       (parameterize ((p:current-date 0))
-         (endpoint
-          (build-request (string->uri
-                          (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
-                                  (uri-encode (uri->string client))
-                                  (uri-encode (uri->string redirect))))
-                         #:headers '((content-type application/x-www-form-urlencoded))
-                         #:method 'POST
-                         #:port #t)
-          "password=p4ssw0rd"))
-     (unless (eq? (response-code response) 302)
-       (exit 4))
-     (let ((loc (response-location response)))
-       (unless (uri? loc)
-         (exit 5))
-       (let ((loc-scheme (uri-scheme loc))
-             (loc-host (uri-host loc))
-             (loc-path (uri-path loc))
-             (loc-query (uri-query loc)))
-         (unless (eq? loc-scheme 'https)
-           (exit 6))
-         (unless (string=? loc-host "authorization-endpoint-submit-form.scm")
-           (exit 7))
-         (unless (string=? loc-path "/client/redirect")
-           (exit 8))
-         (let* ((kv (string-split loc-query #\&))
-                (args (map (lambda (x)
-                             (map uri-decode (string-split x #\=)))
-                           kv)))
-           (unless (assoc-ref args "code")
-             (exit 9))
-           (let ((parsed
-                  (parameterize ((p:current-date 60))
-                    (decode <authorization-code>
-                            (car (assoc-ref args "code"))
-                            #:issuer-key key))))
-             (unless parsed
-               (exit 10)))))))))
+      subject encrypted-password key))
+   (parameterize ((p:anonymous-http-request
+                   (lambda* (uri #:key (headers '()) #:allow-other-keys)
+                     (unless (equal? uri what-uri-to-expect)
+                       (exit 2))
+                     (values the-response the-response-body))))
+     (use-cache
+      (lambda ()
+        (receive (response response-body)
+            ;; The password is fake!
+            (parameterize ((p:current-date 0))
+              (endpoint
+               (build-request (string->uri
+                               (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
+                                       (uri-encode (uri->string client))
+                                       (uri-encode (uri->string redirect))))
+                              #:headers '((content-type application/x-www-form-urlencoded))
+                              #:method 'POST
+                              #:port #t)
+               "password=fake"))
+          (when (eq? (response-code response) 302)
+            (exit 3)))
+        (receive (response response-body)
+            (parameterize ((p:current-date 0))
+              (endpoint
+               (build-request (string->uri
+                               (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a"
+                                       (uri-encode (uri->string client))
+                                       (uri-encode (uri->string redirect))))
+                              #:headers '((content-type application/x-www-form-urlencoded))
+                              #:method 'POST
+                              #:port #t)
+               "password=p4ssw0rd"))
+          (unless (eq? (response-code response) 302)
+            (exit 4))
+          (let ((loc (response-location response)))
+            (unless (uri? loc)
+              (exit 5))
+            (let ((loc-scheme (uri-scheme loc))
+                  (loc-host (uri-host loc))
+                  (loc-path (uri-path loc))
+                  (loc-query (uri-query loc)))
+              (unless (eq? loc-scheme 'https)
+                (exit 6))
+              (unless (string=? loc-host "authorization-endpoint-submit-form.scm")
+                (exit 7))
+              (unless (string=? loc-path "/client/redirect")
+                (exit 8))
+              (let* ((kv (string-split loc-query #\&))
+                     (args (map (lambda (x)
+                                  (map uri-decode (string-split x #\=)))
+                                kv)))
+                (unless (assoc-ref args "code")
+                  (exit 9))
+                (let ((parsed
+                       (parameterize ((p:current-date 60))
+                         (decode <authorization-code>
+                                 (car (assoc-ref args "code"))
+                                 #:issuer-key key))))
+                  (unless parsed
+                    (exit 10))))))))))))
diff --git a/tests/cache-revalidate.scm b/tests/cache-revalidate.scm
index caa6e3e..a4eab3e 100644
--- a/tests/cache-revalidate.scm
+++ b/tests/cache-revalidate.scm
@@ -16,6 +16,7 @@
 
 (use-modules (webid-oidc cache)
              (webid-oidc testing)
+             ((webid-oidc parameters) #:prefix p:)
              (web uri)
              (web request)
              (web response)
@@ -44,15 +45,15 @@
       (build-response #:code 304 #:reason-phrase "Not Modified"
                       #:headers `((date . ,(time-utc->date (make-time time-utc 0 10)))))
       #f))
-   (receive (response response-body)
-       (revalidate (string->uri "https://example.com") original-response "hello"
-                   #:headers `((if-none-match . ("yyy" . #t))
-                               (if-unmodified-since . ,(time-utc->date (make-time time-utc 0 42)))
-                               (user-agent . "Testbed"))
-                   #:http-get backend)
-     (unless (eqv? (response-code response) 200)
-       (exit 5))
-     (unless (equal? (response-headers response)
-                     `((date . ,(time-utc->date (make-time time-utc 0 10)))
-                       (content-type text/plain)))
-       (exit 6)))))
+   (parameterize ((p:anonymous-http-request backend))
+     (receive (response response-body)
+         (revalidate (string->uri "https://example.com") original-response "hello"
+                     #:headers `((if-none-match . ("yyy" . #t))
+                                 (if-unmodified-since . ,(time-utc->date (make-time time-utc 0 42)))
+                                 (user-agent . "Testbed")))
+       (unless (eqv? (response-code response) 200)
+         (exit 5))
+       (unless (equal? (response-headers response)
+                       `((date . ,(time-utc->date (make-time time-utc 0 10)))
+                         (content-type text/plain)))
+         (exit 6))))))
diff --git a/tests/client-manifest-fraudulent.scm b/tests/client-manifest-fraudulent.scm
index a1bfe20..548f6c1 100644
--- a/tests/client-manifest-fraudulent.scm
+++ b/tests/client-manifest-fraudulent.scm
@@ -17,6 +17,7 @@
 (use-modules (webid-oidc client-manifest)
              (webid-oidc cache)
              (webid-oidc testing)
+             ((webid-oidc parameters) #:prefix p:)
              (webid-oidc errors)
              (web uri)
              (srfi srfi-19)
@@ -58,17 +59,17 @@
      (unless (equal? headers headers-to-expect)
        (exit 2))
      (values what-to-respond what-to-respond-body))
-   (define cache-http-get
-     (with-cache
-      #:http-get respond))
-   (with-exception-handler
-       (lambda (error)
-         (unless (inconsistent-client-manifest? error)
-           (exit 3)))
-     (lambda ()
-       (get-client-manifest
-        (string->uri "https://fraudulent-app.example.com/id#app")
-        #:http-get cache-http-get)
-       (exit 4))
-     #:unwind? #t
-     #:unwind-for-type &inconsistent-client-manifest)))
+   (parameterize ((p:anonymous-http-request respond))
+     (use-cache
+      (lambda ()
+        (with-exception-handler
+            (lambda (error)
+              (unless (inconsistent-client-manifest? error)
+                (exit 3)))
+          (lambda ()
+            (parameterize ((p:current-date 0))
+              (get-client-manifest
+               (string->uri "https://fraudulent-app.example.com/id#app")))
+            (exit 4))
+          #:unwind? #t
+          #:unwind-for-type &inconsistent-client-manifest))))))
diff --git a/tests/client-manifest-public.scm b/tests/client-manifest-public.scm
index 76eb8ba..f4e0bd5 100644
--- a/tests/client-manifest-public.scm
+++ b/tests/client-manifest-public.scm
@@ -26,10 +26,7 @@
  (lambda ()
    (define mf
      (get-client-manifest
-      (string->uri "http://www.w3.org/ns/solid/terms#PublicOidcClient")
-      #:http-get
-      (lambda args
-        (exit 1))))
+      (string->uri "http://www.w3.org/ns/solid/terms#PublicOidcClient")))
    (define id (client-manifest-client-id mf))
    (unless (equal? id (string->uri "http://www.w3.org/ns/solid/terms#PublicOidcClient"))
      (exit 2))
diff --git a/tests/client-manifest.scm b/tests/client-manifest.scm
index 8e98091..7f8e130 100644
--- a/tests/client-manifest.scm
+++ b/tests/client-manifest.scm
@@ -14,15 +14,17 @@
 ;; You should have received a copy of the GNU Affero General Public License
 ;; along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-(use-modules (webid-oidc client-manifest)
-             (webid-oidc cache)
-             (webid-oidc testing)
-             (webid-oidc errors)
-             (web uri)
-             (srfi srfi-19)
-             (web response)
-             (ice-9 optargs)
-             (ice-9 receive))
+(define-module (tests client-manifest)
+  #:use-module (webid-oidc client-manifest)
+  #:use-module (webid-oidc cache)
+  #:use-module (webid-oidc testing)
+  #:use-module ((webid-oidc parameters) #:prefix p:)
+  #:use-module (webid-oidc errors)
+  #:use-module (web uri)
+  #:use-module (srfi srfi-19)
+  #:use-module (web response)
+  #:use-module (ice-9 optargs)
+  #:use-module (ice-9 receive))
 
 (with-test-environment
  "client-manifest"
@@ -52,42 +54,43 @@
                      (string->uri "https://app.example.com/id#app"))
        (exit 2))
      (values what-to-respond what-to-respond-body))
-   (define cache-http-get
-     (with-cache
-      #:http-get respond))
-   (define mf
-     (get-client-manifest 
-      (string->uri "https://app.example.com/id#app")
-      #:http-get cache-http-get))
-   (define id (client-manifest-client-id mf))
-   (unless (equal? id (string->uri "https://app.example.com/id#app"))
-     (exit 3))
-   (unless (client-manifest-check-redirect-uri mf "https://app.example.com/callback")
-     (exit 4))
-   (with-exception-handler
-       (lambda (error)
-         (unless (unauthorized-redirect-uri? error)
-           (exit 5)))
-     (lambda ()
-       (client-manifest-check-redirect-uri mf "https://fraudulent-app.example.com/callback")
-       (exit 55))
-     #:unwind? #t
-     #:unwind-for-type &unauthorized-redirect-uri)
-   (receive (response response-body)
-       (serve-client-manifest
-        (time-utc->date (make-time time-utc 0 3600))
-        mf)
-     (unless (equal? (response-content-type response) '(application/ld+json))
-       (exit 6))
-     (set! what-to-respond response)
-     (set! what-to-respond-body response-body)
-     (let ((re-parsed (get-client-manifest
-                       (string->uri "https://app.example.com/id#app")
-                       #:http-get cache-http-get)))
-       (map (lambda (key)
-              (unless (equal? (assq-ref mf key)
-                              (assq-ref re-parsed key))
-                (exit 9)))
-            '(client_id redirect_uris client_name client_uri
-                        logo_uri tos_uri scope grant_types response_types
-                        default_max_age require_auth_time))))))
+   (parameterize ((p:anonymous-http-request respond))
+     (use-cache
+      (lambda ()
+        (define mf
+          (parameterize ((p:current-date 0))
+            (get-client-manifest
+             (string->uri "https://app.example.com/id#app"))))
+        (define id (client-manifest-client-id mf))
+        (unless (equal? id (string->uri "https://app.example.com/id#app"))
+          (exit 3))
+        (unless (client-manifest-check-redirect-uri mf "https://app.example.com/callback")
+          (exit 4))
+        (with-exception-handler
+            (lambda (error)
+              (unless (unauthorized-redirect-uri? error)
+                (exit 5)))
+          (lambda ()
+            (client-manifest-check-redirect-uri mf "https://fraudulent-app.example.com/callback")
+            (exit 55))
+          #:unwind? #t
+          #:unwind-for-type &unauthorized-redirect-uri)
+        (receive (response response-body)
+            (serve-client-manifest
+             (time-utc->date (make-time time-utc 0 3600))
+             mf)
+          (unless (equal? (response-content-type response) '(application/ld+json))
+            (exit 6))
+          (set! what-to-respond response)
+          (set! what-to-respond-body response-body)
+          (let ((re-parsed
+                 (parameterize ((p:current-date 10))
+                   (get-client-manifest
+                    (string->uri "https://app.example.com/id#app")))))
+            (map (lambda (key)
+                   (unless (equal? (assq-ref mf key)
+                                   (assq-ref re-parsed key))
+                     (exit 9)))
+                 '(client_id redirect_uris client_name client_uri
+                             logo_uri tos_uri scope grant_types response_types
+                             default_max_age require_auth_time)))))))))
diff --git a/tests/client-workflow.scm b/tests/client-workflow.scm
index 50514d8..9c74198 100644
--- a/tests/client-workflow.scm
+++ b/tests/client-workflow.scm
@@ -75,7 +75,7 @@
                        #:client-id "https://client@client-workflow.scm/id"
                        #:redirect-uri
                        (string->uri "https://client@client-workflow.scm/authorized")))
-                    (client:anonymous-http-request
+                    (p:anonymous-http-request
                      (cute sim:request simulation <...>)))
        (parameterize ((p:current-date 0)
                       (client:authorization-process
diff --git a/tests/crud.scm b/tests/crud.scm
index 40ec7b1..fa33138 100644
--- a/tests/crud.scm
+++ b/tests/crud.scm
@@ -22,6 +22,7 @@
              (webid-oidc server resource path)
              (webid-oidc errors)
              (webid-oidc testing)
+             ((webid-oidc parameters) #:prefix p:)
              (webid-oidc fetch)
              (webid-oidc rdf-index)
              (web http)
@@ -158,12 +159,12 @@
          (when (cdr etag)
            (exit 15))
          (with-index
-          (fetch "https://example.com/"
-                 #:http-get
-                 (lambda (uri . rest)
-                   (values
-                    (build-response #:headers `((content-type . ,content-type)))
-                    root)))
+          (parameterize ((p:anonymous-http-request
+                          (lambda (uri . rest)
+                            (values
+                             (build-response #:headers `((content-type . ,content-type)))
+                             root))))
+            (fetch "https://example.com/"))
           (lambda (rdf-match)
             (when (null? (rdf-match "https://example.com/"
                                     "http://www.w3.org/ns/ldp#contains"
@@ -199,12 +200,12 @@
          (when (cdr etag)
            (exit 22))
          (with-index
-          (fetch "https://example.com/.acl"
-                 #:http-get
-                 (lambda (uri . rest)
-                   (values
-                    (build-response #:headers `((content-type . ,content-type)))
-                    /.acl)))
+          (parameterize ((p:anonymous-http-request
+                          (lambda (uri . rest)
+                            (values
+                             (build-response #:headers `((content-type . ,content-type)))
+                             /.acl))))
+            (fetch "https://example.com/.acl"))
           (lambda (rdf-match)
             (when (null? (rdf-match #f
                                     "http://www.w3.org/1999/02/22-rdf-syntax-ns#type"
diff --git a/tests/dpop-proof-no-explicit-exp.scm b/tests/dpop-proof-no-explicit-exp.scm
index c485cac..5a4ccbc 100644
--- a/tests/dpop-proof-no-explicit-exp.scm
+++ b/tests/dpop-proof-no-explicit-exp.scm
@@ -26,18 +26,34 @@
              (srfi srfi-19)
              (web response)
              (ice-9 receive)
+             (ice-9 optargs)
              (oop goops))
 
 (define-class <dpop-proof-with-exp> (<dpop-proof>))
 
+(define-method (initialize (token <dpop-proof-with-exp>) initargs)
+  (next-method)
+  ;; Override exp
+  (let-keywords
+   initargs #t
+   ((validity #f))
+   (slot-set! token 'exp
+              (let ((iat (time-second (date->time-utc (iat token)))))
+                (time-utc->date
+                 (make-time time-utc 0
+                            (+ iat validity)))))))
+
 (define malicious-jwt-created? #f)
 
 (define-method (token->jwt (token <dpop-proof-with-exp>))
   (set! malicious-jwt-created? #t)
   (receive (header payload) (next-method)
-    (values header
-            `((exp . ,(time-second (date->time-utc (exp token))))
-              ,@payload))))
+    (let ((exp (time-second (date->time-utc (exp token)))))
+      (unless (equal? exp 3600)
+        (exit 3))
+      (values header
+              `((exp . ,exp)
+                ,@payload)))))
 
 (with-test-environment
  "dpop-proof-no-explicit-exp"
diff --git a/tests/jwks-get.scm b/tests/jwks-get.scm
index 8f23492..ffc0bbb 100644
--- a/tests/jwks-get.scm
+++ b/tests/jwks-get.scm
@@ -16,6 +16,7 @@
 
 (use-modules (webid-oidc jwk)
              (webid-oidc testing)
+             ((webid-oidc parameters) #:prefix p:)
              (webid-oidc cache)
              (web uri)
              (srfi srfi-19)
@@ -58,15 +59,12 @@
 }
 ")
          (exit 3)))
-   (define cache-http-get
-     (with-cache
-      #:http-get respond))
-   (define* (cache-http-request uri #:key (headers '()) (method 'GET))
-     (unless (eq? method 'GET)
-       (exit 4))
-     (cache-http-get uri #:headers headers))
-   (define jwks (get-jwks "https://example.com/keys"
-                          #:http-request cache-http-request))
+   (define jwks
+     (parameterize ((p:anonymous-http-request respond)
+                    (p:current-date 0)) ;; the cache requires it
+       (use-cache
+        (lambda ()
+          (get-jwks "https://example.com/keys")))))
    (define the-keys (keys jwks))
    (unless (eq? (length the-keys) 2)
      (exit 5))
diff --git a/tests/oidc-configuration.scm b/tests/oidc-configuration.scm
index 736c3f8..3d31b9d 100644
--- a/tests/oidc-configuration.scm
+++ b/tests/oidc-configuration.scm
@@ -120,43 +120,41 @@
   \"solid_oidc_supported\": \"https://solidproject.org/TR/solid-oidc\"
 }"))
       (else (exit 2))))
-   (define cache-http-get
-     (with-cache
-      #:http-get respond))
-   (define cfg
-     (make <oidc-configuration>
-       #:server "example.com"
-       #:http-request cache-http-get))
-   (define my-jwks
-     (parameterize ((p:anonymous-http-request cache-http-get))
-       (jwks cfg)))
-   (unless (is-a? cfg <oidc-configuration>)
-     (exit 3))
-   (unless (is-a? my-jwks <jwks>)
-     (exit 4))
-   (let ((my-oidc
+   (parameterize ((p:anonymous-http-request respond)
+                  (p:current-date 0)) ;; for the cache
+     (use-cache
+      (lambda ()
+        (define cfg
           (make <oidc-configuration>
-            #:jwks-uri "https://example.com/keys"
-            #:authorization-endpoint "https://example.com/authorize"
-            #:token-endpoint "https://example.com/token"
-            #:solid-oidc-supported "https://solidproject.org/TR/solid-oidc")))
-     (receive (response response-body)
-         (serve my-oidc (time-utc->date (make-time time-utc 0 3600)))
-       (unless (eqv? (car (response-content-type response)) 'application/json)
-         (exit 5))
-       (let ((parsed
-              (->json-data
+            #:server "example.com"))
+        (define my-jwks (jwks cfg))
+        (unless (is-a? cfg <oidc-configuration>)
+          (exit 3))
+        (unless (is-a? my-jwks <jwks>)
+          (exit 4))
+        (let ((my-oidc
                (make <oidc-configuration>
-                 #:json-data (stubs:json-string->scm response-body)))))
-         (unless (equal? (assq-ref parsed 'jwks_uri)
-                         "https://example.com/keys")
-           (exit 7))
-         (unless (equal? (assq-ref parsed 'authorization_endpoint)
-                         "https://example.com/authorize")
-           (exit 8))
-         (unless (equal? (assq-ref parsed 'token_endpoint)
-                         "https://example.com/token")
-           (exit 9))
-         (unless (equal? (assq-ref parsed 'solid_oidc_supported)
-                         "https://solidproject.org/TR/solid-oidc")
-           (exit 10)))))))
+                 #:jwks-uri "https://example.com/keys"
+                 #:authorization-endpoint "https://example.com/authorize"
+                 #:token-endpoint "https://example.com/token"
+                 #:solid-oidc-supported "https://solidproject.org/TR/solid-oidc")))
+          (receive (response response-body)
+              (serve my-oidc (time-utc->date (make-time time-utc 0 3600)))
+            (unless (eqv? (car (response-content-type response)) 'application/json)
+              (exit 5))
+            (let ((parsed
+                   (->json-data
+                    (make <oidc-configuration>
+                      #:json-data (stubs:json-string->scm response-body)))))
+              (unless (equal? (assq-ref parsed 'jwks_uri)
+                              "https://example.com/keys")
+                (exit 7))
+              (unless (equal? (assq-ref parsed 'authorization_endpoint)
+                              "https://example.com/authorize")
+                (exit 8))
+              (unless (equal? (assq-ref parsed 'token_endpoint)
+                              "https://example.com/token")
+                (exit 9))
+              (unless (equal? (assq-ref parsed 'solid_oidc_supported)
+                              "https://solidproject.org/TR/solid-oidc")
+                (exit 10))))))))))
diff --git a/tests/provider-confirmation.scm b/tests/provider-confirmation.scm
index fe9f4a2..e326ac8 100644
--- a/tests/provider-confirmation.scm
+++ b/tests/provider-confirmation.scm
@@ -16,6 +16,7 @@
 
 (use-modules (webid-oidc provider-confirmation)
              (webid-oidc testing)
+             ((webid-oidc parameters) #:prefix p:)
              (web uri)
              (srfi srfi-19)
              (web response)
@@ -42,9 +43,11 @@
      (unless (equal? headers what-headers-to-expect)
        (exit 2))
      (values what-to-respond what-to-respond-body))
-   (define cnf (get-provider-confirmations
-                (string->uri "https://provider-confirmation.scm/id#webid")
-                #:http-get http-get))
+   (define cnf
+     (parameterize
+         ((p:anonymous-http-request http-get))
+       (get-provider-confirmations
+        (string->uri "https://provider-confirmation.scm/id#webid"))))
    (unless (eq? (length cnf) 2)
      (format (current-error-port) "~s\n" cnf)
      (exit 3))
diff --git a/tests/resource-server.scm b/tests/resource-server.scm
index 89df999..767088d 100644
--- a/tests/resource-server.scm
+++ b/tests/resource-server.scm
@@ -92,10 +92,10 @@ DPoP: ~a\r\n\r\n"
    (define rq-body "")
    (define authenticator
      (make-authenticator
-      #:server-uri server-uri
-      #:http-get http-get))
+      #:server-uri server-uri))
    (define parsed
-     (parameterize ((p:current-date 20))
+     (parameterize ((p:current-date 20)
+                    (p:anonymous-http-request http-get))
        (authenticator rq rq-body)))
    (unless (uri? parsed)
      (exit 2))
diff --git a/tests/token-endpoint-issue.scm b/tests/token-endpoint-issue.scm
index 0815c30..8fdd1ad 100644
--- a/tests/token-endpoint-issue.scm
+++ b/tests/token-endpoint-issue.scm
@@ -40,7 +40,6 @@
    (define subject (string->uri "https://token-endpoint-issue.scm/profile/card#me"))
    (define client (string->uri "https://token-endpoint-issue.scm/client/card#app"))
    (define issuer (string->uri "https://issuer.token-endpoint-issue.scm"))
-   (define validity 3600)
    (define authz
      (parameterize ((p:current-date 0))
        (issue <authorization-code>
@@ -50,7 +49,7 @@
    (define endpoint
      (make-token-endpoint
       (string->uri "https://token-endpoint-issue.scm/token")
-      issuer key validity))
+      issuer key))
    (receive (response response-body . _)
        ;; The code is fake!
        (let ((dpop
@@ -103,25 +102,25 @@
            (unless refresh-token-enc
              (exit 7))
            (let ((access-token
-                  (parameterize ((p:current-date 20))
-                    (decode <access-token> access-token-enc
-                            #:http-request
-                            (lambda* (uri . args)
-                              (cond
-                               ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration"))
-                                (values (build-response #:headers '((content-type application/json)))
-                                        "{
+                  (parameterize ((p:current-date 20)
+                                 (p:anonymous-http-request
+                                  (lambda* (uri . args)
+                                    (cond
+                                     ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration"))
+                                      (values (build-response #:headers '((content-type application/json)))
+                                              "{
   \"jwks_uri\": \"https://token-endpoint-issue.scm/keys\",
   \"token_endpoint\": \"https://token-endpoint-issue.scm/token\",
   \"authorization_endpoint\": \"https://token-endpoint-issue.scm/authorize\",
   \"solid_oidc_supported\": \"https://solidproject.org/TR/solid-oidc\"
 }"))
-                               ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys"))
-                                (values (build-response #:headers '((content-type application/json)))
-                                        (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key))))))))
-                               (else
-                                (format (current-error-port) "Unknown URI: ~s\n" (uri->string uri))
-                                (exit 11))))))))
+                                     ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys"))
+                                      (values (build-response #:headers '((content-type application/json)))
+                                              (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key))))))))
+                                     (else
+                                      (format (current-error-port) "Unknown URI: ~s\n" (uri->string uri))
+                                      (exit 11))))))
+                    (decode <access-token> access-token-enc))))
              (unless access-token
                (exit 8))
              (let ((access-token-cnf/jkt (cnf/jkt access-token)))
diff --git a/tests/token-endpoint-refresh.scm b/tests/token-endpoint-refresh.scm
index f0174b8..90e2625 100644
--- a/tests/token-endpoint-refresh.scm
+++ b/tests/token-endpoint-refresh.scm
@@ -41,12 +41,11 @@
    (define subject (string->uri "https://token-endpoint-issue.scm/profile/card#me"))
    (define client (string->uri "https://token-endpoint-issue.scm/client/card#app"))
    (define issuer (string->uri "https://issuer.token-endpoint-issue.scm"))
-   (define validity 3600)
    (define refresh-code
      (issue-refresh-token subject client (jkt client-key)))
    (define endpoint (make-token-endpoint
                      (string->uri "https://token-endpoint-issue.scm/token")
-                     issuer key validity))
+                     issuer key))
    (receive (response response-body . _)
        ;; The refresh token is fake!
        (let ((dpop
@@ -98,24 +97,24 @@
            (unless refresh-token-enc
              (exit 7))
            (let ((access-token
-                  (parameterize ((p:current-date 20))
-                    (decode <access-token> access-token-enc
-                            #:http-request
-                            (lambda* (uri . args)
-                              (cond
-                               ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration"))
-                                (values (build-response #:headers '((content-type application/json)))
-                                        "{
+                  (parameterize ((p:current-date 20)
+                                 (p:anonymous-http-request
+                                  (lambda* (uri . args)
+                                    (cond
+                                     ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration"))
+                                      (values (build-response #:headers '((content-type application/json)))
+                                              "{
   \"jwks_uri\": \"https://token-endpoint-issue.scm/keys\",
   \"token_endpoint\": \"https://token-endpoint-issue.scm/token\",
   \"authorization_endpoint\": \"https://token-endpoint-issue.scm/authorize\",
   \"solid_oidc_supported\": \"https://solidproject.org/TR/solid-oidc\"
 }"))
-                               ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys"))
-                                (values (build-response #:headers '((content-type application/json)))
-                                        (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key))))))))
-                               (else
-                                (exit 8))))))))
+                                     ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys"))
+                                      (values (build-response #:headers '((content-type application/json)))
+                                              (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key))))))))
+                                     (else
+                                      (exit 8))))))
+                    (decode <access-token> access-token-enc))))
              (unless access-token
                (exit 9))
              (let ((access-token-cnf/jkt (cnf/jkt access-token)))