diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-09-22 13:11:21 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-09-22 18:08:47 +0200 |
commit | 555e59deba33284067298ce6130c379c75e3d2a3 (patch) | |
tree | c15c823913e917bc474f1cf163caf65a117ee9c3 | |
parent | 0d74f8c1ca9c1e9bf9a04b85f598ba7a175d1d86 (diff) |
Use anonymous-http-request from (webid-oidc parameters) everywhere
55 files changed, 1398 insertions, 1462 deletions
diff --git a/doc/disfluid.texi b/doc/disfluid.texi index 6247bfa..a73a5c7 100644 --- a/doc/disfluid.texi +++ b/doc/disfluid.texi @@ -60,6 +60,7 @@ is tracked in the Guix channel * Decentralized Authentication on the Web:: * Invoking disfluid:: * Running disfluid with GNU Guix:: +* Common parameters:: * Managing keys:: * OIDC discovery:: * The Json Web Token:: @@ -282,6 +283,48 @@ This record configures a server to serve public application pages. The configuration for the full server. @end deftp +@node Common parameters +@chapter Common parameters +The @emph{(webid-oidc parameters)} module provides a set of Guile +parameter to control the program behavior. + +@deffn {parameter} data-home +This parameter controls the location where the program stores +persistent data. By default, it is located in @code{XDG_DATA_HOME}. +@end deffn + +@deffn {parameter} cache-home +This parameter controls the location where the program stores data +that might get deleted at any time. By default, it uses +@code{XDG_CACHE_HOME}. +@end deffn + +@deffn {parameter} current-date +This parameter is a thunk similar to SRFI-19 @code{current-date}, +except it can be set with a thunk returning a date, time or number of +seconds, or a date, time or number of seconds. +@end deffn + +@deffn {parameter} anonymous-http-request +This parameter is a function similar to the @code{http-request} +function in @emph{(web client)}. +@end deffn + +@deffn {parameter} authorization-code-default-validity +This parameter controls the number of seconds for which an +authorization code is valid at creation time. +@end deffn + +@deffn {parameter} oidc-token-default-validity +This parameter controls the number of seconds for which an ID token or +access token is valid at creation time. +@end deffn + +@deffn {parameter} dpop-proof-validity +This parameter controls the number of seconds for which a DPoP proof +is valid after it has been issued. +@end deffn + @node Managing keys @chapter Managing keys @@ -1256,10 +1299,9 @@ with the cache. Drop @var{percents}% of the cache right now. @end deffn -@deffn function with-cache @var{[#http-get]} -Return a function acting as @emph{http-get} from @emph{(web client)} -(takes an URI as the first parameter, and an optional @var{#:headers} -set, and returns 2 values, the response and its body). +@deffn function use-cache @var{f} +Call @var{f} with no arguments, with the default HTTP request method +set to a function that tries to use the cache first.o The cache will be read and written in the @samp{web-cache} subdirectory of the cache home. To check the time window validity, the diff --git a/po/disfluid.pot b/po/disfluid.pot index 6c39980..2a4b334 100644 --- a/po/disfluid.pot +++ b/po/disfluid.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: disfluid SNAPSHOT\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-09-21 22:31+0200\n" +"POT-Creation-Date: 2021-09-22 14:08+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -122,34 +122,34 @@ msgid "" "webid_oidc_random_init first.\n" msgstr "" -#: src/scm/webid-oidc/access-token.scm:72 +#: src/scm/webid-oidc/access-token.scm:71 #, scheme-format msgid "invalid access token: ~a" msgstr "" -#: src/scm/webid-oidc/access-token.scm:74 +#: src/scm/webid-oidc/access-token.scm:73 msgid "invalid access token" msgstr "" -#: src/scm/webid-oidc/access-token.scm:116 +#: src/scm/webid-oidc/access-token.scm:115 #: src/scm/webid-oidc/authorization-code.scm:93 -#: src/scm/webid-oidc/oidc-id-token.scm:99 +#: src/scm/webid-oidc/oidc-id-token.scm:98 msgid "#:webid should be an URI" msgstr "" -#: src/scm/webid-oidc/access-token.scm:121 +#: src/scm/webid-oidc/access-token.scm:120 msgid "#:client-id should be an URI" msgstr "" -#: src/scm/webid-oidc/access-token.scm:126 +#: src/scm/webid-oidc/access-token.scm:125 msgid "#:cnf/jkt should be a string" msgstr "" -#: src/scm/webid-oidc/access-token.scm:131 +#: src/scm/webid-oidc/access-token.scm:130 msgid "#:aud should be exactly \"solid\"" msgstr "" -#: src/scm/webid-oidc/access-token.scm:149 +#: src/scm/webid-oidc/access-token.scm:148 msgid "" "when making an access token either its required fields (#:alg, #:webid, #:" "iss, #:aud, #:client-id, #:cnf/jkt, #:iat and #:exp) or (#:jwt-header and #:" @@ -178,10 +178,10 @@ msgstr "" #: src/scm/webid-oidc/authorization-page-unsafe.scm:52 #: src/scm/webid-oidc/hello-world.scm:40 src/scm/webid-oidc/hello-world.scm:167 #: src/scm/webid-oidc/hello-world.scm:187 -#: src/scm/webid-oidc/identity-provider.scm:140 -#: src/scm/webid-oidc/token-endpoint.scm:113 -#: src/scm/webid-oidc/token-endpoint.scm:139 -#: src/scm/webid-oidc/token-endpoint.scm:166 +#: src/scm/webid-oidc/identity-provider.scm:136 +#: src/scm/webid-oidc/token-endpoint.scm:112 +#: src/scm/webid-oidc/token-endpoint.scm:138 +#: src/scm/webid-oidc/token-endpoint.scm:165 msgid "xml-lang|en" msgstr "" @@ -215,8 +215,8 @@ msgid "Allow" msgstr "" #: src/scm/webid-oidc/authorization-page-unsafe.scm:95 -#: src/scm/webid-oidc/token-endpoint.scm:131 -#: src/scm/webid-oidc/token-endpoint.scm:158 +#: src/scm/webid-oidc/token-endpoint.scm:130 +#: src/scm/webid-oidc/token-endpoint.scm:157 msgid "reason-phrase|Bad Request" msgstr "" @@ -241,7 +241,7 @@ msgid "The application you are trying to authorize behaved unexpectedly." msgstr "" #: src/scm/webid-oidc/authorization-page-unsafe.scm:126 -#: src/scm/webid-oidc/resource-server.scm:310 +#: src/scm/webid-oidc/resource-server.scm:290 msgid "reason-phrase|Found" msgstr "" @@ -281,11 +281,11 @@ msgstr "" msgid "Cache entry for ~a varies.\n" msgstr "" -#: src/scm/webid-oidc/catalog.scm:167 +#: src/scm/webid-oidc/catalog.scm:166 msgid "invalid relative URI" msgstr "" -#: src/scm/webid-oidc/catalog.scm:246 +#: src/scm/webid-oidc/catalog.scm:245 #, scheme-format msgid "Unsupported delegate catalog URI scheme: ~s\n" msgstr "" @@ -345,123 +345,123 @@ msgstr "" msgid "cannot serve the public manifest" msgstr "" -#: src/scm/webid-oidc/client-manifest.scm:242 +#: src/scm/webid-oidc/client-manifest.scm:240 #, scheme-format msgid "cannot fetch the client manifest ~s: ~a" msgstr "" -#: src/scm/webid-oidc/client-manifest.scm:245 +#: src/scm/webid-oidc/client-manifest.scm:243 #, scheme-format msgid "cannot fetch the client manifest ~s" msgstr "" -#: src/scm/webid-oidc/client-manifest.scm:264 +#: src/scm/webid-oidc/client-manifest.scm:262 #, scheme-format msgid "the client manifest is dereferenced from ~s, but it pretends to be ~s" msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:285 +#: src/scm/webid-oidc/client/accounts.scm:273 msgid "The refresh token has expired." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:292 +#: src/scm/webid-oidc/client/accounts.scm:280 #, scheme-format msgid "The token request failed with code ~s (~s)." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:301 +#: src/scm/webid-oidc/client/accounts.scm:289 msgid "The token response did not set the content type." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:309 +#: src/scm/webid-oidc/client/accounts.scm:297 msgid "The token endpoint did not respond in UTF-8." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:321 +#: src/scm/webid-oidc/client/accounts.scm:309 #, scheme-format msgid "The token response has content-type ~s, not application/json." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:331 +#: src/scm/webid-oidc/client/accounts.scm:319 msgid "The token response is not valid JSON." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:345 +#: src/scm/webid-oidc/client/accounts.scm:333 #, scheme-format msgid "The token response did not include an ID token: ~s" msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:353 +#: src/scm/webid-oidc/client/accounts.scm:341 #, scheme-format msgid "The token response did not include an access token: ~s\n" msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:364 +#: src/scm/webid-oidc/client/accounts.scm:352 #, scheme-format msgid "the ID token signature is invalid: ~a" msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:366 +#: src/scm/webid-oidc/client/accounts.scm:354 msgid "the ID token signature is invalid" msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:383 +#: src/scm/webid-oidc/client/accounts.scm:370 #, scheme-format msgid "the ID token delivered by the identity provider for ~s has ~s as webid" msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:393 +#: src/scm/webid-oidc/client/accounts.scm:380 #, scheme-format msgid "The ID token delivered by the identity provider ~s is for issuer ~s." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:408 +#: src/scm/webid-oidc/client/accounts.scm:395 msgid "The issuer is required." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:413 +#: src/scm/webid-oidc/client/accounts.scm:400 msgid "The optional subject and required issuer should be strings or URI." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:449 +#: src/scm/webid-oidc/client/accounts.scm:436 msgid "Cannot check the username and/or password." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:459 +#: src/scm/webid-oidc/client/accounts.scm:446 msgid "The subject should be a string or URI." msgstr "" -#: src/scm/webid-oidc/client/accounts.scm:473 +#: src/scm/webid-oidc/client/accounts.scm:460 msgid "The issuer should be a string or URI." msgstr "" -#: src/scm/webid-oidc/client/application.scm:228 +#: src/scm/webid-oidc/client/application.scm:213 #, scheme-format msgid "Add an account on ~a" msgstr "" -#: src/scm/webid-oidc/client/application.scm:243 +#: src/scm/webid-oidc/client/application.scm:228 #, scheme-format msgid "" "You already have an account for ~a issued by ~a and it is currently selected." msgstr "" -#: src/scm/webid-oidc/client/application.scm:262 +#: src/scm/webid-oidc/client/application.scm:247 #, scheme-format msgid "You already have an account for ~a issued by ~a." msgstr "" -#: src/scm/webid-oidc/client/client.scm:107 +#: src/scm/webid-oidc/client/client.scm:106 msgid "" "Client ID and redirect URIs should be URIs, and key pair should be a key " "pair.." msgstr "" -#: src/scm/webid-oidc/client/gui.scm:58 +#: src/scm/webid-oidc/client/gui.scm:57 msgid "Hello, world!\n" msgstr "" -#: src/scm/webid-oidc/client/gui.scm:63 +#: src/scm/webid-oidc/client/gui.scm:62 msgid "Hello, world!" msgstr "" @@ -479,147 +479,147 @@ msgstr "" msgid "invalid DPoP proof token" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:189 +#: src/scm/webid-oidc/dpop-proof.scm:195 msgid "#:typ should be exactly \"dpop+jwt\"" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:194 +#: src/scm/webid-oidc/dpop-proof.scm:200 msgid "#:jwk should be a public key" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:199 +#: src/scm/webid-oidc/dpop-proof.scm:205 msgid "#:htm should be a symbol" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:205 +#: src/scm/webid-oidc/dpop-proof.scm:211 msgid "when present, #:ath should be a string" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:226 +#: src/scm/webid-oidc/dpop-proof.scm:232 msgid "" "when making a DPoP proof, either its required fields (#:typ, #:jwk, #:htm " "and #:htu) or (#:jwt-header and #:jwt-payload) should be passed" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:259 +#: src/scm/webid-oidc/dpop-proof.scm:265 #, scheme-format msgid "the DPoP proof is signed for access through ~s, but it is used with ~s" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:269 +#: src/scm/webid-oidc/dpop-proof.scm:275 #, scheme-format msgid "" "the DPoP proof should go along with an access token hashed to ~s, not ~s" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:277 src/scm/webid-oidc/dpop-proof.scm:284 +#: src/scm/webid-oidc/dpop-proof.scm:283 src/scm/webid-oidc/dpop-proof.scm:290 msgid "the DPoP proof is signed with the wrong key" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:282 +#: src/scm/webid-oidc/dpop-proof.scm:288 #, scheme-format msgid "the DPoP proof is signed with the wrong key: ~a" msgstr "" -#: src/scm/webid-oidc/dpop-proof.scm:293 +#: src/scm/webid-oidc/dpop-proof.scm:299 msgid "the cnf/check function returned #f" msgstr "" -#: src/scm/webid-oidc/example-app.scm:96 +#: src/scm/webid-oidc/example-app.scm:95 #, scheme-format msgid "~a (issued by ~a): no interaction required" msgstr "" -#: src/scm/webid-oidc/example-app.scm:99 +#: src/scm/webid-oidc/example-app.scm:98 #, scheme-format msgid "~a (issued by ~a): offline but accessible" msgstr "" -#: src/scm/webid-oidc/example-app.scm:102 +#: src/scm/webid-oidc/example-app.scm:101 #, scheme-format msgid "~a (issued by ~a): online" msgstr "" -#: src/scm/webid-oidc/example-app.scm:105 +#: src/scm/webid-oidc/example-app.scm:104 #, scheme-format msgid "~a (issued by ~a): inaccessible" msgstr "" -#: src/scm/webid-oidc/example-app.scm:118 +#: src/scm/webid-oidc/example-app.scm:117 #, scheme-format msgid "Your choice ~a does not exist.\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:136 +#: src/scm/webid-oidc/example-app.scm:135 msgid "Your choice is not a valid URI.\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:145 +#: src/scm/webid-oidc/example-app.scm:144 msgid "This is not a valid HTTP method.\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:161 +#: src/scm/webid-oidc/example-app.scm:160 msgid "This is not a valid value for this header.\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:199 +#: src/scm/webid-oidc/example-app.scm:198 msgid "Nothing to undo.\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:211 +#: src/scm/webid-oidc/example-app.scm:210 msgid "Nothing to redo.\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:271 +#: src/scm/webid-oidc/example-app.scm:270 msgid "Example app command|add-account" msgstr "" -#: src/scm/webid-oidc/example-app.scm:273 +#: src/scm/webid-oidc/example-app.scm:272 msgid "Example app command|choose-account" msgstr "" -#: src/scm/webid-oidc/example-app.scm:275 +#: src/scm/webid-oidc/example-app.scm:274 msgid "Example app command|set-uri" msgstr "" -#: src/scm/webid-oidc/example-app.scm:277 +#: src/scm/webid-oidc/example-app.scm:276 msgid "Example app command|set-method" msgstr "" -#: src/scm/webid-oidc/example-app.scm:279 +#: src/scm/webid-oidc/example-app.scm:278 msgid "Example app command|view-headers" msgstr "" -#: src/scm/webid-oidc/example-app.scm:281 +#: src/scm/webid-oidc/example-app.scm:280 msgid "Example app command|clear-headers" msgstr "" -#: src/scm/webid-oidc/example-app.scm:283 +#: src/scm/webid-oidc/example-app.scm:282 msgid "Example app command|add-header" msgstr "" -#: src/scm/webid-oidc/example-app.scm:285 +#: src/scm/webid-oidc/example-app.scm:284 msgid "Example app command|ok" msgstr "" -#: src/scm/webid-oidc/example-app.scm:287 +#: src/scm/webid-oidc/example-app.scm:286 msgid "Example app command|undo" msgstr "" -#: src/scm/webid-oidc/example-app.scm:289 +#: src/scm/webid-oidc/example-app.scm:288 msgid "Example app command|redo" msgstr "" -#: src/scm/webid-oidc/example-app.scm:299 +#: src/scm/webid-oidc/example-app.scm:298 #, scheme-format msgid "To log in on ~a, please visit: ~a\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:302 +#: src/scm/webid-oidc/example-app.scm:301 msgid "Then, paste the authorization code you get:\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:320 +#: src/scm/webid-oidc/example-app.scm:307 #, scheme-format msgid "" "Account: ~a\n" @@ -639,87 +639,87 @@ msgid "" "\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:339 +#: src/scm/webid-oidc/example-app.scm:326 msgid "Account:|unset" msgstr "" -#: src/scm/webid-oidc/example-app.scm:343 +#: src/scm/webid-oidc/example-app.scm:330 msgid "URI:|unset" msgstr "" -#: src/scm/webid-oidc/example-app.scm:347 +#: src/scm/webid-oidc/example-app.scm:334 msgid "Method:|unset" msgstr "" -#: src/scm/webid-oidc/example-app.scm:350 +#: src/scm/webid-oidc/example-app.scm:337 msgid "Headers:|none" msgstr "" -#: src/scm/webid-oidc/example-app.scm:354 +#: src/scm/webid-oidc/example-app.scm:341 msgid "list separator|, " msgstr "" -#: src/scm/webid-oidc/example-app.scm:364 +#: src/scm/webid-oidc/example-app.scm:351 #, scheme-format msgid "You can undo your last command with \"~a\".\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:366 +#: src/scm/webid-oidc/example-app.scm:353 #, scheme-format msgid "You can re-apply your last undone command with \"~a\".\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:367 +#: src/scm/webid-oidc/example-app.scm:354 msgid "Readline prompt|Command: " msgstr "" -#: src/scm/webid-oidc/example-app.scm:374 +#: src/scm/webid-oidc/example-app.scm:361 #, scheme-format msgid "An error happened: ~a.\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:386 +#: src/scm/webid-oidc/example-app.scm:373 msgid "Please enter your identity provider: " msgstr "" -#: src/scm/webid-oidc/example-app.scm:392 +#: src/scm/webid-oidc/example-app.scm:379 msgid "" "You don’t have other accounts available. Please add one with \"add-account" "\".\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:398 +#: src/scm/webid-oidc/example-app.scm:385 #, scheme-format msgid "- ~a: ~a\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:406 +#: src/scm/webid-oidc/example-app.scm:393 #, scheme-format msgid "[1-~a] " msgstr "" -#: src/scm/webid-oidc/example-app.scm:414 +#: src/scm/webid-oidc/example-app.scm:401 msgid "Visit this URI: " msgstr "" -#: src/scm/webid-oidc/example-app.scm:420 +#: src/scm/webid-oidc/example-app.scm:407 msgid "Use this HTTP method [GET]: " msgstr "" -#: src/scm/webid-oidc/example-app.scm:436 +#: src/scm/webid-oidc/example-app.scm:423 msgid "Which header? " msgstr "" -#: src/scm/webid-oidc/example-app.scm:439 +#: src/scm/webid-oidc/example-app.scm:426 #, scheme-format msgid "Which header value for ~a? " msgstr "" -#: src/scm/webid-oidc/example-app.scm:462 +#: src/scm/webid-oidc/example-app.scm:449 msgid "Please define an account and the URI.\n" msgstr "" -#: src/scm/webid-oidc/example-app.scm:469 +#: src/scm/webid-oidc/example-app.scm:456 msgid "I don’t know that command.\n" msgstr "" @@ -761,15 +761,15 @@ msgstr "" msgid "<p>The client is compatible with Solid.</p>" msgstr "" -#: src/scm/webid-oidc/hello-world.scm:64 src/scm/webid-oidc/program.scm:226 +#: src/scm/webid-oidc/hello-world.scm:64 src/scm/webid-oidc/program.scm:230 msgid "command-line|version" msgstr "" -#: src/scm/webid-oidc/hello-world.scm:66 src/scm/webid-oidc/program.scm:230 +#: src/scm/webid-oidc/hello-world.scm:66 src/scm/webid-oidc/program.scm:234 msgid "command-line|complete-corresponding-source" msgstr "" -#: src/scm/webid-oidc/hello-world.scm:68 src/scm/webid-oidc/program.scm:232 +#: src/scm/webid-oidc/hello-world.scm:68 src/scm/webid-oidc/program.scm:236 msgid "command-line|help" msgstr "" @@ -777,11 +777,11 @@ msgstr "" msgid "command-line|port" msgstr "" -#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/program.scm:264 +#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/program.scm:268 msgid "command-line|log-file" msgstr "" -#: src/scm/webid-oidc/hello-world.scm:74 src/scm/webid-oidc/program.scm:266 +#: src/scm/webid-oidc/hello-world.scm:74 src/scm/webid-oidc/program.scm:270 msgid "command-line|error-file" msgstr "" @@ -819,7 +819,7 @@ msgstr "" msgid "~a version ~a\n" msgstr "" -#: src/scm/webid-oidc/hello-world.scm:128 src/scm/webid-oidc/program.scm:628 +#: src/scm/webid-oidc/hello-world.scm:128 src/scm/webid-oidc/program.scm:632 msgid "" "You are legally required to link to the complete corresponding source code.\n" msgstr "" @@ -829,7 +829,7 @@ msgid "The port should be a number between 0 and 65535.\n" msgstr "" #: src/scm/webid-oidc/hello-world.scm:159 -#: src/scm/webid-oidc/resource-server.scm:331 +#: src/scm/webid-oidc/resource-server.scm:311 msgid "reason-phrase|Unauthorized" msgstr "" @@ -842,7 +842,7 @@ msgid "<p>This page requires authentication with Solid.</p>" msgstr "" #: src/scm/webid-oidc/hello-world.scm:179 -#: src/scm/webid-oidc/resource-server.scm:339 +#: src/scm/webid-oidc/resource-server.scm:319 msgid "reason-phrase|Method Not Allowed" msgstr "" @@ -854,11 +854,11 @@ msgstr "" msgid "<p>You can only use the <emph>GET</emph> method on this resource.</p>" msgstr "" -#: src/scm/webid-oidc/identity-provider.scm:77 +#: src/scm/webid-oidc/identity-provider.scm:74 msgid "Warning: generating a new key pair." msgstr "" -#: src/scm/webid-oidc/identity-provider.scm:133 +#: src/scm/webid-oidc/identity-provider.scm:129 msgid "reason-phrase|Not Found" msgstr "" @@ -998,265 +998,260 @@ msgstr "" msgid "an unexpected error happened while verifying a JWS" msgstr "" -#: src/scm/webid-oidc/jws.scm:482 +#: src/scm/webid-oidc/jws.scm:479 #, scheme-format msgid "I cannot query the identity provider configuration: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:484 +#: src/scm/webid-oidc/jws.scm:481 msgid "I cannot query the identity provider configuration" msgstr "" -#: src/scm/webid-oidc/jws.scm:501 +#: src/scm/webid-oidc/jws.scm:497 #, scheme-format msgid "I cannot query the JWKS URI of the identity provider: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:503 +#: src/scm/webid-oidc/jws.scm:499 msgid "I cannot query the JWKS URI of the identity provider" msgstr "" -#: src/scm/webid-oidc/jws.scm:528 +#: src/scm/webid-oidc/jws.scm:522 #, scheme-format msgid "the token is signed in the future, ~a, relative to current ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:537 +#: src/scm/webid-oidc/jws.scm:531 #, scheme-format msgid "the token expired ~a, which is in the past (from ~a)" msgstr "" -#: src/scm/webid-oidc/jws.scm:560 +#: src/scm/webid-oidc/jws.scm:554 #, scheme-format msgid "cannot decode a JWS: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:562 +#: src/scm/webid-oidc/jws.scm:556 msgid "cannot decode a JWS" msgstr "" -#: src/scm/webid-oidc/jws.scm:580 +#: src/scm/webid-oidc/jws.scm:574 #, scheme-format msgid "cannot encode a JWS: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:582 +#: src/scm/webid-oidc/jws.scm:576 msgid "cannot encode a JWS" msgstr "" -#: src/scm/webid-oidc/jws.scm:629 +#: src/scm/webid-oidc/jws.scm:623 msgid "cannot parse a token" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:120 +#: src/scm/webid-oidc/oidc-configuration.scm:118 msgid "#:jwks-uri should be an URI" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:125 +#: src/scm/webid-oidc/oidc-configuration.scm:123 msgid "#:token-endpoint should be an URI" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:130 +#: src/scm/webid-oidc/oidc-configuration.scm:128 msgid "#:authorization-endpoint should be an URI" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:135 +#: src/scm/webid-oidc/oidc-configuration.scm:133 msgid "" "#:solid-oidc-supported should be exactly 'https://solidproject.org/TR/solid-" "oidc'" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:144 +#: src/scm/webid-oidc/oidc-configuration.scm:142 msgid "#:server should be an URI" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:161 +#: src/scm/webid-oidc/oidc-configuration.scm:159 #, scheme-format msgid "cannot fetch the OIDC configuration: ~a" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:163 +#: src/scm/webid-oidc/oidc-configuration.scm:161 msgid "cannot fetch the OIDC configuration" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:167 +#: src/scm/webid-oidc/oidc-configuration.scm:165 #, scheme-format msgid "the server responded with ~s ~s" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:172 +#: src/scm/webid-oidc/oidc-configuration.scm:170 msgid "there is no content-type" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:177 +#: src/scm/webid-oidc/oidc-configuration.scm:175 #, scheme-format msgid "unexpected content-type: ~s" msgstr "" -#: src/scm/webid-oidc/oidc-configuration.scm:187 +#: src/scm/webid-oidc/oidc-configuration.scm:185 msgid "" "when making an OIDC configuration, either its required #:jwks-uri, #:" -"authorization-endpoint and #:token-endpoint fields or #:server (and " -"optionally #:http-request) or #:json-data should be passed" +"authorization-endpoint and #:token-endpoint fields or #:server or #:json-" +"data should be passed" msgstr "" -#: src/scm/webid-oidc/oidc-id-token.scm:71 +#: src/scm/webid-oidc/oidc-id-token.scm:70 #, scheme-format msgid "invalid OIDC ID token: ~a" msgstr "" -#: src/scm/webid-oidc/oidc-id-token.scm:73 +#: src/scm/webid-oidc/oidc-id-token.scm:72 msgid "invalid OIDC id token" msgstr "" -#: src/scm/webid-oidc/oidc-id-token.scm:104 +#: src/scm/webid-oidc/oidc-id-token.scm:103 msgid "#:sub should be a string" msgstr "" -#: src/scm/webid-oidc/oidc-id-token.scm:109 +#: src/scm/webid-oidc/oidc-id-token.scm:108 msgid "#:aud should be a string" msgstr "" -#: src/scm/webid-oidc/oidc-id-token.scm:125 +#: src/scm/webid-oidc/oidc-id-token.scm:124 msgid "" "when making an ID token either its required fields (#:alg, #:webid, #:iss, #:" "sub, #:aud, #:iat and #:exp) or (#:jwt-header and #:jwt-payload) should be " "passed" msgstr "" -#: src/scm/webid-oidc/program.scm:57 +#: src/scm/webid-oidc/program.scm:64 #, scheme-format msgid "~a: Warning: XML_CATALOG_FILES is set to ~s.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:60 -#, scheme-format -msgid "~a: GET ~a ~s...\n" -msgstr "" - #: src/scm/webid-oidc/program.scm:67 #, scheme-format -msgid "~a: Warning: loading XML catalog from the web, ~s.\n" +msgid "~a: ~s ~a ~s...\n" msgstr "" -#: src/scm/webid-oidc/program.scm:75 +#: src/scm/webid-oidc/program.scm:73 #, scheme-format -msgid "~a: GET ~a ~s: ~s ~a bytes\n" +msgid "~a: ~s ~a ~s: ~s ~a bytes\n" msgstr "" -#: src/scm/webid-oidc/program.scm:122 +#: src/scm/webid-oidc/program.scm:126 msgid "really bad internal server error" msgstr "" -#: src/scm/webid-oidc/program.scm:129 +#: src/scm/webid-oidc/program.scm:133 #, scheme-format msgid "~a: ~a: Internal server error: ~a\n" msgstr "" -#: src/scm/webid-oidc/program.scm:135 +#: src/scm/webid-oidc/program.scm:139 msgid "Internal Server Error" msgstr "" -#: src/scm/webid-oidc/program.scm:138 +#: src/scm/webid-oidc/program.scm:142 msgid "Sorry, there was an error." msgstr "" -#: src/scm/webid-oidc/program.scm:159 +#: src/scm/webid-oidc/program.scm:163 #, scheme-format msgid "~a: ~s ~a ~s ~a\n" msgstr "" -#: src/scm/webid-oidc/program.scm:161 +#: src/scm/webid-oidc/program.scm:165 #, scheme-format msgid "~a: ~a (~a)" msgstr "" -#: src/scm/webid-oidc/program.scm:165 +#: src/scm/webid-oidc/program.scm:169 #, scheme-format msgid "~a: ~a" msgstr "" -#: src/scm/webid-oidc/program.scm:175 +#: src/scm/webid-oidc/program.scm:179 #, scheme-format msgid "(there was an error: ~a)" msgstr "" -#: src/scm/webid-oidc/program.scm:228 +#: src/scm/webid-oidc/program.scm:232 msgid "command-line|describe-project" msgstr "" -#: src/scm/webid-oidc/program.scm:234 +#: src/scm/webid-oidc/program.scm:238 msgid "command-line|server|port" msgstr "" -#: src/scm/webid-oidc/program.scm:236 +#: src/scm/webid-oidc/program.scm:240 msgid "command-line|server|server-name" msgstr "" -#: src/scm/webid-oidc/program.scm:238 +#: src/scm/webid-oidc/program.scm:242 msgid "command-line|server|reverse-proxy|backend-uri" msgstr "" -#: src/scm/webid-oidc/program.scm:240 +#: src/scm/webid-oidc/program.scm:244 msgid "command-line|server|reverse-proxy|header" msgstr "" -#: src/scm/webid-oidc/program.scm:242 +#: src/scm/webid-oidc/program.scm:246 msgid "command-line|server|issuer|key-file" msgstr "" -#: src/scm/webid-oidc/program.scm:244 +#: src/scm/webid-oidc/program.scm:248 msgid "command-line|server|issuer|subject" msgstr "" -#: src/scm/webid-oidc/program.scm:246 +#: src/scm/webid-oidc/program.scm:250 msgid "command-line|server|issuer|encrypted-password" msgstr "" -#: src/scm/webid-oidc/program.scm:248 +#: src/scm/webid-oidc/program.scm:252 msgid "command-line|server|issuer|encrypted-password-from-file" msgstr "" -#: src/scm/webid-oidc/program.scm:250 +#: src/scm/webid-oidc/program.scm:254 msgid "command-line|server|issuer|jwks-uri" msgstr "" -#: src/scm/webid-oidc/program.scm:252 +#: src/scm/webid-oidc/program.scm:256 msgid "command-line|server|issuer|authorization-endpoint-uri" msgstr "" -#: src/scm/webid-oidc/program.scm:254 +#: src/scm/webid-oidc/program.scm:258 msgid "command-line|server|issuer|token-endpoint-uri" msgstr "" -#: src/scm/webid-oidc/program.scm:256 +#: src/scm/webid-oidc/program.scm:260 msgid "command-line|server|client-id" msgstr "" -#: src/scm/webid-oidc/program.scm:258 +#: src/scm/webid-oidc/program.scm:262 msgid "command-line|server|redirect-uri" msgstr "" -#: src/scm/webid-oidc/program.scm:260 +#: src/scm/webid-oidc/program.scm:264 msgid "command-line|server|client-name" msgstr "" -#: src/scm/webid-oidc/program.scm:262 +#: src/scm/webid-oidc/program.scm:266 msgid "command-line|server|client-uri" msgstr "" -#: src/scm/webid-oidc/program.scm:296 +#: src/scm/webid-oidc/program.scm:300 #, scheme-format msgid "Usage: ~a COMMAND [OPTIONS]...\n" msgstr "" -#: src/scm/webid-oidc/program.scm:300 +#: src/scm/webid-oidc/program.scm:304 msgid "" "\n" "Run the disfluid COMMAND." msgstr "" -#: src/scm/webid-oidc/program.scm:303 +#: src/scm/webid-oidc/program.scm:307 msgid "" "\n" "This program is covered by the GNU Affero GPL, version 3 or\n" @@ -1266,13 +1261,13 @@ msgid "" "to all responses." msgstr "" -#: src/scm/webid-oidc/program.scm:310 +#: src/scm/webid-oidc/program.scm:314 msgid "" "\n" "Available commands:" msgstr "" -#: src/scm/webid-oidc/program.scm:312 +#: src/scm/webid-oidc/program.scm:316 #, scheme-format msgid "" "\n" @@ -1280,12 +1275,12 @@ msgid "" " run an authenticating reverse proxy." msgstr "" -#: src/scm/webid-oidc/program.scm:315 src/scm/webid-oidc/program.scm:510 -#: src/scm/webid-oidc/program.scm:710 +#: src/scm/webid-oidc/program.scm:319 src/scm/webid-oidc/program.scm:514 +#: src/scm/webid-oidc/program.scm:714 msgid "command-line|command|reverse-proxy" msgstr "" -#: src/scm/webid-oidc/program.scm:316 +#: src/scm/webid-oidc/program.scm:320 #, scheme-format msgid "" "\n" @@ -1293,12 +1288,12 @@ msgid "" " run an identity provider." msgstr "" -#: src/scm/webid-oidc/program.scm:319 src/scm/webid-oidc/program.scm:535 -#: src/scm/webid-oidc/program.scm:732 +#: src/scm/webid-oidc/program.scm:323 src/scm/webid-oidc/program.scm:539 +#: src/scm/webid-oidc/program.scm:735 msgid "command-line|command|identity-provider" msgstr "" -#: src/scm/webid-oidc/program.scm:320 +#: src/scm/webid-oidc/program.scm:324 #, scheme-format msgid "" "\n" @@ -1306,12 +1301,12 @@ msgid "" " serve the pages for a public application." msgstr "" -#: src/scm/webid-oidc/program.scm:323 src/scm/webid-oidc/program.scm:556 -#: src/scm/webid-oidc/program.scm:774 +#: src/scm/webid-oidc/program.scm:327 src/scm/webid-oidc/program.scm:560 +#: src/scm/webid-oidc/program.scm:776 msgid "command-line|command|client-service" msgstr "" -#: src/scm/webid-oidc/program.scm:324 +#: src/scm/webid-oidc/program.scm:328 #, scheme-format msgid "" "\n" @@ -1320,24 +1315,24 @@ msgid "" " facility." msgstr "" -#: src/scm/webid-oidc/program.scm:328 src/scm/webid-oidc/program.scm:582 -#: src/scm/webid-oidc/program.scm:803 +#: src/scm/webid-oidc/program.scm:332 src/scm/webid-oidc/program.scm:586 +#: src/scm/webid-oidc/program.scm:805 msgid "command-line|command|server" msgstr "" -#: src/scm/webid-oidc/program.scm:330 +#: src/scm/webid-oidc/program.scm:334 msgid "" "\n" "If no command is specified, run the browser." msgstr "" -#: src/scm/webid-oidc/program.scm:333 +#: src/scm/webid-oidc/program.scm:337 msgid "" "\n" "General options:" msgstr "" -#: src/scm/webid-oidc/program.scm:335 +#: src/scm/webid-oidc/program.scm:339 #, scheme-format msgid "" "\n" @@ -1346,7 +1341,7 @@ msgid "" " code. For instance, this would be an URI pointing to a tarball." msgstr "" -#: src/scm/webid-oidc/program.scm:340 +#: src/scm/webid-oidc/program.scm:344 #, scheme-format msgid "" "\n" @@ -1354,7 +1349,7 @@ msgid "" " display a short help message and exit." msgstr "" -#: src/scm/webid-oidc/program.scm:344 +#: src/scm/webid-oidc/program.scm:348 #, scheme-format msgid "" "\n" @@ -1362,7 +1357,7 @@ msgid "" " display the version information (~a, released ~a) and exit." msgstr "" -#: src/scm/webid-oidc/program.scm:350 +#: src/scm/webid-oidc/program.scm:354 #, scheme-format msgid "" "\n" @@ -1370,7 +1365,7 @@ msgid "" " describe the project in the DOAP vocabulary and exit." msgstr "" -#: src/scm/webid-oidc/program.scm:354 +#: src/scm/webid-oidc/program.scm:358 #, scheme-format msgid "" "\n" @@ -1378,7 +1373,7 @@ msgid "" " redirect the program standard output to FILE.log." msgstr "" -#: src/scm/webid-oidc/program.scm:358 +#: src/scm/webid-oidc/program.scm:362 #, scheme-format msgid "" "\n" @@ -1386,13 +1381,13 @@ msgid "" " redirect the program errors to FILE.err." msgstr "" -#: src/scm/webid-oidc/program.scm:363 +#: src/scm/webid-oidc/program.scm:367 msgid "" "\n" "General server-side options:" msgstr "" -#: src/scm/webid-oidc/program.scm:365 +#: src/scm/webid-oidc/program.scm:369 #, scheme-format msgid "" "\n" @@ -1400,7 +1395,7 @@ msgid "" " set the server port to bind, 8080 by default." msgstr "" -#: src/scm/webid-oidc/program.scm:369 +#: src/scm/webid-oidc/program.scm:373 #, scheme-format msgid "" "\n" @@ -1408,13 +1403,13 @@ msgid "" " set the public server URI (scheme, userinfo, host, and port)." msgstr "" -#: src/scm/webid-oidc/program.scm:374 +#: src/scm/webid-oidc/program.scm:378 msgid "" "\n" "Options for the resource server:" msgstr "" -#: src/scm/webid-oidc/program.scm:376 +#: src/scm/webid-oidc/program.scm:380 #, scheme-format msgid "" "\n" @@ -1424,7 +1419,7 @@ msgid "" " authentication." msgstr "" -#: src/scm/webid-oidc/program.scm:382 +#: src/scm/webid-oidc/program.scm:386 #, scheme-format msgid "" "\n" @@ -1433,13 +1428,13 @@ msgid "" " reverse-proxy command." msgstr "" -#: src/scm/webid-oidc/program.scm:388 +#: src/scm/webid-oidc/program.scm:392 msgid "" "\n" "Options for the identity provider:" msgstr "" -#: src/scm/webid-oidc/program.scm:390 +#: src/scm/webid-oidc/program.scm:394 #, scheme-format msgid "" "\n" @@ -1448,7 +1443,7 @@ msgid "" " key is generated. The server does not offer an HTTPS service." msgstr "" -#: src/scm/webid-oidc/program.scm:395 +#: src/scm/webid-oidc/program.scm:399 #, scheme-format msgid "" "\n" @@ -1456,7 +1451,7 @@ msgid "" " set the identity of the subject." msgstr "" -#: src/scm/webid-oidc/program.scm:399 +#: src/scm/webid-oidc/program.scm:403 #, scheme-format msgid "" "\n" @@ -1464,7 +1459,7 @@ msgid "" " set the encrypted password to recognize the user." msgstr "" -#: src/scm/webid-oidc/program.scm:403 +#: src/scm/webid-oidc/program.scm:407 #, scheme-format msgid "" "\n" @@ -1472,7 +1467,7 @@ msgid "" " load the user’s encrypted password from ENCRYPTED_PASSWORD_FILE." msgstr "" -#: src/scm/webid-oidc/program.scm:407 +#: src/scm/webid-oidc/program.scm:411 #, scheme-format msgid "" "\n" @@ -1480,7 +1475,7 @@ msgid "" " set the URI to query the key of the server." msgstr "" -#: src/scm/webid-oidc/program.scm:411 +#: src/scm/webid-oidc/program.scm:415 #, scheme-format msgid "" "\n" @@ -1488,7 +1483,7 @@ msgid "" " set the authorization endpoint of the issuer." msgstr "" -#: src/scm/webid-oidc/program.scm:415 +#: src/scm/webid-oidc/program.scm:419 #, scheme-format msgid "" "\n" @@ -1496,13 +1491,13 @@ msgid "" " set the token endpoint of the issuer." msgstr "" -#: src/scm/webid-oidc/program.scm:420 +#: src/scm/webid-oidc/program.scm:424 msgid "" "\n" "Options for the client service:" msgstr "" -#: src/scm/webid-oidc/program.scm:422 +#: src/scm/webid-oidc/program.scm:426 #, scheme-format msgid "" "\n" @@ -1511,7 +1506,7 @@ msgid "" " dereferenced to a semantic resource." msgstr "" -#: src/scm/webid-oidc/program.scm:427 +#: src/scm/webid-oidc/program.scm:431 #, scheme-format msgid "" "\n" @@ -1520,7 +1515,7 @@ msgid "" " page is presented with the code to paste in the application." msgstr "" -#: src/scm/webid-oidc/program.scm:432 +#: src/scm/webid-oidc/program.scm:436 #, scheme-format msgid "" "\n" @@ -1528,7 +1523,7 @@ msgid "" " set the user-visible application name (may be misleading...)." msgstr "" -#: src/scm/webid-oidc/program.scm:436 +#: src/scm/webid-oidc/program.scm:440 #, scheme-format msgid "" "\n" @@ -1537,13 +1532,13 @@ msgid "" " application (again, may be misleading)." msgstr "" -#: src/scm/webid-oidc/program.scm:442 +#: src/scm/webid-oidc/program.scm:446 msgid "" "\n" "Environment variables:" msgstr "" -#: src/scm/webid-oidc/program.scm:444 +#: src/scm/webid-oidc/program.scm:448 msgid "" "\n" " XML_CATALOG_FILES: the server will fetch resources on the web. By\n" @@ -1554,23 +1549,23 @@ msgid "" " content-type." msgstr "" -#: src/scm/webid-oidc/program.scm:452 src/scm/webid-oidc/program.scm:459 -#: src/scm/webid-oidc/program.scm:468 src/scm/webid-oidc/program.scm:476 -#: src/scm/webid-oidc/program.scm:484 +#: src/scm/webid-oidc/program.scm:456 src/scm/webid-oidc/program.scm:463 +#: src/scm/webid-oidc/program.scm:472 src/scm/webid-oidc/program.scm:480 +#: src/scm/webid-oidc/program.scm:488 #, scheme-format msgid "" "the-environment-variable|\n" " It is currently set to ~s." msgstr "" -#: src/scm/webid-oidc/program.scm:455 +#: src/scm/webid-oidc/program.scm:459 msgid "" "\n" " LANG: set the locale of the user interface (for the server commands,\n" " the user is the system administrator)." msgstr "" -#: src/scm/webid-oidc/program.scm:462 +#: src/scm/webid-oidc/program.scm:466 msgid "" "\n" " XDG_DATA_HOME: where the program stores persistent data. The\n" @@ -1579,7 +1574,7 @@ msgid "" " recommended to set it to /var/lib." msgstr "" -#: src/scm/webid-oidc/program.scm:471 +#: src/scm/webid-oidc/program.scm:475 msgid "" "\n" " XDG_CACHE_HOME: where the program stores and updates the seed file,\n" @@ -1587,7 +1582,7 @@ msgid "" " time. The seed file will be initialized from /dev/random." msgstr "" -#: src/scm/webid-oidc/program.scm:479 +#: src/scm/webid-oidc/program.scm:483 msgid "" "\n" " HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n" @@ -1595,13 +1590,13 @@ msgid "" " not used otherwise." msgstr "" -#: src/scm/webid-oidc/program.scm:488 +#: src/scm/webid-oidc/program.scm:492 msgid "" "\n" "Running a reverse proxy" msgstr "" -#: src/scm/webid-oidc/program.scm:490 +#: src/scm/webid-oidc/program.scm:494 msgid "" "\n" "Suppose that you operate data.provider.com. You want to run an\n" @@ -1614,7 +1609,7 @@ msgid "" "from this reverse proxy." msgstr "" -#: src/scm/webid-oidc/program.scm:500 +#: src/scm/webid-oidc/program.scm:504 #, scheme-format msgid "" "\n" @@ -1628,20 +1623,20 @@ msgid "" " --~a '/var/log/proxy.err'" msgstr "" -#: src/scm/webid-oidc/program.scm:515 +#: src/scm/webid-oidc/program.scm:519 msgid "" "\n" "Running an identity provider" msgstr "" -#: src/scm/webid-oidc/program.scm:517 +#: src/scm/webid-oidc/program.scm:521 msgid "" "\n" "The identity provider running at webid-oidc-demo.planete-kraus.eu is\n" "invoked with the following options:" msgstr "" -#: src/scm/webid-oidc/program.scm:521 +#: src/scm/webid-oidc/program.scm:525 #, scheme-format msgid "" "\n" @@ -1660,20 +1655,20 @@ msgid "" " --~a $PORT" msgstr "" -#: src/scm/webid-oidc/program.scm:541 +#: src/scm/webid-oidc/program.scm:545 msgid "" "\n" "Running the public pages for an application" msgstr "" -#: src/scm/webid-oidc/program.scm:543 +#: src/scm/webid-oidc/program.scm:547 msgid "" "\n" "The example client application pages for\n" "webid-oidc-demo.planete-kraus.eu are served this way:" msgstr "" -#: src/scm/webid-oidc/program.scm:547 +#: src/scm/webid-oidc/program.scm:551 #, scheme-format msgid "" "\n" @@ -1689,13 +1684,13 @@ msgid "" " --~a $PORT" msgstr "" -#: src/scm/webid-oidc/program.scm:561 +#: src/scm/webid-oidc/program.scm:565 msgid "" "\n" "Running a full server" msgstr "" -#: src/scm/webid-oidc/program.scm:564 +#: src/scm/webid-oidc/program.scm:568 msgid "" "\n" "To run the server with identity provider and\n" @@ -1703,7 +1698,7 @@ msgid "" "options for the parts." msgstr "" -#: src/scm/webid-oidc/program.scm:568 +#: src/scm/webid-oidc/program.scm:572 #, scheme-format msgid "" "\n" @@ -1722,14 +1717,14 @@ msgid "" " --~a '...port...'" msgstr "" -#: src/scm/webid-oidc/program.scm:593 +#: src/scm/webid-oidc/program.scm:597 #, scheme-format msgid "" "\n" "If you find a bug, then please send a report to ~a." msgstr "" -#: src/scm/webid-oidc/program.scm:598 +#: src/scm/webid-oidc/program.scm:602 #, scheme-format msgid "" "~a version ~a\n" @@ -1737,101 +1732,101 @@ msgid "" "Rreleased ~a\n" msgstr "" -#: src/scm/webid-oidc/program.scm:635 +#: src/scm/webid-oidc/program.scm:639 #, scheme-format msgid "The --~a argument must be a number, not ~s.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:641 +#: src/scm/webid-oidc/program.scm:645 #, scheme-format msgid "The --~a argument must be an integer, not ~s.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:647 +#: src/scm/webid-oidc/program.scm:651 #, scheme-format msgid "The --~a argument must be positive, ~s is invalid.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:652 +#: src/scm/webid-oidc/program.scm:656 #, scheme-format msgid "The --~a argument must be less than 65536, ~s is invalid.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:680 +#: src/scm/webid-oidc/program.scm:684 msgid "" "You specified two different passwords: one directly, and one from a file. " "Please set only one password.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:713 src/scm/webid-oidc/program.scm:735 -#: src/scm/webid-oidc/program.scm:805 +#: src/scm/webid-oidc/program.scm:717 src/scm/webid-oidc/program.scm:738 +#: src/scm/webid-oidc/program.scm:807 #, scheme-format msgid "You must pass --~a to set the server name.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:717 +#: src/scm/webid-oidc/program.scm:721 #, scheme-format msgid "You must pass --~a to set the backend URI.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:739 src/scm/webid-oidc/program.scm:809 +#: src/scm/webid-oidc/program.scm:742 src/scm/webid-oidc/program.scm:811 #, scheme-format msgid "" "You must pass --~a to set the file where to store the identity provider " "key.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:743 src/scm/webid-oidc/program.scm:813 +#: src/scm/webid-oidc/program.scm:746 src/scm/webid-oidc/program.scm:815 #, scheme-format msgid "You must pass --~a to set the subject of the identity provider.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:747 +#: src/scm/webid-oidc/program.scm:750 #, scheme-format msgid "You must pass --~a or --~a to set the subject’s encrypted password.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:751 src/scm/webid-oidc/program.scm:821 +#: src/scm/webid-oidc/program.scm:754 src/scm/webid-oidc/program.scm:823 #, scheme-format msgid "You must pass --~a to set the JWKS URI.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:755 src/scm/webid-oidc/program.scm:825 +#: src/scm/webid-oidc/program.scm:758 src/scm/webid-oidc/program.scm:827 #, scheme-format msgid "You must pass --~a to set the authorization endpoint URI.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:759 src/scm/webid-oidc/program.scm:829 +#: src/scm/webid-oidc/program.scm:762 src/scm/webid-oidc/program.scm:831 #, scheme-format msgid "You must pass --~a to set the token endpoint URI.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:777 +#: src/scm/webid-oidc/program.scm:779 #, scheme-format msgid "You must pass --~a to set the application web ID.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:781 +#: src/scm/webid-oidc/program.scm:783 #, scheme-format msgid "You must pass --~a to set the redirection URI.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:785 +#: src/scm/webid-oidc/program.scm:787 #, scheme-format msgid "You must pass --~a to set the informative client name.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:789 +#: src/scm/webid-oidc/program.scm:791 #, scheme-format msgid "You must pass --~a to set the informative client URI.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:817 +#: src/scm/webid-oidc/program.scm:819 #, scheme-format msgid "You must pass --~a to set the subject’s encrypted password.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:872 +#: src/scm/webid-oidc/program.scm:871 #, scheme-format msgid "Unknown command ~s\n" msgstr "" @@ -1845,71 +1840,71 @@ msgstr "" msgid "the refresh token is bound to key ~s, which is not that one" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:61 +#: src/scm/webid-oidc/resource-server.scm:58 msgid "" "You need to pass #:server-uri URI where URI is the public URI of the server, " "as a (web uri)." msgstr "" -#: src/scm/webid-oidc/resource-server.scm:88 +#: src/scm/webid-oidc/resource-server.scm:85 #, scheme-format msgid "~a: authentication failure: ~a\n" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:92 +#: src/scm/webid-oidc/resource-server.scm:89 #, scheme-format msgid "~a: authentication failure\n" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:171 -#: src/scm/webid-oidc/resource-server.scm:362 +#: src/scm/webid-oidc/resource-server.scm:157 +#: src/scm/webid-oidc/resource-server.scm:342 msgid "reason-phrase|Precondition Failed" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:186 +#: src/scm/webid-oidc/resource-server.scm:172 msgid "reason-phrase|Not Modified" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:202 +#: src/scm/webid-oidc/resource-server.scm:187 msgid "The owner is not defined." msgstr "" -#: src/scm/webid-oidc/resource-server.scm:274 +#: src/scm/webid-oidc/resource-server.scm:256 msgid "reason-phrase|Created" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:299 +#: src/scm/webid-oidc/resource-server.scm:279 #, scheme-format msgid "~a: ignoring a group that cannot be fetched: ~a\n" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:303 +#: src/scm/webid-oidc/resource-server.scm:283 #, scheme-format msgid "~a: ignoring a group that cannot be fetched\n" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:327 -#: src/scm/webid-oidc/token-endpoint.scm:105 +#: src/scm/webid-oidc/resource-server.scm:307 +#: src/scm/webid-oidc/token-endpoint.scm:104 msgid "reason-phrase|Forbidden" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:348 +#: src/scm/webid-oidc/resource-server.scm:328 msgid "reason-phrase|Conflict" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:355 +#: src/scm/webid-oidc/resource-server.scm:335 msgid "reason-phrase|Unsupported Media Type" msgstr "" -#: src/scm/webid-oidc/resource-server.scm:369 +#: src/scm/webid-oidc/resource-server.scm:349 msgid "reason-phrase|Not Acceptable" msgstr "" -#: src/scm/webid-oidc/reverse-proxy.scm:60 +#: src/scm/webid-oidc/reverse-proxy.scm:57 msgid "#:endpoint argument is not present or not an URI." msgstr "" -#: src/scm/webid-oidc/serve.scm:76 +#: src/scm/webid-oidc/serve.scm:77 msgid "content negociation failed while serving a request" msgstr "" @@ -1918,16 +1913,16 @@ msgstr "" msgid "only text/turtle is allowed for the target of a POST request, not ~s" msgstr "" -#: src/scm/webid-oidc/server/create.scm:105 +#: src/scm/webid-oidc/server/create.scm:106 msgid "the created resource cannot have containment triples" msgstr "" -#: src/scm/webid-oidc/server/create.scm:147 +#: src/scm/webid-oidc/server/create.scm:146 #, scheme-format msgid "cannot POST to an auxiliary resource path, ~s" msgstr "" -#: src/scm/webid-oidc/server/read.scm:105 +#: src/scm/webid-oidc/server/read.scm:103 #, scheme-format msgid "the auxiliary resource of type ~s at ~s is absent" msgstr "" @@ -1980,46 +1975,46 @@ msgstr "" msgid "an error happened while updating file ~s" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:93 +#: src/scm/webid-oidc/token-endpoint.scm:92 #, scheme-format msgid "while handling web failure for the token endpoint: ~a" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:95 +#: src/scm/webid-oidc/token-endpoint.scm:94 msgid "an error happened during the token endpoint failure handling" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:225 +#: src/scm/webid-oidc/token-endpoint.scm:224 msgid "missing grant type" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:229 +#: src/scm/webid-oidc/token-endpoint.scm:228 msgid "<p>You did not specify a grant_type for this request.</p>" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:243 +#: src/scm/webid-oidc/token-endpoint.scm:242 msgid "missing authorization code" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:247 +#: src/scm/webid-oidc/token-endpoint.scm:246 msgid "" "<p>You want to grant an authorization code, but you did not set one.</p>" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:268 +#: src/scm/webid-oidc/token-endpoint.scm:267 msgid "missing refresh token" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:272 +#: src/scm/webid-oidc/token-endpoint.scm:271 msgid "<p>You want to grant a refresh token, but you did not set one.</p>" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:285 +#: src/scm/webid-oidc/token-endpoint.scm:284 #, scheme-format msgid "unsupported grant type: ~s" msgstr "" -#: src/scm/webid-oidc/token-endpoint.scm:290 +#: src/scm/webid-oidc/token-endpoint.scm:289 #, scheme-format msgid "" "<p>You want to use <pre>~s</pre> as a grant type, but this is not supported." @@ -2,8 +2,8 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc 0.0.0\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-09-21 22:31+0200\n" -"PO-Revision-Date: 2021-09-21 22:33+0200\n" +"POT-Creation-Date: 2021-09-22 14:08+0200\n" +"PO-Revision-Date: 2021-09-22 14:10+0200\n" "Last-Translator: Vivien Kraus <vivien@planete-kraus.eu>\n" "Language-Team: French <vivien@planete-kraus.eu>\n" "Language: fr\n" @@ -126,34 +126,34 @@ msgstr "" "Le module aléatoire n'a pas été initialisé. Veuillez appeler " "webid_oidc_random_init d'abort.\n" -#: src/scm/webid-oidc/access-token.scm:72 +#: src/scm/webid-oidc/access-token.scm:71 #, scheme-format msgid "invalid access token: ~a" msgstr "jeton d’accès invalide : ~a" -#: src/scm/webid-oidc/access-token.scm:74 +#: src/scm/webid-oidc/access-token.scm:73 msgid "invalid access token" msgstr "jeton d’accès invalide" -#: src/scm/webid-oidc/access-token.scm:116 +#: src/scm/webid-oidc/access-token.scm:115 #: src/scm/webid-oidc/authorization-code.scm:93 -#: src/scm/webid-oidc/oidc-id-token.scm:99 +#: src/scm/webid-oidc/oidc-id-token.scm:98 msgid "#:webid should be an URI" msgstr "#:webid doit être une URI" -#: src/scm/webid-oidc/access-token.scm:121 +#: src/scm/webid-oidc/access-token.scm:120 msgid "#:client-id should be an URI" msgstr "#:client-id doit être une URI" -#: src/scm/webid-oidc/access-token.scm:126 +#: src/scm/webid-oidc/access-token.scm:125 msgid "#:cnf/jkt should be a string" msgstr "#:cnf/jkt doit être une chaîne de caractères" -#: src/scm/webid-oidc/access-token.scm:131 +#: src/scm/webid-oidc/access-token.scm:130 msgid "#:aud should be exactly \"solid\"" msgstr "#:aud doit être exactement « solid »" -#: src/scm/webid-oidc/access-token.scm:149 +#: src/scm/webid-oidc/access-token.scm:148 msgid "" "when making an access token either its required fields (#:alg, #:webid, #:" "iss, #:aud, #:client-id, #:cnf/jkt, #:iat and #:exp) or (#:jwt-header and #:" @@ -187,10 +187,10 @@ msgstr "" #: src/scm/webid-oidc/authorization-page-unsafe.scm:52 #: src/scm/webid-oidc/hello-world.scm:40 src/scm/webid-oidc/hello-world.scm:167 #: src/scm/webid-oidc/hello-world.scm:187 -#: src/scm/webid-oidc/identity-provider.scm:140 -#: src/scm/webid-oidc/token-endpoint.scm:113 -#: src/scm/webid-oidc/token-endpoint.scm:139 -#: src/scm/webid-oidc/token-endpoint.scm:166 +#: src/scm/webid-oidc/identity-provider.scm:136 +#: src/scm/webid-oidc/token-endpoint.scm:112 +#: src/scm/webid-oidc/token-endpoint.scm:138 +#: src/scm/webid-oidc/token-endpoint.scm:165 msgid "xml-lang|en" msgstr "fr" @@ -224,8 +224,8 @@ msgid "Allow" msgstr "Autoriser" #: src/scm/webid-oidc/authorization-page-unsafe.scm:95 -#: src/scm/webid-oidc/token-endpoint.scm:131 -#: src/scm/webid-oidc/token-endpoint.scm:158 +#: src/scm/webid-oidc/token-endpoint.scm:130 +#: src/scm/webid-oidc/token-endpoint.scm:157 msgid "reason-phrase|Bad Request" msgstr "Requête Invalide" @@ -251,7 +251,7 @@ msgstr "" "L’application que vous essayez d’autoriser se comporte de façon inattendue." #: src/scm/webid-oidc/authorization-page-unsafe.scm:126 -#: src/scm/webid-oidc/resource-server.scm:310 +#: src/scm/webid-oidc/resource-server.scm:290 msgid "reason-phrase|Found" msgstr "Trouvé" @@ -293,11 +293,11 @@ msgstr "Échec de cache pour ~a : ~s~%" msgid "Cache entry for ~a varies.\n" msgstr "L’entrée de cache pour ~a varie.\n" -#: src/scm/webid-oidc/catalog.scm:167 +#: src/scm/webid-oidc/catalog.scm:166 msgid "invalid relative URI" msgstr "URI relative invalide" -#: src/scm/webid-oidc/catalog.scm:246 +#: src/scm/webid-oidc/catalog.scm:245 #, scheme-format msgid "Unsupported delegate catalog URI scheme: ~s\n" msgstr "Schéma d’URI pour un catalogue délégé non supporté : ~s\n" @@ -363,107 +363,107 @@ msgstr "" msgid "cannot serve the public manifest" msgstr "impossible de servir le manifeste public" -#: src/scm/webid-oidc/client-manifest.scm:242 +#: src/scm/webid-oidc/client-manifest.scm:240 #, scheme-format msgid "cannot fetch the client manifest ~s: ~a" msgstr "impossible de télécharger le manifeste client ~s : ~a" -#: src/scm/webid-oidc/client-manifest.scm:245 +#: src/scm/webid-oidc/client-manifest.scm:243 #, scheme-format msgid "cannot fetch the client manifest ~s" msgstr "impossible de télécharger le manifeste client ~s" -#: src/scm/webid-oidc/client-manifest.scm:264 +#: src/scm/webid-oidc/client-manifest.scm:262 #, scheme-format msgid "the client manifest is dereferenced from ~s, but it pretends to be ~s" msgstr "le manifeste client est déréférencé depuis ~s, mais il prétend être ~s" -#: src/scm/webid-oidc/client/accounts.scm:285 +#: src/scm/webid-oidc/client/accounts.scm:273 msgid "The refresh token has expired." msgstr "le jeton de rafraîchissement a expiré." -#: src/scm/webid-oidc/client/accounts.scm:292 +#: src/scm/webid-oidc/client/accounts.scm:280 #, scheme-format msgid "The token request failed with code ~s (~s)." msgstr "La requête de jeton a échoué avec un code ~s (~s)." -#: src/scm/webid-oidc/client/accounts.scm:301 +#: src/scm/webid-oidc/client/accounts.scm:289 msgid "The token response did not set the content type." msgstr "Le jeton de réponse n’a pas défini de type de contenu." -#: src/scm/webid-oidc/client/accounts.scm:309 +#: src/scm/webid-oidc/client/accounts.scm:297 msgid "The token endpoint did not respond in UTF-8." msgstr "Le terminal de jetonn n’a pas répondu en UTF-8." -#: src/scm/webid-oidc/client/accounts.scm:321 +#: src/scm/webid-oidc/client/accounts.scm:309 #, scheme-format msgid "The token response has content-type ~s, not application/json." msgstr "La réponse de jeton a un type de contenu ~s, pas application/json." -#: src/scm/webid-oidc/client/accounts.scm:331 +#: src/scm/webid-oidc/client/accounts.scm:319 msgid "The token response is not valid JSON." msgstr "La réponse de jeton n’est pas un JSON valide." -#: src/scm/webid-oidc/client/accounts.scm:345 +#: src/scm/webid-oidc/client/accounts.scm:333 #, scheme-format msgid "The token response did not include an ID token: ~s" msgstr "La réponse de jeton n’a pas inclus de jeton d’ID : ~s" -#: src/scm/webid-oidc/client/accounts.scm:353 +#: src/scm/webid-oidc/client/accounts.scm:341 #, scheme-format msgid "The token response did not include an access token: ~s\n" msgstr "La réponse de jeton n’a pas inclus de jeton d’accès : ~s\n" -#: src/scm/webid-oidc/client/accounts.scm:364 +#: src/scm/webid-oidc/client/accounts.scm:352 #, scheme-format msgid "the ID token signature is invalid: ~a" msgstr "la signature du jeton d’ID est invalide : ~a" -#: src/scm/webid-oidc/client/accounts.scm:366 +#: src/scm/webid-oidc/client/accounts.scm:354 msgid "the ID token signature is invalid" msgstr "la signature du jeton d’ID est invalide" -#: src/scm/webid-oidc/client/accounts.scm:383 +#: src/scm/webid-oidc/client/accounts.scm:370 #, scheme-format msgid "the ID token delivered by the identity provider for ~s has ~s as webid" msgstr "" "le jeton d’ID délivré par le fournisseur d’identité pour ~s a ~s pour webid" -#: src/scm/webid-oidc/client/accounts.scm:393 +#: src/scm/webid-oidc/client/accounts.scm:380 #, scheme-format msgid "The ID token delivered by the identity provider ~s is for issuer ~s." msgstr "" "Le jeton d’ID délivré par le fournisseur d’identité ~s est pour l’émetteur " "~s." -#: src/scm/webid-oidc/client/accounts.scm:408 +#: src/scm/webid-oidc/client/accounts.scm:395 msgid "The issuer is required." msgstr "L’émetteur est requis." -#: src/scm/webid-oidc/client/accounts.scm:413 +#: src/scm/webid-oidc/client/accounts.scm:400 msgid "The optional subject and required issuer should be strings or URI." msgstr "" "Le sujet optionnel et émetteur doivent être des chaînes de caractère ou des " "URIs." -#: src/scm/webid-oidc/client/accounts.scm:449 +#: src/scm/webid-oidc/client/accounts.scm:436 msgid "Cannot check the username and/or password." msgstr "Impossible de vérifier le nom d’utilisateur et/ou le mot de passe." -#: src/scm/webid-oidc/client/accounts.scm:459 +#: src/scm/webid-oidc/client/accounts.scm:446 msgid "The subject should be a string or URI." msgstr "Le sujet doit être une chaîne de caractères ou une URI." -#: src/scm/webid-oidc/client/accounts.scm:473 +#: src/scm/webid-oidc/client/accounts.scm:460 msgid "The issuer should be a string or URI." msgstr "L’émetteur doit être une chaîne de caractères ou une URI." -#: src/scm/webid-oidc/client/application.scm:228 +#: src/scm/webid-oidc/client/application.scm:213 #, scheme-format msgid "Add an account on ~a" msgstr "Ajouter un compte sur ~a" -#: src/scm/webid-oidc/client/application.scm:243 +#: src/scm/webid-oidc/client/application.scm:228 #, scheme-format msgid "" "You already have an account for ~a issued by ~a and it is currently selected." @@ -471,12 +471,12 @@ msgstr "" "Vous avez déjà un compte pour ~a émis par ~a et il est actuellement " "sélectionné." -#: src/scm/webid-oidc/client/application.scm:262 +#: src/scm/webid-oidc/client/application.scm:247 #, scheme-format msgid "You already have an account for ~a issued by ~a." msgstr "Vous avez déjà un compte pour ~a émis par ~a." -#: src/scm/webid-oidc/client/client.scm:107 +#: src/scm/webid-oidc/client/client.scm:106 msgid "" "Client ID and redirect URIs should be URIs, and key pair should be a key " "pair.." @@ -484,11 +484,11 @@ msgstr "" "L’ID de client et l’URI de redirection doivent être des URIs, et la paire de " "clés doit être une paire de clés." -#: src/scm/webid-oidc/client/gui.scm:58 +#: src/scm/webid-oidc/client/gui.scm:57 msgid "Hello, world!\n" msgstr "Bonjour, le monde !\n" -#: src/scm/webid-oidc/client/gui.scm:63 +#: src/scm/webid-oidc/client/gui.scm:62 msgid "Hello, world!" msgstr "Bonjour, le monde !" @@ -506,23 +506,23 @@ msgstr "preuve DPoP invalide : ~a" msgid "invalid DPoP proof token" msgstr "jeton de preuve DPoP invalide" -#: src/scm/webid-oidc/dpop-proof.scm:189 +#: src/scm/webid-oidc/dpop-proof.scm:195 msgid "#:typ should be exactly \"dpop+jwt\"" msgstr "#:typ doit être exactement « dpop+jwt »" -#: src/scm/webid-oidc/dpop-proof.scm:194 +#: src/scm/webid-oidc/dpop-proof.scm:200 msgid "#:jwk should be a public key" msgstr "#:jwk doit être une clé publique" -#: src/scm/webid-oidc/dpop-proof.scm:199 +#: src/scm/webid-oidc/dpop-proof.scm:205 msgid "#:htm should be a symbol" msgstr "#:htm doit être un symbole" -#: src/scm/webid-oidc/dpop-proof.scm:205 +#: src/scm/webid-oidc/dpop-proof.scm:211 msgid "when present, #:ath should be a string" msgstr "si présent, #:ath doit être une chaîne de caractères" -#: src/scm/webid-oidc/dpop-proof.scm:226 +#: src/scm/webid-oidc/dpop-proof.scm:232 msgid "" "when making a DPoP proof, either its required fields (#:typ, #:jwk, #:htm " "and #:htu) or (#:jwt-header and #:jwt-payload) should be passed" @@ -530,14 +530,14 @@ msgstr "" "lors de la création d’une preuve DPoP, il faut passer soit les champs requis " "(#:typ, #:jwk, #:htm et #:htu) soit (#:jwt-header et #:jwt-payload)" -#: src/scm/webid-oidc/dpop-proof.scm:259 +#: src/scm/webid-oidc/dpop-proof.scm:265 #, scheme-format msgid "the DPoP proof is signed for access through ~s, but it is used with ~s" msgstr "" "la preuve DPoP est signée pour un accès avec ~s, mais elle est utilisée avec " "~s" -#: src/scm/webid-oidc/dpop-proof.scm:269 +#: src/scm/webid-oidc/dpop-proof.scm:275 #, scheme-format msgid "" "the DPoP proof should go along with an access token hashed to ~s, not ~s" @@ -545,114 +545,114 @@ msgstr "" "la preuve DPoP devrait être accompagnée d’un jeton d’accès de condensat ~s, " "pas ~s" -#: src/scm/webid-oidc/dpop-proof.scm:277 src/scm/webid-oidc/dpop-proof.scm:284 +#: src/scm/webid-oidc/dpop-proof.scm:283 src/scm/webid-oidc/dpop-proof.scm:290 msgid "the DPoP proof is signed with the wrong key" msgstr "la preuve DPoP est signée avec la mauvaise clé" -#: src/scm/webid-oidc/dpop-proof.scm:282 +#: src/scm/webid-oidc/dpop-proof.scm:288 #, scheme-format msgid "the DPoP proof is signed with the wrong key: ~a" msgstr "la preuve DPoP est signée avec la mauvaise clé : ~a" -#: src/scm/webid-oidc/dpop-proof.scm:293 +#: src/scm/webid-oidc/dpop-proof.scm:299 msgid "the cnf/check function returned #f" msgstr "la fonction cnf/check a retourné #f" -#: src/scm/webid-oidc/example-app.scm:96 +#: src/scm/webid-oidc/example-app.scm:95 #, scheme-format msgid "~a (issued by ~a): no interaction required" msgstr "~a (émis par ~a) : aucune interaction nécessaire" -#: src/scm/webid-oidc/example-app.scm:99 +#: src/scm/webid-oidc/example-app.scm:98 #, scheme-format msgid "~a (issued by ~a): offline but accessible" msgstr "~a (émis par ~a) : hors ligne mais accessible" -#: src/scm/webid-oidc/example-app.scm:102 +#: src/scm/webid-oidc/example-app.scm:101 #, scheme-format msgid "~a (issued by ~a): online" msgstr "~a (émis par ~a) : en ligne" -#: src/scm/webid-oidc/example-app.scm:105 +#: src/scm/webid-oidc/example-app.scm:104 #, scheme-format msgid "~a (issued by ~a): inaccessible" msgstr "~a (émis par ~a) : inaccessible" -#: src/scm/webid-oidc/example-app.scm:118 +#: src/scm/webid-oidc/example-app.scm:117 #, scheme-format msgid "Your choice ~a does not exist.\n" msgstr "Votre choix, ~a, n’existe pas.\n" -#: src/scm/webid-oidc/example-app.scm:136 +#: src/scm/webid-oidc/example-app.scm:135 msgid "Your choice is not a valid URI.\n" msgstr "Votre choix doit être une URI valide.\n" -#: src/scm/webid-oidc/example-app.scm:145 +#: src/scm/webid-oidc/example-app.scm:144 msgid "This is not a valid HTTP method.\n" msgstr "ce n’est pas une méthode HTTP valide.\n" -#: src/scm/webid-oidc/example-app.scm:161 +#: src/scm/webid-oidc/example-app.scm:160 msgid "This is not a valid value for this header.\n" msgstr "Ce n’est pas une valeur valide pour cet en-tête.\n" -#: src/scm/webid-oidc/example-app.scm:199 +#: src/scm/webid-oidc/example-app.scm:198 msgid "Nothing to undo.\n" msgstr "Rien à annuler.\n" -#: src/scm/webid-oidc/example-app.scm:211 +#: src/scm/webid-oidc/example-app.scm:210 msgid "Nothing to redo.\n" msgstr "Rien à refaire.\n" -#: src/scm/webid-oidc/example-app.scm:271 +#: src/scm/webid-oidc/example-app.scm:270 msgid "Example app command|add-account" msgstr "ajouter-compte" -#: src/scm/webid-oidc/example-app.scm:273 +#: src/scm/webid-oidc/example-app.scm:272 msgid "Example app command|choose-account" msgstr "choisir-compte" -#: src/scm/webid-oidc/example-app.scm:275 +#: src/scm/webid-oidc/example-app.scm:274 msgid "Example app command|set-uri" msgstr "définir-uri" -#: src/scm/webid-oidc/example-app.scm:277 +#: src/scm/webid-oidc/example-app.scm:276 msgid "Example app command|set-method" msgstr "définir-méthode" -#: src/scm/webid-oidc/example-app.scm:279 +#: src/scm/webid-oidc/example-app.scm:278 msgid "Example app command|view-headers" msgstr "voir-en-têtes" -#: src/scm/webid-oidc/example-app.scm:281 +#: src/scm/webid-oidc/example-app.scm:280 msgid "Example app command|clear-headers" msgstr "effacer-en-têtes" -#: src/scm/webid-oidc/example-app.scm:283 +#: src/scm/webid-oidc/example-app.scm:282 msgid "Example app command|add-header" msgstr "ajouter-en-tête" -#: src/scm/webid-oidc/example-app.scm:285 +#: src/scm/webid-oidc/example-app.scm:284 msgid "Example app command|ok" msgstr "ok" -#: src/scm/webid-oidc/example-app.scm:287 +#: src/scm/webid-oidc/example-app.scm:286 msgid "Example app command|undo" msgstr "annuler" -#: src/scm/webid-oidc/example-app.scm:289 +#: src/scm/webid-oidc/example-app.scm:288 msgid "Example app command|redo" msgstr "refaire" -#: src/scm/webid-oidc/example-app.scm:299 +#: src/scm/webid-oidc/example-app.scm:298 #, scheme-format msgid "To log in on ~a, please visit: ~a\n" msgstr "Pour vous connecte avec ~a, veuillez visiter : ~a\n" -#: src/scm/webid-oidc/example-app.scm:302 +#: src/scm/webid-oidc/example-app.scm:301 msgid "Then, paste the authorization code you get:\n" msgstr "Ensuite, veuillez coller votre code d’autorisation :\n" -#: src/scm/webid-oidc/example-app.scm:320 +#: src/scm/webid-oidc/example-app.scm:307 #, scheme-format msgid "" "Account: ~a\n" @@ -687,50 +687,50 @@ msgstr "" " - ~a : effectuer la requête.\n" "\n" -#: src/scm/webid-oidc/example-app.scm:339 +#: src/scm/webid-oidc/example-app.scm:326 msgid "Account:|unset" msgstr "non défini" -#: src/scm/webid-oidc/example-app.scm:343 +#: src/scm/webid-oidc/example-app.scm:330 msgid "URI:|unset" msgstr "non défini" -#: src/scm/webid-oidc/example-app.scm:347 +#: src/scm/webid-oidc/example-app.scm:334 msgid "Method:|unset" msgstr "non définie" -#: src/scm/webid-oidc/example-app.scm:350 +#: src/scm/webid-oidc/example-app.scm:337 msgid "Headers:|none" msgstr "aucun" -#: src/scm/webid-oidc/example-app.scm:354 +#: src/scm/webid-oidc/example-app.scm:341 msgid "list separator|, " msgstr ", " -#: src/scm/webid-oidc/example-app.scm:364 +#: src/scm/webid-oidc/example-app.scm:351 #, scheme-format msgid "You can undo your last command with \"~a\".\n" msgstr "Vous pouvez annuler votre dernière commande avec « ~a ».\n" -#: src/scm/webid-oidc/example-app.scm:366 +#: src/scm/webid-oidc/example-app.scm:353 #, scheme-format msgid "You can re-apply your last undone command with \"~a\".\n" msgstr "Vous pouvez refaire votre dernière commande annulée avec « ~a ».\n" -#: src/scm/webid-oidc/example-app.scm:367 +#: src/scm/webid-oidc/example-app.scm:354 msgid "Readline prompt|Command: " msgstr "Commande : " -#: src/scm/webid-oidc/example-app.scm:374 +#: src/scm/webid-oidc/example-app.scm:361 #, scheme-format msgid "An error happened: ~a.\n" msgstr "Une erreur est survenue : ~a.\n" -#: src/scm/webid-oidc/example-app.scm:386 +#: src/scm/webid-oidc/example-app.scm:373 msgid "Please enter your identity provider: " msgstr "Veuillez entrer votre fournisseur d’identité : " -#: src/scm/webid-oidc/example-app.scm:392 +#: src/scm/webid-oidc/example-app.scm:379 msgid "" "You don’t have other accounts available. Please add one with \"add-account" "\".\n" @@ -738,38 +738,38 @@ msgstr "" "Vous n’avez pas d’autre compte disponible. Veuillez en ajouter un avec " "« ajouter-compte ».\n" -#: src/scm/webid-oidc/example-app.scm:398 +#: src/scm/webid-oidc/example-app.scm:385 #, scheme-format msgid "- ~a: ~a\n" msgstr "- ~a : ~a\n" -#: src/scm/webid-oidc/example-app.scm:406 +#: src/scm/webid-oidc/example-app.scm:393 #, scheme-format msgid "[1-~a] " msgstr "[1-~a] " -#: src/scm/webid-oidc/example-app.scm:414 +#: src/scm/webid-oidc/example-app.scm:401 msgid "Visit this URI: " msgstr "Naviguer cette URI : " -#: src/scm/webid-oidc/example-app.scm:420 +#: src/scm/webid-oidc/example-app.scm:407 msgid "Use this HTTP method [GET]: " msgstr "Utiliser cette méthode HTTP [GET] : " -#: src/scm/webid-oidc/example-app.scm:436 +#: src/scm/webid-oidc/example-app.scm:423 msgid "Which header? " msgstr "Quel en-tête ? " -#: src/scm/webid-oidc/example-app.scm:439 +#: src/scm/webid-oidc/example-app.scm:426 #, scheme-format msgid "Which header value for ~a? " msgstr "Quelle valeur pour l’en-tête ~a ? " -#: src/scm/webid-oidc/example-app.scm:462 +#: src/scm/webid-oidc/example-app.scm:449 msgid "Please define an account and the URI.\n" msgstr "Veuillez définir un compte et une URI.\n" -#: src/scm/webid-oidc/example-app.scm:469 +#: src/scm/webid-oidc/example-app.scm:456 msgid "I don’t know that command.\n" msgstr "Je ne connais pas cette commande.\n" @@ -811,15 +811,15 @@ msgstr "<h1>Bonjour, ~a !</h1>" msgid "<p>The client is compatible with Solid.</p>" msgstr "<p>Le client est compatible avec Solid.</p>" -#: src/scm/webid-oidc/hello-world.scm:64 src/scm/webid-oidc/program.scm:226 +#: src/scm/webid-oidc/hello-world.scm:64 src/scm/webid-oidc/program.scm:230 msgid "command-line|version" msgstr "version" -#: src/scm/webid-oidc/hello-world.scm:66 src/scm/webid-oidc/program.scm:230 +#: src/scm/webid-oidc/hello-world.scm:66 src/scm/webid-oidc/program.scm:234 msgid "command-line|complete-corresponding-source" msgstr "code-source-correspondant-complet" -#: src/scm/webid-oidc/hello-world.scm:68 src/scm/webid-oidc/program.scm:232 +#: src/scm/webid-oidc/hello-world.scm:68 src/scm/webid-oidc/program.scm:236 msgid "command-line|help" msgstr "aide" @@ -827,11 +827,11 @@ msgstr "aide" msgid "command-line|port" msgstr "port" -#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/program.scm:264 +#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/program.scm:268 msgid "command-line|log-file" msgstr "fichier-journal" -#: src/scm/webid-oidc/hello-world.scm:74 src/scm/webid-oidc/program.scm:266 +#: src/scm/webid-oidc/hello-world.scm:74 src/scm/webid-oidc/program.scm:270 msgid "command-line|error-file" msgstr "fichier-erreur" @@ -894,7 +894,7 @@ msgstr "" msgid "~a version ~a\n" msgstr "~a version ~a\n" -#: src/scm/webid-oidc/hello-world.scm:128 src/scm/webid-oidc/program.scm:628 +#: src/scm/webid-oidc/hello-world.scm:128 src/scm/webid-oidc/program.scm:632 msgid "" "You are legally required to link to the complete corresponding source code.\n" msgstr "" @@ -906,7 +906,7 @@ msgid "The port should be a number between 0 and 65535.\n" msgstr "Le port doit être un nombre entre 0 et 65535.\n" #: src/scm/webid-oidc/hello-world.scm:159 -#: src/scm/webid-oidc/resource-server.scm:331 +#: src/scm/webid-oidc/resource-server.scm:311 msgid "reason-phrase|Unauthorized" msgstr "Non Autorisé" @@ -919,7 +919,7 @@ msgid "<p>This page requires authentication with Solid.</p>" msgstr "<p>Cette page requiert une authentification avec Solid.</p>" #: src/scm/webid-oidc/hello-world.scm:179 -#: src/scm/webid-oidc/resource-server.scm:339 +#: src/scm/webid-oidc/resource-server.scm:319 msgid "reason-phrase|Method Not Allowed" msgstr "Méthode Non Autorisée" @@ -933,11 +933,11 @@ msgstr "" "<p>Vous pouvez uniquement utiliser la méthode <emph>GET</emph> pour cette " "ressource.</p>" -#: src/scm/webid-oidc/identity-provider.scm:77 +#: src/scm/webid-oidc/identity-provider.scm:74 msgid "Warning: generating a new key pair." msgstr "Attention : génération d'une nouvelle paire de clé." -#: src/scm/webid-oidc/identity-provider.scm:133 +#: src/scm/webid-oidc/identity-provider.scm:129 msgid "reason-phrase|Not Found" msgstr "Non Trouvé" @@ -1094,71 +1094,71 @@ msgstr "en vérifiant la signature du JWS : ~a" msgid "an unexpected error happened while verifying a JWS" msgstr "une erreur inattendue est survenue pendant la vérification d’un JWS" -#: src/scm/webid-oidc/jws.scm:482 +#: src/scm/webid-oidc/jws.scm:479 #, scheme-format msgid "I cannot query the identity provider configuration: ~a" msgstr "" "je ne peux pas requêter la configuration du fournisseur d’identité : ~a" -#: src/scm/webid-oidc/jws.scm:484 +#: src/scm/webid-oidc/jws.scm:481 msgid "I cannot query the identity provider configuration" msgstr "je ne peux pas requêter la configuration du fournisseur d’identité" -#: src/scm/webid-oidc/jws.scm:501 +#: src/scm/webid-oidc/jws.scm:497 #, scheme-format msgid "I cannot query the JWKS URI of the identity provider: ~a" msgstr "je ne peux pas requêter l’URI de JWKS du fournisseur d’identité : ~a" -#: src/scm/webid-oidc/jws.scm:503 +#: src/scm/webid-oidc/jws.scm:499 msgid "I cannot query the JWKS URI of the identity provider" msgstr "impossible de requêter l’URI de JWKS du fournisseur d’identité" -#: src/scm/webid-oidc/jws.scm:528 +#: src/scm/webid-oidc/jws.scm:522 #, scheme-format msgid "the token is signed in the future, ~a, relative to current ~a" msgstr "" "le jeton est signé dans le futur, ~a, par rapport à la date courante, ~a" -#: src/scm/webid-oidc/jws.scm:537 +#: src/scm/webid-oidc/jws.scm:531 #, scheme-format msgid "the token expired ~a, which is in the past (from ~a)" msgstr "le jeton a expiré le ~a, qui est dans le passé (depuis ~a)" -#: src/scm/webid-oidc/jws.scm:560 +#: src/scm/webid-oidc/jws.scm:554 #, scheme-format msgid "cannot decode a JWS: ~a" msgstr "impossible de décoder un JWS : ~a" -#: src/scm/webid-oidc/jws.scm:562 +#: src/scm/webid-oidc/jws.scm:556 msgid "cannot decode a JWS" msgstr "impossible de décoder un JWS" -#: src/scm/webid-oidc/jws.scm:580 +#: src/scm/webid-oidc/jws.scm:574 #, scheme-format msgid "cannot encode a JWS: ~a" msgstr "impossible d’encoder un JWS : ~a" -#: src/scm/webid-oidc/jws.scm:582 +#: src/scm/webid-oidc/jws.scm:576 msgid "cannot encode a JWS" msgstr "impossible d’encoder un JWS" -#: src/scm/webid-oidc/jws.scm:629 +#: src/scm/webid-oidc/jws.scm:623 msgid "cannot parse a token" msgstr "impossible d’analyser le jeton" -#: src/scm/webid-oidc/oidc-configuration.scm:120 +#: src/scm/webid-oidc/oidc-configuration.scm:118 msgid "#:jwks-uri should be an URI" msgstr "#:jwks-uri doit être une URI" -#: src/scm/webid-oidc/oidc-configuration.scm:125 +#: src/scm/webid-oidc/oidc-configuration.scm:123 msgid "#:token-endpoint should be an URI" msgstr "#:token-endpoint doit être une URI" -#: src/scm/webid-oidc/oidc-configuration.scm:130 +#: src/scm/webid-oidc/oidc-configuration.scm:128 msgid "#:authorization-endpoint should be an URI" msgstr "#:authorization-endpoint doit être une URI" -#: src/scm/webid-oidc/oidc-configuration.scm:135 +#: src/scm/webid-oidc/oidc-configuration.scm:133 msgid "" "#:solid-oidc-supported should be exactly 'https://solidproject.org/TR/solid-" "oidc'" @@ -1166,61 +1166,61 @@ msgstr "" "#:solid-oidc-supported doit être exactement « https://solidproject.org/TR/" "solid-oidc »" -#: src/scm/webid-oidc/oidc-configuration.scm:144 +#: src/scm/webid-oidc/oidc-configuration.scm:142 msgid "#:server should be an URI" msgstr "#:server doit être une URI" -#: src/scm/webid-oidc/oidc-configuration.scm:161 +#: src/scm/webid-oidc/oidc-configuration.scm:159 #, scheme-format msgid "cannot fetch the OIDC configuration: ~a" msgstr "impossible de télécharger la configuration OIDC : ~a" -#: src/scm/webid-oidc/oidc-configuration.scm:163 +#: src/scm/webid-oidc/oidc-configuration.scm:161 msgid "cannot fetch the OIDC configuration" msgstr "impossible de télécharger la configuration OIDC" -#: src/scm/webid-oidc/oidc-configuration.scm:167 +#: src/scm/webid-oidc/oidc-configuration.scm:165 #, scheme-format msgid "the server responded with ~s ~s" msgstr "le serveur a répondu ~s ~s" -#: src/scm/webid-oidc/oidc-configuration.scm:172 +#: src/scm/webid-oidc/oidc-configuration.scm:170 msgid "there is no content-type" msgstr "il n’y a pas de type de contenu" -#: src/scm/webid-oidc/oidc-configuration.scm:177 +#: src/scm/webid-oidc/oidc-configuration.scm:175 #, scheme-format msgid "unexpected content-type: ~s" msgstr "type de contenu inattendu : ~s" -#: src/scm/webid-oidc/oidc-configuration.scm:187 +#: src/scm/webid-oidc/oidc-configuration.scm:185 msgid "" "when making an OIDC configuration, either its required #:jwks-uri, #:" -"authorization-endpoint and #:token-endpoint fields or #:server (and " -"optionally #:http-request) or #:json-data should be passed" +"authorization-endpoint and #:token-endpoint fields or #:server or #:json-" +"data should be passed" msgstr "" "pour construire une configuration OIDC, il faut soit définir les paramètres " "requis #:jwks-uri, #:authorization-endpoint et #:token-endpoint, soit #:" -"server (et potentiellement #:http-request), soit #:json-data" +"server, soit #:json-data" -#: src/scm/webid-oidc/oidc-id-token.scm:71 +#: src/scm/webid-oidc/oidc-id-token.scm:70 #, scheme-format msgid "invalid OIDC ID token: ~a" msgstr "jeton d’identité OIDC invalide : ~a" -#: src/scm/webid-oidc/oidc-id-token.scm:73 +#: src/scm/webid-oidc/oidc-id-token.scm:72 msgid "invalid OIDC id token" msgstr "jeton d’identité OIDC invalide" -#: src/scm/webid-oidc/oidc-id-token.scm:104 +#: src/scm/webid-oidc/oidc-id-token.scm:103 msgid "#:sub should be a string" msgstr "#:sub doit être une chaîne de caractères" -#: src/scm/webid-oidc/oidc-id-token.scm:109 +#: src/scm/webid-oidc/oidc-id-token.scm:108 msgid "#:aud should be a string" msgstr "#:aud doit être une chaîne de caractères" -#: src/scm/webid-oidc/oidc-id-token.scm:125 +#: src/scm/webid-oidc/oidc-id-token.scm:124 msgid "" "when making an ID token either its required fields (#:alg, #:webid, #:iss, #:" "sub, #:aud, #:iat and #:exp) or (#:jwt-header and #:jwt-payload) should be " @@ -1230,133 +1230,128 @@ msgstr "" "requis (#:alg, #:webid, #:iss, #:sub, #:aud, #:iat et #:exp) soit (#:jwt-" "header et #:jwt-payload)" -#: src/scm/webid-oidc/program.scm:57 +#: src/scm/webid-oidc/program.scm:64 #, scheme-format msgid "~a: Warning: XML_CATALOG_FILES is set to ~s.\n" msgstr "~a : Attention : XML_CATALOG_FILES vaut ~s.\n" -#: src/scm/webid-oidc/program.scm:60 -#, scheme-format -msgid "~a: GET ~a ~s...\n" -msgstr "~a : GET ~a ~s…\n" - #: src/scm/webid-oidc/program.scm:67 #, scheme-format -msgid "~a: Warning: loading XML catalog from the web, ~s.\n" -msgstr "~a : Attention : chargement d’un catalogue XML depuis le web, ~s.\n" +msgid "~a: ~s ~a ~s...\n" +msgstr "~a : ~s ~a ~s…\n" -#: src/scm/webid-oidc/program.scm:75 +#: src/scm/webid-oidc/program.scm:73 #, scheme-format -msgid "~a: GET ~a ~s: ~s ~a bytes\n" -msgstr "~a : GET ~a ~s : ~s ~a octets\n" +msgid "~a: ~s ~a ~s: ~s ~a bytes\n" +msgstr "~a : ~s ~a ~s : ~s ~a octets\n" -#: src/scm/webid-oidc/program.scm:122 +#: src/scm/webid-oidc/program.scm:126 msgid "really bad internal server error" msgstr "erreur interne du serveur vraiment grave" -#: src/scm/webid-oidc/program.scm:129 +#: src/scm/webid-oidc/program.scm:133 #, scheme-format msgid "~a: ~a: Internal server error: ~a\n" msgstr "~a : ~a : Erreur interne du serveur : ~a\n" -#: src/scm/webid-oidc/program.scm:135 +#: src/scm/webid-oidc/program.scm:139 msgid "Internal Server Error" msgstr "Erreur Interne du Serveur" -#: src/scm/webid-oidc/program.scm:138 +#: src/scm/webid-oidc/program.scm:142 msgid "Sorry, there was an error." msgstr "Toutes nos excuses, il y a eu une erreurr." -#: src/scm/webid-oidc/program.scm:159 +#: src/scm/webid-oidc/program.scm:163 #, scheme-format msgid "~a: ~s ~a ~s ~a\n" msgstr "~a : ~s ~a ~s ~a\n" -#: src/scm/webid-oidc/program.scm:161 +#: src/scm/webid-oidc/program.scm:165 #, scheme-format msgid "~a: ~a (~a)" msgstr "~a : ~a (~a)" -#: src/scm/webid-oidc/program.scm:165 +#: src/scm/webid-oidc/program.scm:169 #, scheme-format msgid "~a: ~a" msgstr "~a : ~a" -#: src/scm/webid-oidc/program.scm:175 +#: src/scm/webid-oidc/program.scm:179 #, scheme-format msgid "(there was an error: ~a)" msgstr "(il y a eu une erreur : ~a)" -#: src/scm/webid-oidc/program.scm:228 +#: src/scm/webid-oidc/program.scm:232 msgid "command-line|describe-project" msgstr "décrire-projet" -#: src/scm/webid-oidc/program.scm:234 +#: src/scm/webid-oidc/program.scm:238 msgid "command-line|server|port" msgstr "port" -#: src/scm/webid-oidc/program.scm:236 +#: src/scm/webid-oidc/program.scm:240 msgid "command-line|server|server-name" msgstr "nom-du-serveur" -#: src/scm/webid-oidc/program.scm:238 +#: src/scm/webid-oidc/program.scm:242 msgid "command-line|server|reverse-proxy|backend-uri" msgstr "uri-arrière-plan" -#: src/scm/webid-oidc/program.scm:240 +#: src/scm/webid-oidc/program.scm:244 msgid "command-line|server|reverse-proxy|header" msgstr "en-tête" -#: src/scm/webid-oidc/program.scm:242 +#: src/scm/webid-oidc/program.scm:246 msgid "command-line|server|issuer|key-file" msgstr "fichier-clé" -#: src/scm/webid-oidc/program.scm:244 +#: src/scm/webid-oidc/program.scm:248 msgid "command-line|server|issuer|subject" msgstr "sujet" -#: src/scm/webid-oidc/program.scm:246 +#: src/scm/webid-oidc/program.scm:250 msgid "command-line|server|issuer|encrypted-password" msgstr "mot-de-passe-chiffré" -#: src/scm/webid-oidc/program.scm:248 +#: src/scm/webid-oidc/program.scm:252 msgid "command-line|server|issuer|encrypted-password-from-file" msgstr "fichier-de-mot-de-passe-chiffré" -#: src/scm/webid-oidc/program.scm:250 +#: src/scm/webid-oidc/program.scm:254 msgid "command-line|server|issuer|jwks-uri" msgstr "uri-jwks" -#: src/scm/webid-oidc/program.scm:252 +#: src/scm/webid-oidc/program.scm:256 msgid "command-line|server|issuer|authorization-endpoint-uri" msgstr "uri-terminal-autorisation" -#: src/scm/webid-oidc/program.scm:254 +#: src/scm/webid-oidc/program.scm:258 msgid "command-line|server|issuer|token-endpoint-uri" msgstr "uri-terminal-jeton" -#: src/scm/webid-oidc/program.scm:256 +#: src/scm/webid-oidc/program.scm:260 msgid "command-line|server|client-id" msgstr "id-client" -#: src/scm/webid-oidc/program.scm:258 +#: src/scm/webid-oidc/program.scm:262 msgid "command-line|server|redirect-uri" msgstr "uri-redirection" -#: src/scm/webid-oidc/program.scm:260 +#: src/scm/webid-oidc/program.scm:264 msgid "command-line|server|client-name" msgstr "nom-client" -#: src/scm/webid-oidc/program.scm:262 +#: src/scm/webid-oidc/program.scm:266 msgid "command-line|server|client-uri" msgstr "uri-client" -#: src/scm/webid-oidc/program.scm:296 +#: src/scm/webid-oidc/program.scm:300 #, scheme-format msgid "Usage: ~a COMMAND [OPTIONS]...\n" msgstr "Utilisation : ~a COMMANDE [OPTIONS]...\n" -#: src/scm/webid-oidc/program.scm:300 +#: src/scm/webid-oidc/program.scm:304 msgid "" "\n" "Run the disfluid COMMAND." @@ -1364,7 +1359,7 @@ msgstr "" "\n" "Exécute la COMMANDE disfluid." -#: src/scm/webid-oidc/program.scm:303 +#: src/scm/webid-oidc/program.scm:307 msgid "" "\n" "This program is covered by the GNU Affero GPL, version 3 or\n" @@ -1380,7 +1375,7 @@ msgstr "" "code source complet correspondant (avec vos modifications) sans\n" "frais. Le serveur ajoute un en-tête « Source: » à toutes les réponses." -#: src/scm/webid-oidc/program.scm:310 +#: src/scm/webid-oidc/program.scm:314 msgid "" "\n" "Available commands:" @@ -1388,7 +1383,7 @@ msgstr "" "\n" "Commandes disponibles :" -#: src/scm/webid-oidc/program.scm:312 +#: src/scm/webid-oidc/program.scm:316 #, scheme-format msgid "" "\n" @@ -1399,12 +1394,12 @@ msgstr "" " ~a :\n" " exécute le proxy inverse authentifiant." -#: src/scm/webid-oidc/program.scm:315 src/scm/webid-oidc/program.scm:510 -#: src/scm/webid-oidc/program.scm:710 +#: src/scm/webid-oidc/program.scm:319 src/scm/webid-oidc/program.scm:514 +#: src/scm/webid-oidc/program.scm:714 msgid "command-line|command|reverse-proxy" msgstr "proxy-inversé" -#: src/scm/webid-oidc/program.scm:316 +#: src/scm/webid-oidc/program.scm:320 #, scheme-format msgid "" "\n" @@ -1415,12 +1410,12 @@ msgstr "" " ~a :\n" " exécute un fournisseur d’identité." -#: src/scm/webid-oidc/program.scm:319 src/scm/webid-oidc/program.scm:535 -#: src/scm/webid-oidc/program.scm:732 +#: src/scm/webid-oidc/program.scm:323 src/scm/webid-oidc/program.scm:539 +#: src/scm/webid-oidc/program.scm:735 msgid "command-line|command|identity-provider" msgstr "fournisseur-identité" -#: src/scm/webid-oidc/program.scm:320 +#: src/scm/webid-oidc/program.scm:324 #, scheme-format msgid "" "\n" @@ -1431,12 +1426,12 @@ msgstr "" " ~a :\n" " sert les pages d’une application publique." -#: src/scm/webid-oidc/program.scm:323 src/scm/webid-oidc/program.scm:556 -#: src/scm/webid-oidc/program.scm:774 +#: src/scm/webid-oidc/program.scm:327 src/scm/webid-oidc/program.scm:560 +#: src/scm/webid-oidc/program.scm:776 msgid "command-line|command|client-service" msgstr "service-client" -#: src/scm/webid-oidc/program.scm:324 +#: src/scm/webid-oidc/program.scm:328 #, scheme-format msgid "" "\n" @@ -1449,12 +1444,12 @@ msgstr "" " exécute un serveur complet, avec un fournisseur d’identité et\n" " une fonction de stockage de ressources." -#: src/scm/webid-oidc/program.scm:328 src/scm/webid-oidc/program.scm:582 -#: src/scm/webid-oidc/program.scm:803 +#: src/scm/webid-oidc/program.scm:332 src/scm/webid-oidc/program.scm:586 +#: src/scm/webid-oidc/program.scm:805 msgid "command-line|command|server" msgstr "serveur" -#: src/scm/webid-oidc/program.scm:330 +#: src/scm/webid-oidc/program.scm:334 msgid "" "\n" "If no command is specified, run the browser." @@ -1462,7 +1457,7 @@ msgstr "" "\n" "Si aucune commande n’est spécifiée, exécute le navigateur." -#: src/scm/webid-oidc/program.scm:333 +#: src/scm/webid-oidc/program.scm:337 msgid "" "\n" "General options:" @@ -1470,7 +1465,7 @@ msgstr "" "\n" "Options générales :" -#: src/scm/webid-oidc/program.scm:335 +#: src/scm/webid-oidc/program.scm:339 #, scheme-format msgid "" "\n" @@ -1484,7 +1479,7 @@ msgstr "" " correspondant. Par exemple, MOYEN serait une URI pointant vers\n" " l’archive de code." -#: src/scm/webid-oidc/program.scm:340 +#: src/scm/webid-oidc/program.scm:344 #, scheme-format msgid "" "\n" @@ -1495,7 +1490,7 @@ msgstr "" " -h, --~a :\n" " affiche un court message d’aide et quitte." -#: src/scm/webid-oidc/program.scm:344 +#: src/scm/webid-oidc/program.scm:348 #, scheme-format msgid "" "\n" @@ -1506,7 +1501,7 @@ msgstr "" " -v, --~a :\n" " affiche le numéro de version (~a, publiée le ~a) et quitte." -#: src/scm/webid-oidc/program.scm:350 +#: src/scm/webid-oidc/program.scm:354 #, scheme-format msgid "" "\n" @@ -1517,7 +1512,7 @@ msgstr "" " --~a :\n" " décrit le projet dans le vocabulaire DOAP et quitte." -#: src/scm/webid-oidc/program.scm:354 +#: src/scm/webid-oidc/program.scm:358 #, scheme-format msgid "" "\n" @@ -1528,7 +1523,7 @@ msgstr "" " -l FICHIER.journal, --~a=FICHIER.journal :\n" " redirige la sortie standard du programme vers FICHIER.journal." -#: src/scm/webid-oidc/program.scm:358 +#: src/scm/webid-oidc/program.scm:362 #, scheme-format msgid "" "\n" @@ -1539,7 +1534,7 @@ msgstr "" " -e FICHIER.erreurs, --~a=FICHIER.erreurs :\n" " redirige les erreurs du programme vers FICHIER.erreurs." -#: src/scm/webid-oidc/program.scm:363 +#: src/scm/webid-oidc/program.scm:367 msgid "" "\n" "General server-side options:" @@ -1547,7 +1542,7 @@ msgstr "" "\n" "Options générales pour un serveur :" -#: src/scm/webid-oidc/program.scm:365 +#: src/scm/webid-oidc/program.scm:369 #, scheme-format msgid "" "\n" @@ -1558,7 +1553,7 @@ msgstr "" " -p PORT, --~a=PORT :\n" " définit le port à lier, 8080 par défaut." -#: src/scm/webid-oidc/program.scm:369 +#: src/scm/webid-oidc/program.scm:373 #, scheme-format msgid "" "\n" @@ -1570,7 +1565,7 @@ msgstr "" " définit l’URI publique du serveur (schéma, identifiant de\n" " l’utilisateur, hôte et port)." -#: src/scm/webid-oidc/program.scm:374 +#: src/scm/webid-oidc/program.scm:378 msgid "" "\n" "Options for the resource server:" @@ -1578,7 +1573,7 @@ msgstr "" "\n" "Options pour le serveur de ressources :" -#: src/scm/webid-oidc/program.scm:376 +#: src/scm/webid-oidc/program.scm:380 #, scheme-format msgid "" "\n" @@ -1593,7 +1588,7 @@ msgstr "" " authentifié, XXX-Agent par défaut. Pour un serveur complet, ceci\n" " désactive l’authentification par Solid-OIDC." -#: src/scm/webid-oidc/program.scm:382 +#: src/scm/webid-oidc/program.scm:386 #, scheme-format msgid "" "\n" @@ -1606,7 +1601,7 @@ msgstr "" " définit l’URI sortante du proxy inversé, seulement pour la\n" " commande proxy-inversé." -#: src/scm/webid-oidc/program.scm:388 +#: src/scm/webid-oidc/program.scm:392 msgid "" "\n" "Options for the identity provider:" @@ -1614,7 +1609,7 @@ msgstr "" "\n" "Options du fournisseur d’identité :" -#: src/scm/webid-oidc/program.scm:390 +#: src/scm/webid-oidc/program.scm:394 #, scheme-format msgid "" "\n" @@ -1628,7 +1623,7 @@ msgstr "" " nouvelle clé sera générée. Le serveur n’offre pas de service\n" " HTTPS." -#: src/scm/webid-oidc/program.scm:395 +#: src/scm/webid-oidc/program.scm:399 #, scheme-format msgid "" "\n" @@ -1639,7 +1634,7 @@ msgstr "" " -s WEBID, --~a=WEBID :\n" " définit l'identité du sujet." -#: src/scm/webid-oidc/program.scm:399 +#: src/scm/webid-oidc/program.scm:403 #, scheme-format msgid "" "\n" @@ -1650,7 +1645,7 @@ msgstr "" " -w MOT_DE_PASSE_CHIFFRÉ, --~a=MOT_DE_PASSE_CHIFFRÉ :\n" " définit le mot de passe chiffré pour reconnaître l’utilisateur." -#: src/scm/webid-oidc/program.scm:403 +#: src/scm/webid-oidc/program.scm:407 #, scheme-format msgid "" "\n" @@ -1663,7 +1658,7 @@ msgstr "" " lit le mot de passe chiffré de l’utilisateur dans " "FICHIER_DE_MOT_DE_PASSE_CHIFFRÉ." -#: src/scm/webid-oidc/program.scm:407 +#: src/scm/webid-oidc/program.scm:411 #, scheme-format msgid "" "\n" @@ -1674,7 +1669,7 @@ msgstr "" " -j URI, --~a=URI :\n" " définit l’URI pour requêter les clés du serveur." -#: src/scm/webid-oidc/program.scm:411 +#: src/scm/webid-oidc/program.scm:415 #, scheme-format msgid "" "\n" @@ -1686,7 +1681,7 @@ msgstr "" " définit l'URI du terminal d'autorisation de l’émetteur\n" " d’identité." -#: src/scm/webid-oidc/program.scm:415 +#: src/scm/webid-oidc/program.scm:419 #, scheme-format msgid "" "\n" @@ -1697,7 +1692,7 @@ msgstr "" " -t URI, --~a=URI :\n" " définit le terminal de jeton de l’émetteur d’identité." -#: src/scm/webid-oidc/program.scm:420 +#: src/scm/webid-oidc/program.scm:424 msgid "" "\n" "Options for the client service:" @@ -1705,7 +1700,7 @@ msgstr "" "\n" "Options pour le service associé à un client :" -#: src/scm/webid-oidc/program.scm:422 +#: src/scm/webid-oidc/program.scm:426 #, scheme-format msgid "" "\n" @@ -1718,7 +1713,7 @@ msgstr "" " définit l’identifiant web de l’application client, qui est\n" " déréférencé pour une ressource sémantique." -#: src/scm/webid-oidc/program.scm:427 +#: src/scm/webid-oidc/program.scm:431 #, scheme-format msgid "" "\n" @@ -1732,7 +1727,7 @@ msgstr "" " d’autorisation. La page de redirection affiche le code à coller\n" " dans l’application." -#: src/scm/webid-oidc/program.scm:432 +#: src/scm/webid-oidc/program.scm:436 #, scheme-format msgid "" "\n" @@ -1744,7 +1739,7 @@ msgstr "" " définit le nom de l’application visible par l’utilisateur (peut\n" " être trompeur…)." -#: src/scm/webid-oidc/program.scm:436 +#: src/scm/webid-oidc/program.scm:440 #, scheme-format msgid "" "\n" @@ -1757,7 +1752,7 @@ msgstr "" " définit l’URI présentant plus d’informations à propos de\n" " l’application (peut aussi être trompeur)." -#: src/scm/webid-oidc/program.scm:442 +#: src/scm/webid-oidc/program.scm:446 msgid "" "\n" "Environment variables:" @@ -1765,7 +1760,7 @@ msgstr "" "\n" "Variables d’environnement :" -#: src/scm/webid-oidc/program.scm:444 +#: src/scm/webid-oidc/program.scm:448 msgid "" "\n" " XML_CATALOG_FILES: the server will fetch resources on the web. By\n" @@ -1784,9 +1779,9 @@ msgstr "" " fichiers depuis le système de fichiers, parce qu’il n’y a pas de\n" " moyen de spécifier le type de contenu." -#: src/scm/webid-oidc/program.scm:452 src/scm/webid-oidc/program.scm:459 -#: src/scm/webid-oidc/program.scm:468 src/scm/webid-oidc/program.scm:476 -#: src/scm/webid-oidc/program.scm:484 +#: src/scm/webid-oidc/program.scm:456 src/scm/webid-oidc/program.scm:463 +#: src/scm/webid-oidc/program.scm:472 src/scm/webid-oidc/program.scm:480 +#: src/scm/webid-oidc/program.scm:488 #, scheme-format msgid "" "the-environment-variable|\n" @@ -1795,7 +1790,7 @@ msgstr "" " \n" " Elle vaut actuellement ~s." -#: src/scm/webid-oidc/program.scm:455 +#: src/scm/webid-oidc/program.scm:459 msgid "" "\n" " LANG: set the locale of the user interface (for the server commands,\n" @@ -1805,7 +1800,7 @@ msgstr "" " LANG : définit la locale de l’interface utilisateur (pour les\n" " commandes serveur, l’utilisateur est l’administrateur système)." -#: src/scm/webid-oidc/program.scm:462 +#: src/scm/webid-oidc/program.scm:466 msgid "" "\n" " XDG_DATA_HOME: where the program stores persistent data. The\n" @@ -1820,7 +1815,7 @@ msgstr "" " ici. Pour un service système, il est recommandé d’utiliser\n" " /var/lib." -#: src/scm/webid-oidc/program.scm:471 +#: src/scm/webid-oidc/program.scm:475 msgid "" "\n" " XDG_CACHE_HOME: where the program stores and updates the seed file,\n" @@ -1833,7 +1828,7 @@ msgstr "" " supprimer ce dossier n’importe quand. Le fichier de graine sera\n" " initialisé à partir de /dev/random." -#: src/scm/webid-oidc/program.scm:479 +#: src/scm/webid-oidc/program.scm:483 msgid "" "\n" " HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n" @@ -1845,7 +1840,7 @@ msgstr "" " valeur est calculée à partir de la variable d’environnement\n" " HOME. Elle n’est pas utilisée autrement." -#: src/scm/webid-oidc/program.scm:488 +#: src/scm/webid-oidc/program.scm:492 msgid "" "\n" "Running a reverse proxy" @@ -1853,7 +1848,7 @@ msgstr "" "\n" "Exécution d’un proxy inversé" -#: src/scm/webid-oidc/program.scm:490 +#: src/scm/webid-oidc/program.scm:494 msgid "" "\n" "Suppose that you operate data.provider.com. You want to run an\n" @@ -1875,7 +1870,7 @@ msgstr "" "authentifié. https://private.data.provider.com ne doit accepter que\n" "les requêtes depuis ce proxy inversé." -#: src/scm/webid-oidc/program.scm:500 +#: src/scm/webid-oidc/program.scm:504 #, scheme-format msgid "" "\n" @@ -1899,7 +1894,7 @@ msgstr "" " --~a '/var/log/proxy.log' \\\n" " --~a '/var/log/proxy.err'" -#: src/scm/webid-oidc/program.scm:515 +#: src/scm/webid-oidc/program.scm:519 msgid "" "\n" "Running an identity provider" @@ -1907,7 +1902,7 @@ msgstr "" "\n" "Exécution d’un fournisseur d’identité" -#: src/scm/webid-oidc/program.scm:517 +#: src/scm/webid-oidc/program.scm:521 msgid "" "\n" "The identity provider running at webid-oidc-demo.planete-kraus.eu is\n" @@ -1918,7 +1913,7 @@ msgstr "" "webid-oidc-demo.planete-kraus.eu est invoqué avec les options\n" "suivantes :" -#: src/scm/webid-oidc/program.scm:521 +#: src/scm/webid-oidc/program.scm:525 #, scheme-format msgid "" "\n" @@ -1952,7 +1947,7 @@ msgstr "" " --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n" " --~a $PORT" -#: src/scm/webid-oidc/program.scm:541 +#: src/scm/webid-oidc/program.scm:545 msgid "" "\n" "Running the public pages for an application" @@ -1960,7 +1955,7 @@ msgstr "" "\n" "Service des pages publiques pour une application" -#: src/scm/webid-oidc/program.scm:543 +#: src/scm/webid-oidc/program.scm:547 msgid "" "\n" "The example client application pages for\n" @@ -1970,7 +1965,7 @@ msgstr "" "Les pages de l’application client d’exemple pour\n" "webid-oidc-demo.planete-kraus.eu sont servies de cette façon :" -#: src/scm/webid-oidc/program.scm:547 +#: src/scm/webid-oidc/program.scm:551 #, scheme-format msgid "" "\n" @@ -1998,7 +1993,7 @@ msgstr "" "html#Running-a-client' \\\n" " --~a $PORT" -#: src/scm/webid-oidc/program.scm:561 +#: src/scm/webid-oidc/program.scm:565 msgid "" "\n" "Running a full server" @@ -2006,7 +2001,7 @@ msgstr "" "\n" "Exécution d’un serveur complet" -#: src/scm/webid-oidc/program.scm:564 +#: src/scm/webid-oidc/program.scm:568 msgid "" "\n" "To run the server with identity provider and\n" @@ -2018,7 +2013,7 @@ msgstr "" "un serveur de ressources pour un utilisateur particulier, vous devez\n" "combiner les options des parties." -#: src/scm/webid-oidc/program.scm:568 +#: src/scm/webid-oidc/program.scm:572 #, scheme-format msgid "" "\n" @@ -2052,7 +2047,7 @@ msgstr "" " --~a 'https://data.planete-kraus.eu/token' \\\n" " --~a '...port...'" -#: src/scm/webid-oidc/program.scm:593 +#: src/scm/webid-oidc/program.scm:597 #, scheme-format msgid "" "\n" @@ -2061,7 +2056,7 @@ msgstr "" "\n" "Si vous trouvez une erreur, veuillez en envoyer un rapport à ~a." -#: src/scm/webid-oidc/program.scm:598 +#: src/scm/webid-oidc/program.scm:602 #, scheme-format msgid "" "~a version ~a\n" @@ -2072,27 +2067,27 @@ msgstr "" "\n" "Publiée le ~a\n" -#: src/scm/webid-oidc/program.scm:635 +#: src/scm/webid-oidc/program.scm:639 #, scheme-format msgid "The --~a argument must be a number, not ~s.\n" msgstr "L’argument de --~a doit être un nombre, pas ~s.\n" -#: src/scm/webid-oidc/program.scm:641 +#: src/scm/webid-oidc/program.scm:645 #, scheme-format msgid "The --~a argument must be an integer, not ~s.\n" msgstr "L’argument de --~a doit être un entier, pas ~s.\n" -#: src/scm/webid-oidc/program.scm:647 +#: src/scm/webid-oidc/program.scm:651 #, scheme-format msgid "The --~a argument must be positive, ~s is invalid.\n" msgstr "L’argument de --~a doit être positif, ~s est invalide.\n" -#: src/scm/webid-oidc/program.scm:652 +#: src/scm/webid-oidc/program.scm:656 #, scheme-format msgid "The --~a argument must be less than 65536, ~s is invalid.\n" msgstr "L’argument de --~a doit être inférieur à 65536, ~s est invalide.\n" -#: src/scm/webid-oidc/program.scm:680 +#: src/scm/webid-oidc/program.scm:684 msgid "" "You specified two different passwords: one directly, and one from a file. " "Please set only one password.\n" @@ -2100,18 +2095,18 @@ msgstr "" "Vous avez spécifié deux mots de passe différents : l’un directement,\n" "et un autre depuis un fichier. Veuillez n’en spécifier qu’un.\n" -#: src/scm/webid-oidc/program.scm:713 src/scm/webid-oidc/program.scm:735 -#: src/scm/webid-oidc/program.scm:805 +#: src/scm/webid-oidc/program.scm:717 src/scm/webid-oidc/program.scm:738 +#: src/scm/webid-oidc/program.scm:807 #, scheme-format msgid "You must pass --~a to set the server name.\n" msgstr "Vous devez passer --~a pour définir le nom du serveur.\n" -#: src/scm/webid-oidc/program.scm:717 +#: src/scm/webid-oidc/program.scm:721 #, scheme-format msgid "You must pass --~a to set the backend URI.\n" msgstr "Vous devez passer --~a pour définir l'URI du service d’arrière-plan.\n" -#: src/scm/webid-oidc/program.scm:739 src/scm/webid-oidc/program.scm:809 +#: src/scm/webid-oidc/program.scm:742 src/scm/webid-oidc/program.scm:811 #, scheme-format msgid "" "You must pass --~a to set the file where to store the identity provider " @@ -2120,66 +2115,66 @@ msgstr "" "Vous devez passer --~a pour définir le nom du fichier pour sauvegarder\n" "la clé du fournisseur d’identité.\n" -#: src/scm/webid-oidc/program.scm:743 src/scm/webid-oidc/program.scm:813 +#: src/scm/webid-oidc/program.scm:746 src/scm/webid-oidc/program.scm:815 #, scheme-format msgid "You must pass --~a to set the subject of the identity provider.\n" msgstr "" "Vous devez passer --~a pour définir le sujet du fournisseur d’identité.\n" -#: src/scm/webid-oidc/program.scm:747 +#: src/scm/webid-oidc/program.scm:750 #, scheme-format msgid "You must pass --~a or --~a to set the subject’s encrypted password.\n" msgstr "" "Vous devez passer --~a ou --~a pour définir le mot de passe chiffré du " "sujet.\n" -#: src/scm/webid-oidc/program.scm:751 src/scm/webid-oidc/program.scm:821 +#: src/scm/webid-oidc/program.scm:754 src/scm/webid-oidc/program.scm:823 #, scheme-format msgid "You must pass --~a to set the JWKS URI.\n" msgstr "Vous devez passer --~a pour définir l'URI du JWKS.\n" -#: src/scm/webid-oidc/program.scm:755 src/scm/webid-oidc/program.scm:825 +#: src/scm/webid-oidc/program.scm:758 src/scm/webid-oidc/program.scm:827 #, scheme-format msgid "You must pass --~a to set the authorization endpoint URI.\n" msgstr "" "Vous devez passer --~a pour définir l'URI du terminal d'autorisation.\n" -#: src/scm/webid-oidc/program.scm:759 src/scm/webid-oidc/program.scm:829 +#: src/scm/webid-oidc/program.scm:762 src/scm/webid-oidc/program.scm:831 #, scheme-format msgid "You must pass --~a to set the token endpoint URI.\n" msgstr "Vous devez passer --~a pour définir l'URI du terminal de jeton.\n" -#: src/scm/webid-oidc/program.scm:777 +#: src/scm/webid-oidc/program.scm:779 #, scheme-format msgid "You must pass --~a to set the application web ID.\n" msgstr "" "Vous devez passer --~a pour définir l'identifiant web de l’application.\n" -#: src/scm/webid-oidc/program.scm:781 +#: src/scm/webid-oidc/program.scm:783 #, scheme-format msgid "You must pass --~a to set the redirection URI.\n" msgstr "Vous devez passer --~a pour définir l'URI de redirection.\n" -#: src/scm/webid-oidc/program.scm:785 +#: src/scm/webid-oidc/program.scm:787 #, scheme-format msgid "You must pass --~a to set the informative client name.\n" msgstr "" "Vous devez passer --~a pour donner un nom pour l’application à titre " "informatif.\n" -#: src/scm/webid-oidc/program.scm:789 +#: src/scm/webid-oidc/program.scm:791 #, scheme-format msgid "You must pass --~a to set the informative client URI.\n" msgstr "" "Vous devez passer --~a pour définir l'URI du client, à titre informatif.\n" -#: src/scm/webid-oidc/program.scm:817 +#: src/scm/webid-oidc/program.scm:819 #, scheme-format msgid "You must pass --~a to set the subject’s encrypted password.\n" msgstr "" "Vous devez passer --~a pour définir le mot de passe chiffré du sujet.\n" -#: src/scm/webid-oidc/program.scm:872 +#: src/scm/webid-oidc/program.scm:871 #, scheme-format msgid "Unknown command ~s\n" msgstr "Commande inconnue ~s\n" @@ -2194,7 +2189,7 @@ msgid "the refresh token is bound to key ~s, which is not that one" msgstr "" "le jeton de rafraîchissement est lié à la clé ~s, ce n’est pas celle utilisée" -#: src/scm/webid-oidc/resource-server.scm:61 +#: src/scm/webid-oidc/resource-server.scm:58 msgid "" "You need to pass #:server-uri URI where URI is the public URI of the server, " "as a (web uri)." @@ -2202,65 +2197,65 @@ msgstr "" "Vous devez passer #:server-uri URI où URI est l’URI publique du serveur, " "comme dans (web uri)." -#: src/scm/webid-oidc/resource-server.scm:88 +#: src/scm/webid-oidc/resource-server.scm:85 #, scheme-format msgid "~a: authentication failure: ~a\n" msgstr "~a : échec d’authentificationn : ~a\n" -#: src/scm/webid-oidc/resource-server.scm:92 +#: src/scm/webid-oidc/resource-server.scm:89 #, scheme-format msgid "~a: authentication failure\n" msgstr "~a : échec d’authentification\n" -#: src/scm/webid-oidc/resource-server.scm:171 -#: src/scm/webid-oidc/resource-server.scm:362 +#: src/scm/webid-oidc/resource-server.scm:157 +#: src/scm/webid-oidc/resource-server.scm:342 msgid "reason-phrase|Precondition Failed" msgstr "Échec de Précondition" -#: src/scm/webid-oidc/resource-server.scm:186 +#: src/scm/webid-oidc/resource-server.scm:172 msgid "reason-phrase|Not Modified" msgstr "Non Modifié" -#: src/scm/webid-oidc/resource-server.scm:202 +#: src/scm/webid-oidc/resource-server.scm:187 msgid "The owner is not defined." msgstr "Le propriétaire n’est pas défini." -#: src/scm/webid-oidc/resource-server.scm:274 +#: src/scm/webid-oidc/resource-server.scm:256 msgid "reason-phrase|Created" msgstr "Créé" -#: src/scm/webid-oidc/resource-server.scm:299 +#: src/scm/webid-oidc/resource-server.scm:279 #, scheme-format msgid "~a: ignoring a group that cannot be fetched: ~a\n" msgstr "~a : j’ignore un groupe qui n’a pas pu être téléchargé : ~a\n" -#: src/scm/webid-oidc/resource-server.scm:303 +#: src/scm/webid-oidc/resource-server.scm:283 #, scheme-format msgid "~a: ignoring a group that cannot be fetched\n" msgstr "~a : j’ignore un groupe qui ne peut pas être téléchargé\n" -#: src/scm/webid-oidc/resource-server.scm:327 -#: src/scm/webid-oidc/token-endpoint.scm:105 +#: src/scm/webid-oidc/resource-server.scm:307 +#: src/scm/webid-oidc/token-endpoint.scm:104 msgid "reason-phrase|Forbidden" msgstr "Interdit" -#: src/scm/webid-oidc/resource-server.scm:348 +#: src/scm/webid-oidc/resource-server.scm:328 msgid "reason-phrase|Conflict" msgstr "Conflit" -#: src/scm/webid-oidc/resource-server.scm:355 +#: src/scm/webid-oidc/resource-server.scm:335 msgid "reason-phrase|Unsupported Media Type" msgstr "Type de Média Non Supporté" -#: src/scm/webid-oidc/resource-server.scm:369 +#: src/scm/webid-oidc/resource-server.scm:349 msgid "reason-phrase|Not Acceptable" msgstr "Inacceptable" -#: src/scm/webid-oidc/reverse-proxy.scm:60 +#: src/scm/webid-oidc/reverse-proxy.scm:57 msgid "#:endpoint argument is not present or not an URI." msgstr "l’argument de #:endpoint n’est pas présent, ou pas une URI." -#: src/scm/webid-oidc/serve.scm:76 +#: src/scm/webid-oidc/serve.scm:77 msgid "content negociation failed while serving a request" msgstr "la négociation de contenu a échoué pour le service d’une requête" @@ -2269,16 +2264,16 @@ msgstr "la négociation de contenu a échoué pour le service d’une requête" msgid "only text/turtle is allowed for the target of a POST request, not ~s" msgstr "seul text/turtle est autorisé comme cible d’une requête POST, pas ~s" -#: src/scm/webid-oidc/server/create.scm:105 +#: src/scm/webid-oidc/server/create.scm:106 msgid "the created resource cannot have containment triples" msgstr "la ressource créée ne peut pas avoir de triplets de contention" -#: src/scm/webid-oidc/server/create.scm:147 +#: src/scm/webid-oidc/server/create.scm:146 #, scheme-format msgid "cannot POST to an auxiliary resource path, ~s" msgstr "impossible de POSTer vers un chemin de ressource auxiliaire, ~s" -#: src/scm/webid-oidc/server/read.scm:105 +#: src/scm/webid-oidc/server/read.scm:103 #, scheme-format msgid "the auxiliary resource of type ~s at ~s is absent" msgstr "la ressource auxiliaire de type ~s à ~s est absente" @@ -2331,51 +2326,51 @@ msgstr "pendant la mise à jour du fichier ~s : ~a" msgid "an error happened while updating file ~s" msgstr "une erreur est survenue pendant la mise à jour du fichier ~s" -#: src/scm/webid-oidc/token-endpoint.scm:93 +#: src/scm/webid-oidc/token-endpoint.scm:92 #, scheme-format msgid "while handling web failure for the token endpoint: ~a" msgstr "lors de la gestion d’un échec web pour le terminal de jeton : ~a" -#: src/scm/webid-oidc/token-endpoint.scm:95 +#: src/scm/webid-oidc/token-endpoint.scm:94 msgid "an error happened during the token endpoint failure handling" msgstr "" "une erreur est survenue pendant la gestion d’un échec du terminal de jeton" -#: src/scm/webid-oidc/token-endpoint.scm:225 +#: src/scm/webid-oidc/token-endpoint.scm:224 msgid "missing grant type" msgstr "type d’offre manquant" -#: src/scm/webid-oidc/token-endpoint.scm:229 +#: src/scm/webid-oidc/token-endpoint.scm:228 msgid "<p>You did not specify a grant_type for this request.</p>" msgstr "<p>Vous n’avez pas spécifié de grant_type pour cette requête.</p>" -#: src/scm/webid-oidc/token-endpoint.scm:243 +#: src/scm/webid-oidc/token-endpoint.scm:242 msgid "missing authorization code" msgstr "code d’autorisation manquant" -#: src/scm/webid-oidc/token-endpoint.scm:247 +#: src/scm/webid-oidc/token-endpoint.scm:246 msgid "" "<p>You want to grant an authorization code, but you did not set one.</p>" msgstr "" "<p>Vous voulez offrir un code d’autorisation, mais vous n’en avez pas défini." "</p>" -#: src/scm/webid-oidc/token-endpoint.scm:268 +#: src/scm/webid-oidc/token-endpoint.scm:267 msgid "missing refresh token" msgstr "jeton de rafraîchissement manquant" -#: src/scm/webid-oidc/token-endpoint.scm:272 +#: src/scm/webid-oidc/token-endpoint.scm:271 msgid "<p>You want to grant a refresh token, but you did not set one.</p>" msgstr "" "<p>Vous voulez offrir un jeton de rafraîchissement, mais vous n’en avez pas " "défini.</p>" -#: src/scm/webid-oidc/token-endpoint.scm:285 +#: src/scm/webid-oidc/token-endpoint.scm:284 #, scheme-format msgid "unsupported grant type: ~s" msgstr "type d’offre non supporté : ~s" -#: src/scm/webid-oidc/token-endpoint.scm:290 +#: src/scm/webid-oidc/token-endpoint.scm:289 #, scheme-format msgid "" "<p>You want to use <pre>~s</pre> as a grant type, but this is not supported." @@ -2385,6 +2380,10 @@ msgstr "" "supporté.</p>" #, scheme-format +#~ msgid "~a: Warning: loading XML catalog from the web, ~s.\n" +#~ msgstr "~a : Attention : chargement d’un catalogue XML depuis le web, ~s.\n" + +#, scheme-format #~ msgid "the OIDC configuration is invalid: ~a" #~ msgstr "la configuration OIDC est invalide : ~a" diff --git a/src/scm/webid-oidc/access-token.scm b/src/scm/webid-oidc/access-token.scm index 0960069..d40e0da 100644 --- a/src/scm/webid-oidc/access-token.scm +++ b/src/scm/webid-oidc/access-token.scm @@ -22,7 +22,6 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (ice-9 optargs) #:use-module (ice-9 match) #:use-module (srfi srfi-19) diff --git a/src/scm/webid-oidc/authorization-endpoint.scm b/src/scm/webid-oidc/authorization-endpoint.scm index 4f171a2..e859d47 100644 --- a/src/scm/webid-oidc/authorization-endpoint.scm +++ b/src/scm/webid-oidc/authorization-endpoint.scm @@ -22,7 +22,6 @@ #:use-module (webid-oidc client-manifest) #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (web request) #:use-module (web response) #:use-module (rnrs bytevectors) @@ -43,9 +42,7 @@ (let ((c (crypt password encrypted-password))) (string=? c encrypted-password))) -(define* (make-authorization-endpoint subject encrypted-password jwk validity - #:key - (http-get http-get)) +(define (make-authorization-endpoint subject encrypted-password jwk) (define (parse-arg x decode-plus-to-space?) (map (lambda (x) (uri-decode x @@ -110,8 +107,7 @@ jwk #:webid subject #:client-id client-id)) - (mf (get-client-manifest client-id - #:http-get http-get))) + (mf (get-client-manifest client-id))) (client-manifest-check-redirect-uri mf redirect-uri) (let ((query (if state @@ -135,4 +131,3 @@ (verify-password encrypted-password password))) client-id uri))))))) - diff --git a/src/scm/webid-oidc/cache.scm b/src/scm/webid-oidc/cache.scm index c9d7b26..4bd3e09 100644 --- a/src/scm/webid-oidc/cache.scm +++ b/src/scm/webid-oidc/cache.scm @@ -18,13 +18,13 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (webid-oidc web-i18n) - #:use-module (web client) #:use-module (web request) #:use-module (web response) #:use-module (web uri) #:use-module (ice-9 ftw) #:use-module (ice-9 receive) #:use-module (ice-9 optargs) + #:use-module (ice-9 match) #:use-module (srfi srfi-19) #:use-module (rnrs bytevectors) #:declarative? #t @@ -36,7 +36,7 @@ varies? valid? revalidate - with-cache + use-cache )) ;; The cache follows the recommendations of @@ -216,8 +216,7 @@ (define* (revalidate uri response body #:key - (headers '()) - (http-get http-get)) + (headers '())) (define (keep-header? h) (case (car h) ((if-none-match if-unmodified-since) #f) @@ -225,10 +224,10 @@ (let ((etag (response-etag response))) (if etag (receive (new-response new-response-body) - (http-get uri - #:headers - (acons 'if-none-match (list etag) - (filter keep-header? headers))) + ((p:anonymous-http-request) uri + #:headers + `((if-none-match . (,etag)) + ,@(filter keep-header? headers))) (if (eqv? (response-code new-response) 304) (values (build-response @@ -245,30 +244,49 @@ (response-headers response)))) body) (values new-response new-response-body))) - (http-get uri #:headers headers)))) + ((p:anonymous-http-request) uri #:headers headers)))) -(define* (with-cache #:key (http-get http-get)) +(define (with-cache http-get) (lambda* (uri #:key (headers '())) - (when (string? uri) - (set! uri (string->uri uri))) - (let ((request (build-request uri #:headers headers))) - (receive (stored-request stored-response body) (read uri) - (if stored-response - (let ((valid (valid? stored-response)) - (invariant (not (varies? request stored-request stored-response)))) - (unless invariant - (format (current-error-port) - (G_ "Cache entry for ~a varies.\n") - (uri->string uri))) - (if (and valid invariant) - (values stored-response body) - (receive (final-response final-body) - (revalidate uri stored-response body - #:headers headers - #:http-get http-get) - (add request final-response final-body) - (values final-response final-body)))) - (receive (final-response final-body) - (http-get uri #:headers headers) - (add request final-response final-body) - (values final-response final-body))))))) + (parameterize ((p:anonymous-http-request http-get)) + (when (string? uri) + (set! uri (string->uri uri))) + (let ((request (build-request uri #:headers headers))) + (receive (stored-request stored-response body) (read uri) + (if stored-response + (let ((valid (valid? stored-response)) + (invariant (not (varies? request stored-request stored-response)))) + (unless invariant + (format (current-error-port) + (G_ "Cache entry for ~a varies.\n") + (uri->string uri))) + (if (and valid invariant) + (values stored-response body) + (receive (final-response final-body) + (revalidate uri stored-response body + #:headers headers) + (add request final-response final-body) + (values final-response final-body)))) + (receive (final-response final-body) + (http-get uri #:headers headers) + (add request final-response final-body) + (values final-response final-body)))))))) + +(define (use-cache f) + (let ((http-request (p:anonymous-http-request))) + (let ((http-get-with-cache (with-cache http-request))) + (parameterize + ((p:anonymous-http-request + (lambda* (uri . all-args) + (let try-using-cache ((args all-args) + (headers #f)) + (match args + (() + (http-get-with-cache uri #:headers (or headers '()))) + ((#:method 'GET args ...) + (try-using-cache args headers)) + ((#:headers new-headers args ...) + (try-using-cache args (or headers new-headers))) + (else + (apply http-request uri all-args))))))) + (f))))) diff --git a/src/scm/webid-oidc/catalog.scm b/src/scm/webid-oidc/catalog.scm index dd24ffb..c85510a 100644 --- a/src/scm/webid-oidc/catalog.scm +++ b/src/scm/webid-oidc/catalog.scm @@ -16,10 +16,9 @@ (define-module (webid-oidc catalog) #:use-module (webid-oidc errors) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (ice-9 match) - #:use-module (web client) #:use-module (rnrs bytevectors) #:use-module (sxml simple) #:use-module (sxml match) @@ -27,7 +26,7 @@ #:use-module (ice-9 receive) #:use-module (webid-oidc web-i18n) #:declarative? #t - #:export (resolve-uri)) + #:export (resolve-uri use-catalog)) (define useful-namespaces '((ct . "urn:oasis:names:tc:entity:xmlns:xml:catalog") @@ -231,10 +230,10 @@ match-length next-catalogs-rev))))) -(define* (get-catalog uri #:key (http-get http-get)) +(define (get-catalog uri) (case (uri-scheme uri) ((http https) - (receive (response response-body) (http-get uri) + (receive (response response-body) ((p:anonymous-http-request) uri) (when (bytevector? response-body) (set! response-body (utf8->string response-body))) (xml->sxml response-body #:namespaces useful-namespaces))) @@ -246,7 +245,7 @@ (error (format #f (G_ "Unsupported delegate catalog URI scheme: ~s\n") (uri-scheme uri)))))) -(define* (resolve-uri uri #:key (http-get http-get)) +(define (resolve-uri uri) (when (string? uri) (set! uri (string->uri uri))) (let do-examine ((uris @@ -259,10 +258,17 @@ (match uris (() uri) ((catalog-uri uris ...) - (let ((catalog (get-catalog catalog-uri - #:http-get http-get))) + (let ((catalog (get-catalog catalog-uri))) (receive (candidate match-length next-uris) (resolve-uri-in-catalog uri catalog-uri catalog uris) (if (null? next-uris) candidate (do-examine next-uris)))))))) + +(define (use-catalog f) + (let ((http-request (p:anonymous-http-request))) + (parameterize ((p:anonymous-http-request + (lambda* (uri . all-args) + (parameterize ((p:anonymous-http-request http-request)) + (apply http-request (resolve-uri uri) all-args))))) + (f)))) diff --git a/src/scm/webid-oidc/client-manifest.scm b/src/scm/webid-oidc/client-manifest.scm index 847fc54..7ea4931 100644 --- a/src/scm/webid-oidc/client-manifest.scm +++ b/src/scm/webid-oidc/client-manifest.scm @@ -19,8 +19,8 @@ #:use-module (webid-oidc fetch) #:use-module (webid-oidc web-i18n) #:use-module ((webid-oidc stubs) #:prefix stubs:) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (web response) #:use-module (rnrs bytevectors) #:use-module (srfi srfi-19) @@ -230,9 +230,7 @@ approved.</p>")) (expires . ,expiration-date))) json-object))) -(define* (get-client-manifest id - #:key - (http-get http-get)) +(define* (get-client-manifest id) (unless (uri? id) (set! id (string->uri id))) (with-exception-handler @@ -255,7 +253,7 @@ approved.</p>")) "http://www.w3.org/ns/solid/terms#PublicOidcClient")) public-oidc-client (receive (response response-body) - (http-get id) + ((p:anonymous-http-request) id) (when (bytevector? response-body) (set! response-body (utf8->string response-body))) (let ((mf (the-client-manifest (stubs:json-string->scm response-body)))) diff --git a/src/scm/webid-oidc/client.scm b/src/scm/webid-oidc/client.scm index 2c16fb1..7eb8fe3 100644 --- a/src/scm/webid-oidc/client.scm +++ b/src/scm/webid-oidc/client.scm @@ -27,7 +27,6 @@ #:use-module ((webid-oidc client accounts) #:prefix account:) #:use-module ((webid-oidc client client) #:prefix client:) #:use-module (web uri) - #:use-module (web client) #:use-module (web request) #:use-module (web response) #:use-module (web server) @@ -54,7 +53,6 @@ (client:client . client) (account:authorization-process . authorization-process) (account:authorization-state . authorization-state) - (account:anonymous-http-request . anonymous-http-request) (client:->sexp . ->sexp) ) @@ -106,25 +104,9 @@ ((value port) (original-writer value port)))))) -(define default-http-get-with-cache - (cache:with-cache)) - -(define* (default-http-request uri . all-args) - (let try-get-with-cache ((args all-args)) - (match args - ((#:headers _) - (apply default-http-get-with-cache all-args)) - ((#:headers _ other-args ...) - (try-get-with-cache other-args)) - (else - (apply http-request all-args))))) - -(define* (initial-login client issuer - #:key - (http-request default-http-request)) +(define* (initial-login client issuer) (setup-headers!) - (parameterize ((account:anonymous-http-request default-http-request) - (client:client client)) + (parameterize ((client:client client)) (make <account:account> #:issuer issuer))) @@ -147,7 +129,7 @@ (authorization . (dpop . ,access-token)) ,@headers))) (receive (response body) - (apply (account:anonymous-http-request) uri + (apply (p:anonymous-http-request) uri #:headers all-headers non-header-args) (let ((code (response-code response))) diff --git a/src/scm/webid-oidc/client/accounts.scm b/src/scm/webid-oidc/client/accounts.scm index 7e14000..31d105d 100644 --- a/src/scm/webid-oidc/client/accounts.scm +++ b/src/scm/webid-oidc/client/accounts.scm @@ -37,14 +37,9 @@ #:use-module ((webid-oidc client client) #:prefix client:) #:use-module (web uri) #:use-module (web response) - #:use-module (web client) #:use-module (rnrs bytevectors) #:use-module (oop goops) #:declarative? #t - #:re-export - ( - (p:anonymous-http-request . anonymous-http-request) - ) #:export ( <account> @@ -132,13 +127,6 @@ (define authorization-state (make-parameter #f)) -(define (http-request->http-get http-request) - (lambda* (uri . all-args) - (apply http-request uri #:method 'GET all-args))) - -(define (http-get-implementation) - (http-request->http-get (p:anonymous-http-request))) - (define-class <account> () (subject #:init-keyword #:subject #:getter subject) (issuer #:init-keyword #:issuer #:getter issuer) @@ -371,8 +359,7 @@ decoding-error)))) (lambda () (set! id-token - (decode <id:id-token> id-token - #:http-request (p:anonymous-http-request))))) + (decode <id:id-token> id-token)))) ;; We are not interested in the ID token ;; signature anymore, because it won’t be ;; transmitted to other parties and we know that diff --git a/src/scm/webid-oidc/client/application.scm b/src/scm/webid-oidc/client/application.scm index 5839195..d448976 100644 --- a/src/scm/webid-oidc/client/application.scm +++ b/src/scm/webid-oidc/client/application.scm @@ -39,7 +39,6 @@ #:use-module (webid-oidc web-i18n) #:use-module (web uri) #:use-module (web response) - #:use-module (web client) #:use-module (rnrs bytevectors) #:use-module (oop goops) #:declarative? #t @@ -155,21 +154,6 @@ ((hd tl ...) (apply-finished-jobs (hd state) tl))))))) -(define http-request-with-cache - (let ((default-http-get-with-cache (cache:with-cache))) - (lambda* (uri . all-args) - (let try-get-with-cache ((args all-args) - (args-for-get '())) - (match args - (() - (apply default-http-get-with-cache uri (reverse args-for-get))) - ((#:headers arg other-args ...) - (try-get-with-cache other-args `(,arg #:headers ,@args-for-get))) - ((#:method 'GET other-args ...) - (try-get-with-cache other-args args-for-get)) - (else - (apply http-request uri all-args))))))) - (define-method (add-job (state <application-state>) (description <string>) f) (let ((job (make <job> #:description description))) (call-with-new-thread @@ -197,25 +181,26 @@ (slot-set! ret 'authorization-prompts `((,uri . ,continue) ,@(authorization-prompts previous-state))) - ret)))))) - (account:anonymous-http-request http-request-with-cache)) - (with-exception-handler - (lambda (exn) - (let ((msg (if (exception-with-message? exn) - (exception-message exn) - (format #f "~s" exn)))) - (abort-to-prompt - tag - (lambda (_) - ;; We won’t continue, but we will show the error message - (lambda (previous-state) - (let ((ret (shallow-clone previous-state))) - (slot-set! ret 'error-messages - `(,msg ,@(error-messages previous-state))) - ret)))))) - (lambda () - (let ((updater (f))) - (atomic-box-set! (result-box job) updater)))))) + ret))))))) + (cache:use-cache + (lambda () + (with-exception-handler + (lambda (exn) + (let ((msg (if (exception-with-message? exn) + (exception-message exn) + (format #f "~s" exn)))) + (abort-to-prompt + tag + (lambda (_) + ;; We won’t continue, but we will show the error message + (lambda (previous-state) + (let ((ret (shallow-clone previous-state))) + (slot-set! ret 'error-messages + `(,msg ,@(error-messages previous-state))) + ret)))))) + (lambda () + (let ((updater (f))) + (atomic-box-set! (result-box job) updater)))))))) (lambda (continuation get-updater) (atomic-box-set! (result-box job) (get-updater continuation))))))) (let ((ret (shallow-clone state))) diff --git a/src/scm/webid-oidc/client/client.scm b/src/scm/webid-oidc/client/client.scm index 01f8da1..3d02630 100644 --- a/src/scm/webid-oidc/client/client.scm +++ b/src/scm/webid-oidc/client/client.scm @@ -26,7 +26,6 @@ #:use-module ((webid-oidc config) #:prefix cfg:) #:use-module ((webid-oidc client accounts) #:prefix client:) #:use-module (web uri) - #:use-module (web client) #:use-module (web request) #:use-module (web response) #:use-module (web server) diff --git a/src/scm/webid-oidc/client/gui.scm b/src/scm/webid-oidc/client/gui.scm index c0d0767..97e9d0e 100644 --- a/src/scm/webid-oidc/client/gui.scm +++ b/src/scm/webid-oidc/client/gui.scm @@ -36,7 +36,6 @@ #:use-module ((webid-oidc client client) #:prefix client:) #:use-module (web uri) #:use-module (web response) - #:use-module (web client) #:use-module (rnrs bytevectors) #:use-module (oop goops) #:declarative? #t diff --git a/src/scm/webid-oidc/dpop-proof.scm b/src/scm/webid-oidc/dpop-proof.scm index 318ebb8..c492436 100644 --- a/src/scm/webid-oidc/dpop-proof.scm +++ b/src/scm/webid-oidc/dpop-proof.scm @@ -136,7 +136,7 @@ (ath #:init-keyword #:ath #:accessor ath)) (define-method (default-validity (proof <dpop-proof>)) - 30) + (p:dpop-proof-validity)) (define-method (has-explicit-exp? (proof <dpop-proof>)) #f) @@ -158,6 +158,12 @@ error))) (lambda () (next-method) + ;; Override the validity + (slot-set! token 'exp + (let ((iat (time-second (date->time-utc (iat token))))) + (time-utc->date + (make-time time-utc 0 + (+ iat (p:dpop-proof-validity)))))) (let-keywords initargs #t ((typ "dpop+jwt") diff --git a/src/scm/webid-oidc/errors.scm b/src/scm/webid-oidc/errors.scm index 4e24659..aabb6ea 100644 --- a/src/scm/webid-oidc/errors.scm +++ b/src/scm/webid-oidc/errors.scm @@ -22,7 +22,6 @@ #:use-module (srfi srfi-19) #:use-module (web uri) #:use-module (web response) - #:use-module (web client) #:declarative? #t #:export ( diff --git a/src/scm/webid-oidc/example-app.scm b/src/scm/webid-oidc/example-app.scm index 67d959f..fb12431 100644 --- a/src/scm/webid-oidc/example-app.scm +++ b/src/scm/webid-oidc/example-app.scm @@ -23,7 +23,6 @@ #:use-module ((webid-oidc refresh-token) #:prefix refresh:) #:use-module ((webid-oidc config) #:prefix cfg:) #:use-module (web uri) - #:use-module (web client) #:use-module (web request) #:use-module (web response) #:use-module (web server) @@ -301,23 +300,11 @@ (uri->string uri)) (format (current-error-port) (G_ "Then, paste the authorization code you get:\n")) (read-line (current-input-port) 'trim))) - (client:authorization-state #f) - (client:anonymous-http-request - (let ((default-http-get-with-cache (cache:with-cache))) - (lambda* (uri . all-args) - (let try-get-with-cache ((args all-args) - (args-for-get '())) - (match args - (() - (apply default-http-get-with-cache uri (reverse args-for-get))) - ((#:headers arg other-args ...) - (try-get-with-cache other-args `(,arg #:headers ,@args-for-get))) - ((#:method 'GET other-args ...) - (try-get-with-cache other-args args-for-get)) - (else - (apply http-request uri all-args)))))))) - (let menu ((state (make <undoable-app-state>))) - (format #t (G_ "Account: ~a + (client:authorization-state #f)) + (cache:use-cache + (lambda () + (let menu ((state (make <undoable-app-state>))) + (format #t (G_ "Account: ~a URI: ~a Method: ~a Headers: ~a @@ -333,138 +320,138 @@ Available commands: - ~a: perform the request. ") - (let ((acct (app-state-account (current-state state)))) - (if acct - (account-summary acct) - (G_ "Account:|unset"))) - (let ((uri (app-state-uri (current-state state)))) - (if uri - (uri->string uri) - (G_ "URI:|unset"))) - (let ((method (app-state-method (current-state state)))) - (if method - (symbol->string method) - (G_ "Method:|unset"))) - (let ((headers (app-state-headers (current-state state)))) - (if (null? headers) - (G_ "Headers:|none") - (string-join - (map (match-lambda ((header . _) (symbol->string header))) - headers) - (G_ "list separator|, ")))) - add-account-command - choose-account-command - set-uri-command - set-method-command - view-headers-command - clear-headers-command - add-header-command - ok-command) - (when (can-undo? state) - (format #t (G_ "You can undo your last command with \"~a\".\n") undo-command)) - (when (can-redo? state) - (format #t (G_ "You can re-apply your last undone command with \"~a\".\n") redo-command)) - (let ((command (readline (G_ "Readline prompt|Command: ")))) - (if (eof-object? command) - (exit 0) - (with-exception-handler - (lambda (exn) - (if (exception-with-message? exn) - (begin - (format #t (G_ "An error happened: ~a.\n") - (exception-message exn)) - (menu state)) - (raise-exception exn))) - (lambda () - (cond - ((equal? command add-account-command) - (let ((identity-provider - (with-sigint-handler - (lambda () - (menu state)) - (lambda () - (readline (G_ "Please enter your identity provider: ")))))) - (menu (add-account state (make <account:account> #:issuer identity-provider))))) - ((equal? command choose-account-command) - (let ((accounts (enumerate-accounts state))) - (if (null? accounts) - (begin - (format #t (G_ "You don’t have other accounts available. Please add one with \"add-account\".\n")) - (menu state)) - (begin - (let enumerate-accounts ((accounts accounts)) - (match accounts - (((i . account) rest ...) - (format #t (G_ "- ~a: ~a\n") i (account-summary account)) - (enumerate-accounts rest)) - (() #t))) - (with-sigint-handler - (lambda () + (let ((acct (app-state-account (current-state state)))) + (if acct + (account-summary acct) + (G_ "Account:|unset"))) + (let ((uri (app-state-uri (current-state state)))) + (if uri + (uri->string uri) + (G_ "URI:|unset"))) + (let ((method (app-state-method (current-state state)))) + (if method + (symbol->string method) + (G_ "Method:|unset"))) + (let ((headers (app-state-headers (current-state state)))) + (if (null? headers) + (G_ "Headers:|none") + (string-join + (map (match-lambda ((header . _) (symbol->string header))) + headers) + (G_ "list separator|, ")))) + add-account-command + choose-account-command + set-uri-command + set-method-command + view-headers-command + clear-headers-command + add-header-command + ok-command) + (when (can-undo? state) + (format #t (G_ "You can undo your last command with \"~a\".\n") undo-command)) + (when (can-redo? state) + (format #t (G_ "You can re-apply your last undone command with \"~a\".\n") redo-command)) + (let ((command (readline (G_ "Readline prompt|Command: ")))) + (if (eof-object? command) + (exit 0) + (with-exception-handler + (lambda (exn) + (if (exception-with-message? exn) + (begin + (format #t (G_ "An error happened: ~a.\n") + (exception-message exn)) + (menu state)) + (raise-exception exn))) + (lambda () + (cond + ((equal? command add-account-command) + (let ((identity-provider + (with-sigint-handler + (lambda () + (menu state)) + (lambda () + (readline (G_ "Please enter your identity provider: ")))))) + (menu (add-account state (make <account:account> #:issuer identity-provider))))) + ((equal? command choose-account-command) + (let ((accounts (enumerate-accounts state))) + (if (null? accounts) + (begin + (format #t (G_ "You don’t have other accounts available. Please add one with \"add-account\".\n")) (menu state)) - (lambda () - (let ((choice (string->number - (readline (format #f (G_ "[1-~a] ") - (length accounts)))))) - (menu (choose-account state choice))))))))) - ((equal? command set-uri-command) - (with-sigint-handler - (lambda () - (menu state)) - (lambda () - (menu (set-uri state (readline (G_ "Visit this URI: "))))))) - ((equal? command set-method-command) - (with-sigint-handler - (lambda () - (menu state)) - (lambda () - (let ((method (readline (G_ "Use this HTTP method [GET]: ")))) - (when (equal? method "") - (set! method "GET")) - (menu (set-method state method)))))) - ((equal? command view-headers-command) - (write-headers (app-state-headers (current-state state)) - (current-output-port)) - (newline) - (menu state)) - ((equal? command clear-headers-command) - (menu (clear-headers state))) - ((equal? command add-header-command) - (with-sigint-handler - (lambda () + (begin + (let enumerate-accounts ((accounts accounts)) + (match accounts + (((i . account) rest ...) + (format #t (G_ "- ~a: ~a\n") i (account-summary account)) + (enumerate-accounts rest)) + (() #t))) + (with-sigint-handler + (lambda () + (menu state)) + (lambda () + (let ((choice (string->number + (readline (format #f (G_ "[1-~a] ") + (length accounts)))))) + (menu (choose-account state choice))))))))) + ((equal? command set-uri-command) + (with-sigint-handler + (lambda () + (menu state)) + (lambda () + (menu (set-uri state (readline (G_ "Visit this URI: "))))))) + ((equal? command set-method-command) + (with-sigint-handler + (lambda () + (menu state)) + (lambda () + (let ((method (readline (G_ "Use this HTTP method [GET]: ")))) + (when (equal? method "") + (set! method "GET")) + (menu (set-method state method)))))) + ((equal? command view-headers-command) + (write-headers (app-state-headers (current-state state)) + (current-output-port)) + (newline) (menu state)) - (lambda () - (let ((header (string-downcase (readline (G_ "Which header? "))))) - (let ((value - (readline - (format #f (G_ "Which header value for ~a? ") - header)))) - (menu (add-header state header value))))))) - ((equal? command ok-command) - (receive (account uri) - (let ((state (current-state state))) - (values - (app-state-account state) - (app-state-uri state))) - (if (and account uri) - (receive (account response body) - (client:request (app-state-account (current-state state)) - (app-state-uri (current-state state)) - #:method (app-state-method (current-state state)) - #:headers (app-state-headers (current-state state))) - (let ((ready-to-write-body - (write-response response (current-output-port)))) - (unless (response-must-not-include-body? ready-to-write-body) - (write-response-body ready-to-write-body - (if (string? body) - (string->utf8 body) - body))) - (newline))) - (format #t (G_ "Please define an account and the URI.\n"))) - (menu state))) - ((equal? command undo-command) - (menu (undo state))) - ((equal? command redo-command) - (menu (redo state))) - (else - (format #t (G_ "I don’t know that command.\n")) - (menu state)))))))))) + ((equal? command clear-headers-command) + (menu (clear-headers state))) + ((equal? command add-header-command) + (with-sigint-handler + (lambda () + (menu state)) + (lambda () + (let ((header (string-downcase (readline (G_ "Which header? "))))) + (let ((value + (readline + (format #f (G_ "Which header value for ~a? ") + header)))) + (menu (add-header state header value))))))) + ((equal? command ok-command) + (receive (account uri) + (let ((state (current-state state))) + (values + (app-state-account state) + (app-state-uri state))) + (if (and account uri) + (receive (account response body) + (client:request (app-state-account (current-state state)) + (app-state-uri (current-state state)) + #:method (app-state-method (current-state state)) + #:headers (app-state-headers (current-state state))) + (let ((ready-to-write-body + (write-response response (current-output-port)))) + (unless (response-must-not-include-body? ready-to-write-body) + (write-response-body ready-to-write-body + (if (string? body) + (string->utf8 body) + body))) + (newline))) + (format #t (G_ "Please define an account and the URI.\n"))) + (menu state))) + ((equal? command undo-command) + (menu (undo state))) + ((equal? command redo-command) + (menu (redo state))) + (else + (format #t (G_ "I don’t know that command.\n")) + (menu state)))))))))))) diff --git a/src/scm/webid-oidc/fetch.scm b/src/scm/webid-oidc/fetch.scm index aed4512..e18cc60 100644 --- a/src/scm/webid-oidc/fetch.scm +++ b/src/scm/webid-oidc/fetch.scm @@ -16,12 +16,12 @@ (define-module (webid-oidc fetch) #:use-module (webid-oidc web-i18n) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (ice-9 optargs) #:use-module (ice-9 receive) #:use-module (ice-9 match) #:use-module (ice-9 exceptions) #:use-module (rnrs bytevectors) - #:use-module (web client) #:use-module (web request) #:use-module (web response) #:use-module (web uri) @@ -49,7 +49,7 @@ cannot-fetch-linked-data? (uri cannot-fetch-linked-data-uri)) -(define* (fetch uri #:key (http-get http-get)) +(define (fetch uri) (unless (uri? uri) (set! uri (string->uri uri))) (with-exception-handler @@ -68,8 +68,8 @@ error)))) (lambda () (receive (response response-body) - (http-get uri - #:headers `((accept (text/turtle application/n-quads application/ld+json)))) + ((p:anonymous-http-request) uri + #:headers `((accept (text/turtle application/n-quads application/ld+json)))) (with-exception-handler (lambda (error) (let ((final-message diff --git a/src/scm/webid-oidc/identity-provider.scm b/src/scm/webid-oidc/identity-provider.scm index 46de33c..de56228 100644 --- a/src/scm/webid-oidc/identity-provider.scm +++ b/src/scm/webid-oidc/identity-provider.scm @@ -27,7 +27,6 @@ #:use-module (web request) #:use-module (web response) #:use-module (web uri) - #:use-module (web client) #:use-module (web server) #:use-module (webid-oidc cache) #:use-module (ice-9 optargs) @@ -62,9 +61,7 @@ encrypted-password jwks-uri authorization-endpoint-uri - token-endpoint-uri - #:key - (http-get http-get)) + token-endpoint-uri) (let ((key (catch #t (lambda () @@ -82,10 +79,9 @@ (stubs:scm->json (key->jwk k) port #:pretty #t))) k))))) (let ((authorization-endpoint - (make-authorization-endpoint subject encrypted-password key 120 - #:http-get http-get)) + (make-authorization-endpoint subject encrypted-password key)) (token-endpoint - (make-token-endpoint token-endpoint-uri issuer key 3600)) + (make-token-endpoint token-endpoint-uri issuer key)) (openid-configuration (make <oidc-configuration> #:jwks-uri jwks-uri diff --git a/src/scm/webid-oidc/jwk.scm b/src/scm/webid-oidc/jwk.scm index f1078aa..9dae649 100644 --- a/src/scm/webid-oidc/jwk.scm +++ b/src/scm/webid-oidc/jwk.scm @@ -16,6 +16,7 @@ (define-module (webid-oidc jwk) #:use-module ((webid-oidc stubs) #:prefix stubs:) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (webid-oidc errors) #:use-module (webid-oidc web-i18n) #:use-module (ice-9 receive) @@ -25,7 +26,6 @@ #:use-module (ice-9 match) #:use-module (srfi srfi-19) #:use-module (web response) - #:use-module (web client) #:use-module (rnrs bytevectors) #:use-module (oop goops) #:use-module (sxml match) @@ -495,8 +495,8 @@ . ,(list->vector (map key->jwk (keys jwks)))))))) -(define* (get-jwks uri #:key (http-request http-request)) - (receive (response response-body) (http-request uri) +(define (get-jwks uri) + (receive (response response-body) ((p:anonymous-http-request) uri) (with-exception-handler (lambda (error) (raise-exception diff --git a/src/scm/webid-oidc/jws.scm b/src/scm/webid-oidc/jws.scm index bfb941f..e0eba54 100644 --- a/src/scm/webid-oidc/jws.scm +++ b/src/scm/webid-oidc/jws.scm @@ -225,7 +225,7 @@ (define-method (default-validity (token <oidc-token>)) (let ((next (next-method)) - (mine 3600)) + (mine (p:oidc-token-default-validity))) (if (and next (< next mine)) next mine))) @@ -264,7 +264,7 @@ (define-method (default-validity (token <single-use-token>)) (let ((next (next-method)) - (mine 120)) + (mine (p:authorization-code-default-validity))) (if (and next (< next mine)) next mine))) @@ -470,43 +470,37 @@ #:neutral (list '()))) (define-method (lookup-keys (token <oidc-token>) args) - (let-keywords - args #f - ((http-request (p:anonymous-http-request))) - (let ((iss (iss token))) - (let ((cfg - (with-exception-handler - (lambda (error) - (let ((final-message - (if (exception-with-message? error) - (format #f (G_ "I cannot query the identity provider configuration: ~a") - (exception-message error)) - (format #f (G_ "I cannot query the identity provider configuration"))))) - (raise-exception - (make-exception - (make-cannot-query-identity-provider iss) - (make-exception-with-message final-message) - error)))) - (lambda () - (make <oidc-configuration> - #:server iss - #:http-request http-request))))) - (with-exception-handler - (lambda (error) - (raise-exception - (make-exception - (make-cannot-query-identity-provider iss) - (make-exception-with-message - (if (exception-with-message? error) - (format #f (G_ "I cannot query the JWKS URI of the identity provider: ~a") - (exception-message error)) - (format #f (G_ "I cannot query the JWKS URI of the identity provider"))))))) - (lambda () - (append - (keys (next-method)) - (keys - (parameterize ((p:anonymous-http-request http-request)) - (jwks cfg)))))))))) + (let ((iss (iss token))) + (let ((cfg + (with-exception-handler + (lambda (error) + (let ((final-message + (if (exception-with-message? error) + (format #f (G_ "I cannot query the identity provider configuration: ~a") + (exception-message error)) + (format #f (G_ "I cannot query the identity provider configuration"))))) + (raise-exception + (make-exception + (make-cannot-query-identity-provider iss) + (make-exception-with-message final-message) + error)))) + (lambda () + (make <oidc-configuration> + #:server iss))))) + (with-exception-handler + (lambda (error) + (raise-exception + (make-exception + (make-cannot-query-identity-provider iss) + (make-exception-with-message + (if (exception-with-message? error) + (format #f (G_ "I cannot query the JWKS URI of the identity provider: ~a") + (exception-message error)) + (format #f (G_ "I cannot query the JWKS URI of the identity provider"))))))) + (lambda () + (append + (keys (next-method)) + (keys (jwks cfg)))))))) (define verify (make <generic-with-default> diff --git a/src/scm/webid-oidc/oidc-configuration.scm b/src/scm/webid-oidc/oidc-configuration.scm index 0a776d1..d0d1e20 100644 --- a/src/scm/webid-oidc/oidc-configuration.scm +++ b/src/scm/webid-oidc/oidc-configuration.scm @@ -21,7 +21,6 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (web response) #:use-module (rnrs bytevectors) #:use-module (srfi srfi-19) @@ -67,8 +66,7 @@ (token-endpoint #f) (solid-oidc-supported "https://solidproject.org/TR/solid-oidc") (json-data #f) - (server #f) - (http-request (p:anonymous-http-request))) + (server #f)) (let do-initialize ((jwks-uri jwks-uri) (authorization-endpoint authorization-endpoint) (token-endpoint token-endpoint) @@ -150,7 +148,7 @@ #:host (uri-host server) #:port (uri-port server) #:path "/.well-known/openid-configuration"))) - (receive (response response-body) (http-request discovery-uri) + (receive (response response-body) ((p:anonymous-http-request) discovery-uri) (with-exception-handler (lambda (error) (raise-exception @@ -184,7 +182,7 @@ (make-exception (make-invalid-oidc-configuratin) (make-exception-with-message - (G_ "when making an OIDC configuration, either its required #:jwks-uri, #:authorization-endpoint and #:token-endpoint fields or #:server (and optionally #:http-request) or #:json-data should be passed"))))))))) + (G_ "when making an OIDC configuration, either its required #:jwks-uri, #:authorization-endpoint and #:token-endpoint fields or #:server or #:json-data should be passed"))))))))) (define-method (->json-data (cfg <oidc-configuration>)) `((jwks_uri . ,(uri->string (jwks-uri cfg))) @@ -198,4 +196,4 @@ (stubs:scm->json-string (->json-data cfg)))) (define-method (jwks (cfg <oidc-configuration>)) - (get-jwks (jwks-uri cfg) #:http-request (p:anonymous-http-request))) + (get-jwks (jwks-uri cfg))) diff --git a/src/scm/webid-oidc/oidc-id-token.scm b/src/scm/webid-oidc/oidc-id-token.scm index a33351b..19e22d7 100644 --- a/src/scm/webid-oidc/oidc-id-token.scm +++ b/src/scm/webid-oidc/oidc-id-token.scm @@ -23,7 +23,6 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (ice-9 optargs) #:use-module (ice-9 exceptions) #:use-module (ice-9 match) diff --git a/src/scm/webid-oidc/parameters.scm b/src/scm/webid-oidc/parameters.scm index 7d10798..df879ef 100644 --- a/src/scm/webid-oidc/parameters.scm +++ b/src/scm/webid-oidc/parameters.scm @@ -17,7 +17,16 @@ (define-module (webid-oidc parameters) #:use-module (srfi srfi-19) #:use-module (web client) - #:export (data-home cache-home current-date anonymous-http-request) + #:export + ( + data-home + cache-home + current-date + authorization-code-default-validity + oidc-token-default-validity + dpop-proof-validity + anonymous-http-request + ) #:declarative? #t) (define data-home @@ -52,3 +61,12 @@ (define anonymous-http-request (make-parameter http-request)) + +(define authorization-code-default-validity + (make-parameter 120)) + +(define oidc-token-default-validity + (make-parameter 3600)) + +(define dpop-proof-validity + (make-parameter 30)) diff --git a/src/scm/webid-oidc/program.scm b/src/scm/webid-oidc/program.scm index 760734e..00c929a 100644 --- a/src/scm/webid-oidc/program.scm +++ b/src/scm/webid-oidc/program.scm @@ -43,48 +43,52 @@ #:use-module (web uri) #:use-module (web request) #:use-module (web response) - #:use-module (web client) #:use-module (webid-oidc cache) #:use-module (web server)) (define logging-mutex (make-mutex)) -(define* (http-get-with-log uri #:key (headers '())) - (define date (date->string (time-utc->date (current-time)))) - (define uri-string (if (uri? uri) (uri->string uri) uri)) - (with-mutex logging-mutex - (when (getenv "XML_CATALOG_FILES") - (format (current-error-port) (G_ "~a: Warning: XML_CATALOG_FILES is set to ~s.\n") - date - (getenv "XML_CATALOG_FILES"))) - (format (current-error-port) (G_ "~a: GET ~a ~s...\n") - date uri-string headers)) - (set! uri (resolve-uri uri - #:http-get - (lambda* (uri . args) - (with-mutex logging-mutex - (format (current-error-port) - (G_ "~a: Warning: loading XML catalog from the web, ~s.\n") - date - (uri->string uri))) - (apply http-get uri args)))) - (receive (response response-body) - (in-another-thread - (http-get uri #:headers headers)) - (with-mutex logging-mutex - (format (current-error-port) (G_ "~a: GET ~a ~s: ~s ~a bytes\n") - date uri-string headers response - (cond - ((bytevector? response-body) - (bytevector-length response-body)) - ((string? response-body) - (string-length response-body)) - (else 0)))) - (values response response-body))) +(define (use-logging-request f) + (let ((backend (p:anonymous-http-request))) + (parameterize + ((p:anonymous-http-request + (lambda* (uri . all-args) + (define date (date->string (time-utc->date (current-time)))) + (define uri-string (if (uri? uri) (uri->string uri) uri)) + (let-keywords + all-args #t + ((headers '()) + (method 'GET)) + (with-mutex logging-mutex + (when (getenv "XML_CATALOG_FILES") + (format (current-error-port) (G_ "~a: Warning: XML_CATALOG_FILES is set to ~s.\n") + date + (getenv "XML_CATALOG_FILES"))) + (format (current-error-port) (G_ "~a: ~s ~a ~s...\n") + date method uri-string headers)) + (receive (response response-body) + (in-another-thread + (apply backend uri all-args)) + (with-mutex logging-mutex + (format (current-error-port) (G_ "~a: ~s ~a ~s: ~s ~a bytes\n") + date method uri-string headers response + (cond + ((bytevector? response-body) + (bytevector-length response-body)) + ((string? response-body) + (string-length response-body)) + (else 0)))) + (values response response-body)))))) + (f)))) -(define cache-http-get - (with-cache - #:http-get http-get-with-log)) +(define (setup-http-request f) + (use-cache + (lambda () + (use-catalog + (lambda () + (use-logging-request + (lambda () + (f)))))))) (define (request-ip-address request) ;; The IP address of the remote end @@ -216,7 +220,7 @@ (serve-one-client* handler implementation server state) (lp)))) -(define-public (main) +(define (inner-main) (setvbuf (current-output-port) 'none) (setvbuf (current-error-port) 'none) (setlocale LC_ALL "") @@ -724,7 +728,6 @@ Rreleased ~a\n") complete-corresponding-source (make-reverse-proxy #:server-uri server-name - #:http-get cache-http-get #:endpoint backend-uri #:auth-header header)) 'http @@ -762,8 +765,7 @@ Rreleased ~a\n") (let ((handler (make-identity-provider server-name key-file subject encrypted-password jwks-uri - authorization-endpoint-uri token-endpoint-uri - #:http-get cache-http-get))) + authorization-endpoint-uri token-endpoint-uri))) (run-server* (handler-with-log (option-ref options log-file-sym #f) @@ -844,14 +846,11 @@ Rreleased ~a\n") (let ((value (assq-ref (request-headers request) header))) (and value (string->uri value))))) (make-authenticator - #:server-uri server-name - #:http-get cache-http-get)) - #:http-get cache-http-get)) + #:server-uri server-name)))) (identity-provider-handler (make-identity-provider server-name key-file subject encrypted-password jwks-uri - authorization-endpoint-uri token-endpoint-uri - #:http-get cache-http-get))) + authorization-endpoint-uri token-endpoint-uri))) (create-root server-name subject) (run-server* (handler-with-log @@ -872,3 +871,6 @@ Rreleased ~a\n") (format (current-error-port) (G_ "Unknown command ~s\n") command) (exit 1)))))))))) + +(define-public (main) + (setup-http-request inner-main)) diff --git a/src/scm/webid-oidc/provider-confirmation.scm b/src/scm/webid-oidc/provider-confirmation.scm index c0d7ea8..e46663e 100644 --- a/src/scm/webid-oidc/provider-confirmation.scm +++ b/src/scm/webid-oidc/provider-confirmation.scm @@ -17,8 +17,8 @@ (define-module (webid-oidc provider-confirmation) #:use-module (webid-oidc errors) #:use-module (webid-oidc fetch) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (web response) #:use-module (rnrs bytevectors) #:use-module (srfi srfi-19) @@ -81,9 +81,7 @@ (expires . ,expiration-date))) resource))) -(define* (get-provider-confirmations subject - #:key - (http-get http-get)) +(define (get-provider-confirmations subject) (unless (equal? (uri-scheme subject) 'https) (set! subject (build-uri 'https #:userinfo (uri-userinfo subject) @@ -92,19 +90,16 @@ #:path (uri-path subject) #:query (uri-query subject) #:fragment (uri-fragment subject)))) - (let ((graph (fetch subject #:http-get http-get))) + (let ((graph (fetch subject))) (cons (build-uri 'https #:userinfo (uri-userinfo subject) #:host (uri-host subject) #:port (uri-port subject)) (find-confirmations (uri->string subject) graph)))) -(define* (confirm-provider subject issuer - #:key (http-get http-get)) +(define (confirm-provider subject issuer) (unless (string=? (uri-host subject) (uri-host issuer)) - (let search ((providers (get-provider-confirmations - subject - #:http-get http-get))) + (let search ((providers (get-provider-confirmations subject))) (match providers (() (let ((final-message diff --git a/src/scm/webid-oidc/resource-server.scm b/src/scm/webid-oidc/resource-server.scm index bae9db9..50e5b64 100644 --- a/src/scm/webid-oidc/resource-server.scm +++ b/src/scm/webid-oidc/resource-server.scm @@ -36,7 +36,6 @@ #:use-module (web response) #:use-module (web uri) #:use-module (web server) - #:use-module (web client) #:use-module (ice-9 optargs) #:use-module (ice-9 receive) #:use-module (webid-oidc web-i18n) @@ -54,9 +53,7 @@ make-resource-server )) -(define* (make-authenticator #:key - (server-uri #f) - (http-get http-get)) +(define* (make-authenticator #:key (server-uri #f)) (unless (and server-uri (uri? server-uri)) (fail (G_ "You need to pass #:server-uri URI where URI is the public URI of the server, as a (web uri)."))) (lambda (request request-body) @@ -106,18 +103,7 @@ (('dpop . (? string? string-value)) string-value))) (access-token - (decode <access-token> lit-access-token - #:http-request - (lambda* (uri . args) - (let without-method ((remaining-args args) - (kept-args '())) - (match remaining-args - (() (apply http-get uri (reverse kept-args))) - ((#:method 'GET remaining-args ...) - (without-method remaining-args kept-args)) - (((? keyword? key) value remaining-args ...) - (without-method remaining-args - `(,value ,key ,@kept-args)))))))) + (decode <access-token> lit-access-token)) (cnf/jkt (cnf/jkt access-token)) (dpop-proof (decode <dpop-proof> dpop @@ -127,7 +113,7 @@ #:access-token lit-access-token))) (let ((subject (webid access-token)) (issuer (iss access-token))) - (confirm-provider subject issuer #:http-get http-get) + (confirm-provider subject issuer) subject))) #:unwind? #t))))))) @@ -196,16 +182,14 @@ #:key (server-uri #f) (owner #f) - (authenticator #f) - (http-get http-get)) + (authenticator #f)) (unless owner (fail (G_ "The owner is not defined."))) (declare-link-header!) (unless authenticator (set! authenticator (make-authenticator - #:server-uri server-uri - #:http-get http-get))) + #:server-uri server-uri))) (lambda (request request-body) (parameterize ((p:current-date ((p:current-date))) ;; Fix the date (web-locale request)) @@ -217,8 +201,7 @@ ((GET HEAD OPTIONS) (receive (headers content) (ldp:read server-uri owner user - (uri-path (request-uri request)) - #:http-get http-get) + (uri-path (request-uri request))) (let ((true-content-type (car (assq-ref headers 'content-type))) (other-headers @@ -255,8 +238,7 @@ (request-if-match request) (request-if-none-match request) content-type - content - #:http-get http-get) + content) . #f)))) "" user))) @@ -278,16 +260,14 @@ types (assq-ref (request-headers request) 'slug) content-type - content - #:http-get http-get)))) + content)))) "" user)))) ((DELETE) (ldp:delete server-uri owner user (uri-path (request-uri request)) (request-if-match request) - (request-if-none-match request) - #:http-get http-get) + (request-if-none-match request)) (return (build-response) "" diff --git a/src/scm/webid-oidc/reverse-proxy.scm b/src/scm/webid-oidc/reverse-proxy.scm index 30e6d48..ee4878e 100644 --- a/src/scm/webid-oidc/reverse-proxy.scm +++ b/src/scm/webid-oidc/reverse-proxy.scm @@ -28,9 +28,9 @@ #:use-module (srfi srfi-19) #:use-module (rnrs bytevectors) #:use-module (web uri) + #:use-module (web client) ;; required to pass the request along #:use-module (web request) #:use-module (web response) - #:use-module (web client) #:use-module (webid-oidc cache) #:use-module (webid-oidc web-i18n) #:use-module (web server) @@ -43,7 +43,6 @@ (define* (make-reverse-proxy #:key (server-uri #f) - (http-get http-get) (endpoint #f) (auth-header 'XXX-Agent)) (set! auth-header @@ -54,8 +53,7 @@ (symbol->string auth-header)))) (define authenticate (make-authenticator - #:server-uri server-uri - #:http-get http-get)) + #:server-uri server-uri)) (unless (and endpoint (uri? endpoint)) (fail (G_ "#:endpoint argument is not present or not an URI."))) (lambda (request request-body) diff --git a/src/scm/webid-oidc/serve.scm b/src/scm/webid-oidc/serve.scm index 66a156c..76c58fc 100644 --- a/src/scm/webid-oidc/serve.scm +++ b/src/scm/webid-oidc/serve.scm @@ -18,11 +18,11 @@ #:use-module (webid-oidc errors) #:use-module (webid-oidc fetch) #:use-module (webid-oidc web-i18n) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (ice-9 optargs) #:use-module (ice-9 receive) #:use-module (ice-9 exceptions) #:use-module (rnrs bytevectors) - #:use-module (web client) #:use-module (web request) #:use-module (web response) #:use-module (web uri) @@ -57,17 +57,18 @@ (define (convert client-accepts server-name path content-type content) (let ((data-as-rdf (false-if-exception - (fetch - (build-uri (uri-scheme server-name) - #:userinfo (uri-userinfo server-name) - #:host (uri-host server-name) - #:port (uri-port server-name) - #:path path) - #:http-get - (lambda args - (values (build-response - #:headers `((content-type ,content-type))) - content)))))) + (parameterize + ((p:anonymous-http-request + (lambda _ + (values (build-response + #:headers `((content-type ,content-type))) + content)))) + (fetch + (build-uri (uri-scheme server-name) + #:userinfo (uri-userinfo server-name) + #:host (uri-host server-name) + #:port (uri-port server-name) + #:path path)))))) (if client-accepts ;; Content negociation is asked (let try-satisfy ((accepts client-accepts)) diff --git a/src/scm/webid-oidc/server/create.scm b/src/scm/webid-oidc/server/create.scm index dc9651e..0558ff3 100644 --- a/src/scm/webid-oidc/server/create.scm +++ b/src/scm/webid-oidc/server/create.scm @@ -27,8 +27,8 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module (webid-oidc rdf-index) #:use-module ((webid-oidc refresh-token) #:prefix refresh:) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (web response) #:use-module (rdf rdf) #:use-module (turtle tordf) @@ -88,13 +88,14 @@ (make-exception (make-unsupported-media-type content-type) (make-exception-with-message final-message)))))) - (let ((graph (fetch - doc-uri - #:http-get - (lambda (uri . args) - (values - (build-response #:headers `((content-type ,content-type))) - content))))) + (let ((graph + (parameterize + ((p:anonymous-http-request + (lambda* (uri . args) + (values + (build-response #:headers `((content-type ,content-type))) + content)))) + (fetch doc-uri)))) (with-index graph (lambda (rdf-match) @@ -117,10 +118,8 @@ (or (equal? next "http://www.w3.org/ns/ldp#BasicContainer") (types-indicate-container? (cdr types)))))) -(define* (create server-name owner user container types slug content-type content - #:key - (http-get http-get)) - (check-acl-can-append server-name container owner user #:http-get http-get) +(define* (create server-name owner user container types slug content-type content) + (check-acl-can-append server-name container owner user) (unless (and slug (not (equal? slug ""))) (set! slug (stubs:random 12))) (when (string-contains slug "/") @@ -171,8 +170,7 @@ (lambda error (create server-name owner user container types (string-append slug "-" (stubs:random 12)) - content-type content - #:http-get http-get)))))))) + content-type content)))))))) (define (create-root server-name owner) (define (fix-angle-aux accu chars) diff --git a/src/scm/webid-oidc/server/delete.scm b/src/scm/webid-oidc/server/delete.scm index 4e4ce66..02344ad 100644 --- a/src/scm/webid-oidc/server/delete.scm +++ b/src/scm/webid-oidc/server/delete.scm @@ -26,8 +26,8 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module (webid-oidc rdf-index) #:use-module ((webid-oidc refresh-token) #:prefix refresh:) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (web response) #:use-module (rdf rdf) #:use-module (turtle tordf) @@ -51,9 +51,7 @@ )) -(define* (delete server-name owner user path if-match if-none-match - #:key - (http-get http-get)) +(define* (delete server-name owner user path if-match if-none-match) (check-acl-can-write server-name path owner user) (with-session (lambda (load-content-type load-contained load-static-content diff --git a/src/scm/webid-oidc/server/precondition.scm b/src/scm/webid-oidc/server/precondition.scm index 03ee967..7e3a4bb 100644 --- a/src/scm/webid-oidc/server/precondition.scm +++ b/src/scm/webid-oidc/server/precondition.scm @@ -25,8 +25,8 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module (webid-oidc rdf-index) #:use-module ((webid-oidc refresh-token) #:prefix refresh:) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (web response) #:use-module (rdf rdf) #:use-module (turtle tordf) diff --git a/src/scm/webid-oidc/server/read.scm b/src/scm/webid-oidc/server/read.scm index cc74898..0cd49fd 100644 --- a/src/scm/webid-oidc/server/read.scm +++ b/src/scm/webid-oidc/server/read.scm @@ -26,8 +26,8 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module (webid-oidc rdf-index) #:use-module ((webid-oidc refresh-token) #:prefix refresh:) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (web response) #:use-module (rdf rdf) #:use-module (turtle tordf) @@ -63,14 +63,12 @@ (base-path auxiliary-resource-absent-base-path) (path-type auxiliary-resource-absent-path-type)) -(define* (read server-name owner user path - #:key - (http-get http-get)) +(define* (read server-name owner user path) (declare-link-header!) (with-session (lambda (load-content-type load-contained load-static-content do-create do-delete) - (check-acl-can-read server-name path owner user #:http-get http-get) + (check-acl-can-read server-name path owner user) (receive (base-path path-type) (base-path path) (let ((container? (container-path? path)) @@ -183,19 +181,20 @@ ;; Content (if container? (let ((static-graph - (fetch - (build-uri - 'https - #:userinfo (uri-userinfo server-name) - #:host (uri-host server-name) - #:port (uri-port server-name) - #:path path) - #:http-get - (lambda (uri . args) - (values - (build-response - #:headers `((content-type ,(load-content-type relevant-etag)))) - (load-static-content relevant-etag)))))) + (parameterize + ((p:anonymous-http-request + (lambda (uri . args) + (values + (build-response + #:headers `((content-type ,(load-content-type relevant-etag)))) + (load-static-content relevant-etag))))) + (fetch + (build-uri + 'https + #:userinfo (uri-userinfo server-name) + #:host (uri-host server-name) + #:port (uri-port server-name) + #:path path))))) (let ((final-graph (reverse (append diff --git a/src/scm/webid-oidc/server/resource/wac.scm b/src/scm/webid-oidc/server/resource/wac.scm index e3ed089..d3f4adf 100644 --- a/src/scm/webid-oidc/server/resource/wac.scm +++ b/src/scm/webid-oidc/server/resource/wac.scm @@ -23,9 +23,9 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module (webid-oidc rdf-index) #:use-module ((webid-oidc refresh-token) #:prefix refresh:) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (webid-oidc web-i18n) #:use-module (web uri) - #:use-module (web client) #:use-module (rdf rdf) #:use-module (turtle tordf) #:use-module (rnrs bytevectors) @@ -82,7 +82,7 @@ (owner forbidden-owner) (expected-mode forbidden-expected-mode)) -(define (group-member? http-get group-uri agent) +(define (group-member? group-uri agent) (when (string? group-uri) (set! group-uri (string->uri group-uri))) (when (string? agent) @@ -111,7 +111,7 @@ #:continuable? #t)) #f) (lambda () - (let ((data (fetch group-doc-uri #:http-get http-get))) + (let ((data (fetch group-doc-uri))) (with-index data (lambda (rdf-match) @@ -137,7 +137,7 @@ #:path (string-append path ".acl")))))) f)) -(define (check-authorization path check-default? server-name final-path http-get user rdf-match id) +(define (check-authorization path check-default? server-name final-path user rdf-match id) ;; The authorization should give accessTo path, ;; or to a prefix of final-path; and it should ;; be for agent user, or a group that contains @@ -211,7 +211,7 @@ (and user (not (null? (filter (lambda (group) - (group-member? http-get group user)) + (group-member? group user)) groups)))))))) (or (and access-to-ok @@ -227,23 +227,21 @@ #f)))) '()))) -(define (check-authorizations path check-default? server-name final-path http-get user rdf-match +(define (check-authorizations path check-default? server-name final-path user rdf-match allowed-modes authorizations) (if (null? authorizations) (reverse allowed-modes) (let ((new-modes - (check-authorization path check-default? server-name final-path http-get user rdf-match + (check-authorization path check-default? server-name final-path user rdf-match (car authorizations)))) (check-authorizations - path check-default? server-name final-path http-get user rdf-match + path check-default? server-name final-path user rdf-match (append (reverse new-modes) allowed-modes) (cdr authorizations))))) (define acl-aux (string->uri "http://www.w3.org/ns/auth/acl#accessControl")) -(define* (wac-get-modes server-name final-path user - #:key - (http-get http-get)) +(define (wac-get-modes server-name final-path user) (with-session (lambda (content-type contained static-content create delete) (define (wac-check-recursive path check-default?) @@ -263,7 +261,7 @@ server-name path (content-type acl-etag) (static-content acl-etag) (lambda (rdf-match) (check-authorizations - path check-default? server-name final-path http-get user rdf-match + path check-default? server-name final-path user rdf-match '() (map rdf-triple-subject (rdf-match #f @@ -300,7 +298,7 @@ (? uri? (= uri->string b))) (string< a b))))))))) -(define (check-mode server-name path owner user http-get expected-mode) +(define (check-mode server-name path owner user expected-mode) (unless (equal? owner user) (receive (base-path type) (base-path path) @@ -313,7 +311,7 @@ ;; for Control over the base resource. (set! path base-path) (set! expected-mode (string->uri "http://www.w3.org/ns/auth/acl#Control")))) - (let ((modes (wac-get-modes server-name path user #:http-get http-get))) + (let ((modes (wac-get-modes server-name path user))) (define (check-modes modes) (if (null? modes) (let ((final-message @@ -337,26 +335,18 @@ (check-modes (cdr modes))))) (check-modes modes)))) -(define* (check-acl-can-read server-name path owner user - #:key - (http-get http-get)) - (check-mode server-name path owner user http-get +(define (check-acl-can-read server-name path owner user) + (check-mode server-name path owner user (string->uri "http://www.w3.org/ns/auth/acl#Read"))) -(define* (check-acl-can-write server-name path owner user - #:key - (http-get http-get)) - (check-mode server-name path owner user http-get +(define (check-acl-can-write server-name path owner user) + (check-mode server-name path owner user (string->uri "http://www.w3.org/ns/auth/acl#Write"))) -(define* (check-acl-can-append server-name path owner user - #:key - (http-get http-get)) - (check-mode server-name path owner user http-get +(define (check-acl-can-append server-name path owner user) + (check-mode server-name path owner user (string->uri "http://www.w3.org/ns/auth/acl#Append"))) -(define* (check-acl-can-control server-name path owner user - #:key - (http-get http-get)) - (check-mode server-name path owner user http-get +(define (check-acl-can-control server-name path owner user) + (check-mode server-name path owner user (string->uri "http://www.w3.org/ns/auth/acl#Control"))) diff --git a/src/scm/webid-oidc/server/update.scm b/src/scm/webid-oidc/server/update.scm index 589de44..d568d06 100644 --- a/src/scm/webid-oidc/server/update.scm +++ b/src/scm/webid-oidc/server/update.scm @@ -27,8 +27,8 @@ #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module (webid-oidc rdf-index) #:use-module ((webid-oidc refresh-token) #:prefix refresh:) + #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module (web uri) - #:use-module (web client) #:use-module (web response) #:use-module (rdf rdf) #:use-module (turtle tordf) @@ -60,13 +60,14 @@ (raise-exception (make-exception (make-unsupported-media-type content-type))))) - (let ((graph (fetch - doc-uri - #:http-get - (lambda (uri . args) - (values - (build-response #:headers `((content-type ,content-type))) - content))))) + (let ((graph + (parameterize + ((p:anonymous-http-request + (lambda (uri . args) + (values + (build-response #:headers `((content-type ,content-type))) + content)))) + (fetch doc-uri)))) (with-index graph (lambda (rdf-match) @@ -90,9 +91,7 @@ (rdf->turtle final-graph)))))))))) (define* (update server-name owner user path if-match if-none-match - content-type content - #:key - (http-get http-get)) + content-type content) (define updated-etag #f) (with-session (lambda (load-content-type load-contained load-static-content diff --git a/src/scm/webid-oidc/simulation.scm b/src/scm/webid-oidc/simulation.scm index 30f7b43..0accdc4 100644 --- a/src/scm/webid-oidc/simulation.scm +++ b/src/scm/webid-oidc/simulation.scm @@ -153,17 +153,11 @@ (crypt "password" "xxx") (with-path server-uri "/keys") (with-path server-uri "/authorize") - (with-path server-uri "/token") - #:http-get - (lambda* (uri . args) - (apply request simulation uri #:method 'GET args)))) + (with-path server-uri "/token"))) (server (make-resource-server #:server-uri server-uri - #:owner owner - #:http-get - (lambda* (uri . args) - (apply request simulation uri #:method 'GET args))))) + #:owner owner))) (define (handle request body) (let ((path (uri-path (request-uri request)))) (if (member path diff --git a/src/scm/webid-oidc/testing.scm b/src/scm/webid-oidc/testing.scm index 06d0127..c26ab5e 100644 --- a/src/scm/webid-oidc/testing.scm +++ b/src/scm/webid-oidc/testing.scm @@ -28,7 +28,13 @@ (define-public (with-test-environment test-name f) (parameterize ((data-home (format #f "tests/~a.home/disfluid" test-name)) - (cache-home (format #f "tests/~a.cache/disfluid" test-name))) + (cache-home (format #f "tests/~a.cache/disfluid" test-name)) + (anonymous-http-request + (lambda _ + (error "cannot request the world-wide web from within a test"))) + (current-date + (lambda () + (error "cannot use the current date from within a test")))) (call-with-output-file* (format #f "~a/seed" (cache-home)) (lambda (port) diff --git a/src/scm/webid-oidc/token-endpoint.scm b/src/scm/webid-oidc/token-endpoint.scm index 292df4d..a10c843 100644 --- a/src/scm/webid-oidc/token-endpoint.scm +++ b/src/scm/webid-oidc/token-endpoint.scm @@ -26,7 +26,6 @@ #:use-module ((webid-oidc parameters) #:prefix p:) #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module ((webid-oidc refresh-token) #:prefix refresh:) - #:use-module (web client) #:use-module (web request) #:use-module (web response) #:use-module (web uri) @@ -179,7 +178,7 @@ port))))))) thunk)))) -(define (make-token-endpoint token-endpoint-uri iss issuer-key validity) +(define (make-token-endpoint token-endpoint-uri iss issuer-key) (lambda (request request-body) (when (bytevector? request-body) (set! request-body (utf8->string request-body))) @@ -295,35 +294,33 @@ (make-unsupported-grant-type grant-type) (make-exception-with-message final-message) (make-message-for-the-user final-user-message)))))) - (let* ((iat (time-second (date->time-utc current-time))) - (exp (+ iat validity))) - (let ((id-token - (issue <id-token> - issuer-key - #:webid webid - #:iss iss - #:aud client-id)) - (access-token - (issue <access-token> - issuer-key - #:webid webid - #:iss iss - #:client-key (jwk dpop) - #:client-id client-id)) - (refresh-token - (if (equal? grant-type "refresh_token") - (assoc-ref form-args "refresh_token") - (refresh:issue-refresh-token webid client-id - (jkt (jwk dpop)))))) - (values - (build-response #:headers '((content-type application/json) - (cache-control (no-cache no-store))) - #:port #f) - (stubs:scm->json-string - `((id_token . ,id-token) - (access_token . ,access-token) - (token_type . "DPoP") - (expires_in . ,validity) - (refresh_token . ,refresh-token))) - client-id - #f))))))))))) + (let ((id-token + (issue <id-token> + issuer-key + #:webid webid + #:iss iss + #:aud client-id)) + (access-token + (issue <access-token> + issuer-key + #:webid webid + #:iss iss + #:client-key (jwk dpop) + #:client-id client-id)) + (refresh-token + (if (equal? grant-type "refresh_token") + (assoc-ref form-args "refresh_token") + (refresh:issue-refresh-token webid client-id + (jkt (jwk dpop)))))) + (values + (build-response #:headers '((content-type application/json) + (cache-control (no-cache no-store))) + #:port #f) + (stubs:scm->json-string + `((id_token . ,id-token) + (access_token . ,access-token) + (token_type . "DPoP") + (expires_in . ,(p:oidc-token-default-validity)) + (refresh_token . ,refresh-token))) + client-id + #f)))))))))) diff --git a/tests/acl-with-group.scm b/tests/acl-with-group.scm deleted file mode 100644 index 3e715d9..0000000 --- a/tests/acl-with-group.scm +++ /dev/null @@ -1,27 +0,0 @@ -;; webid-oidc, implementation of the Solid specification -;; Copyright (C) 2020, 2021 Vivien Kraus - -;; This program is free software: you can redistribute it and/or modify -;; it under the terms of the GNU Affero General Public License as -;; published by the Free Software Foundation, either version 3 of the -;; License, or (at your option) any later version. - -;; This program is distributed in the hope that it will be useful, -;; but WITHOUT ANY WARRANTY; without even the implied warranty of -;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;; GNU Affero General Public License for more details. - -;; You should have received a copy of the GNU Affero General Public License -;; along with this program. If not, see <https://www.gnu.org/licenses/>. - -(define (http-get uri) - (unless (equal? uri - (string->uri "https://group-server.example.com/the#group")) - (exit 1) - (values - (build-response #:headers '((content-type text/turtle))) - "@prefix vcard: <http://www.w3.org/2006/vcard/ns#>. - -<#group> a vcard:Group; - vcard:hasMember <https://other-user.example.com/profile/card#me> . -"))) diff --git a/tests/acl.scm b/tests/acl.scm index 3d76c54..9a11eb6 100644 --- a/tests/acl.scm +++ b/tests/acl.scm @@ -17,6 +17,7 @@ (use-modules (webid-oidc server resource wac) (webid-oidc server resource content) (webid-oidc server resource path) + ((webid-oidc parameters) #:prefix p:) (webid-oidc testing) (web http) (web request) @@ -203,54 +204,52 @@ (define (run-test path modes-alice modes-bob modes-fbi modes-anonymous) (define (uri< a b) (string< (uri->string a) (uri->string b))) - (let ((alice (wac-get-modes + (parameterize + ((p:anonymous-http-request http-get)) + (let ((alice (wac-get-modes + server-name path + (string->uri "https://alice.databox.me/profile/card#me"))) + (bob (wac-get-modes server-name path - (string->uri "https://alice.databox.me/profile/card#me") - #:http-get http-get)) - (bob (wac-get-modes - server-name path - (string->uri "https://bob.databox.me/profile/card#me") - #:http-get http-get)) - (fbi (wac-get-modes - server-name path - (string->uri "https://the-spy.databox.me/profile/card#me") - #:http-get http-get)) - (anonymous (wac-get-modes - server-name path - #f - #:http-get http-get))) - (unless (equal? alice - modes-alice) - (format (current-error-port) - "Alice’s modes for path ~s:\n expected:\n ~s\n got:\n ~s\n" - path - (map uri->string modes-alice) - (map uri->string alice)) - (exit 2)) - (unless (equal? bob - modes-bob) - (format (current-error-port) - "Bob’s modes for path ~s:\n expected:\n ~s\n got:\n ~s\n" - path - (map uri->string modes-bob) - (map uri->string bob)) - (exit 3)) - (unless (equal? fbi - modes-fbi) - (format (current-error-port) - "Spy’s modes for path ~s:\n expected:\n ~s\n got:\n ~s\n" - path - (map uri->string modes-fbi) - (map uri->string fbi)) - (exit 4)) - (unless (equal? anonymous - modes-anonymous) - (format (current-error-port) - "Anonymous modes for path ~s:\n expected:\n ~s\n got:\n ~s\n" - path - (map uri->string modes-anonymous) - (map uri->string anonymous)) - (exit 5)))) + (string->uri "https://bob.databox.me/profile/card#me"))) + (fbi (wac-get-modes + server-name path + (string->uri "https://the-spy.databox.me/profile/card#me"))) + (anonymous (wac-get-modes + server-name path + #f))) + (unless (equal? alice + modes-alice) + (format (current-error-port) + "Alice’s modes for path ~s:\n expected:\n ~s\n got:\n ~s\n" + path + (map uri->string modes-alice) + (map uri->string alice)) + (exit 2)) + (unless (equal? bob + modes-bob) + (format (current-error-port) + "Bob’s modes for path ~s:\n expected:\n ~s\n got:\n ~s\n" + path + (map uri->string modes-bob) + (map uri->string bob)) + (exit 3)) + (unless (equal? fbi + modes-fbi) + (format (current-error-port) + "Spy’s modes for path ~s:\n expected:\n ~s\n got:\n ~s\n" + path + (map uri->string modes-fbi) + (map uri->string fbi)) + (exit 4)) + (unless (equal? anonymous + modes-anonymous) + (format (current-error-port) + "Anonymous modes for path ~s:\n expected:\n ~s\n got:\n ~s\n" + path + (map uri->string modes-anonymous) + (map uri->string anonymous)) + (exit 5))))) (let ((read (string->uri "http://www.w3.org/ns/auth/acl#Read")) (write (string->uri "http://www.w3.org/ns/auth/acl#Write")) (control (string->uri "http://www.w3.org/ns/auth/acl#Control"))) diff --git a/tests/authorization-endpoint-get-form.scm b/tests/authorization-endpoint-get-form.scm index 6830df8..27f22f9 100644 --- a/tests/authorization-endpoint-get-form.scm +++ b/tests/authorization-endpoint-get-form.scm @@ -32,13 +32,9 @@ (define key (generate-key #:n-size 2048)) (define subject (string->uri "https://authorization-endpoint-get-form.scm/profile/card#me")) (define password "p4ssw0rd") - (define validity 120) - (define* (http-get uri #:key (headers '())) - (exit 2)) (define endpoint (make-authorization-endpoint - subject password key validity - #:http-get http-get)) + subject password key)) (receive (response response-body) (parameterize ((p:current-date 0)) (endpoint diff --git a/tests/authorization-endpoint-no-args.scm b/tests/authorization-endpoint-no-args.scm index a9661cd..164e345 100644 --- a/tests/authorization-endpoint-no-args.scm +++ b/tests/authorization-endpoint-no-args.scm @@ -32,13 +32,8 @@ (define key (generate-key #:n-size 2048)) (define subject (string->uri "https://authorization-endpoint-get-form.scm/profile/card#me")) (define password "p4ssw0rd") - (define validity 120) - (define* (http-get uri #:key (headers '())) - (exit 2)) (define endpoint - (make-authorization-endpoint - subject password key validity - #:http-get http-get)) + (make-authorization-endpoint subject password key)) (receive (response response-body) (parameterize ((p:current-date 0)) (endpoint diff --git a/tests/authorization-endpoint-submit-form.scm b/tests/authorization-endpoint-submit-form.scm index 2fc7197..3de3e19 100644 --- a/tests/authorization-endpoint-submit-form.scm +++ b/tests/authorization-endpoint-submit-form.scm @@ -39,7 +39,6 @@ (define redirect (string->uri "https://authorization-endpoint-submit-form.scm/client/redirect")) (define password "p4ssw0rd") (define encrypted-password (crypt password "$6$this.is.the.salt")) - (define validity 120) (define what-uri-to-expect client) (define served (receive (response response-body) @@ -49,66 +48,66 @@ (cons response response-body))) (define the-response (car served)) (define the-response-body (cdr served)) - (define* (http-get uri #:key (headers '())) - (unless (equal? uri what-uri-to-expect) - (exit 2)) - (values the-response the-response-body)) - (define cached-http-get - (with-cache #:http-get http-get)) (define endpoint (make-authorization-endpoint - subject encrypted-password key validity - #:http-get cached-http-get)) - (receive (response response-body) - ;; The password is fake! - (parameterize ((p:current-date 0)) - (endpoint - (build-request (string->uri - (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a" - (uri-encode (uri->string client)) - (uri-encode (uri->string redirect)))) - #:headers '((content-type application/x-www-form-urlencoded)) - #:method 'POST - #:port #t) - "password=fake")) - (when (eq? (response-code response) 302) - (exit 3))) - (receive (response response-body) - (parameterize ((p:current-date 0)) - (endpoint - (build-request (string->uri - (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a" - (uri-encode (uri->string client)) - (uri-encode (uri->string redirect)))) - #:headers '((content-type application/x-www-form-urlencoded)) - #:method 'POST - #:port #t) - "password=p4ssw0rd")) - (unless (eq? (response-code response) 302) - (exit 4)) - (let ((loc (response-location response))) - (unless (uri? loc) - (exit 5)) - (let ((loc-scheme (uri-scheme loc)) - (loc-host (uri-host loc)) - (loc-path (uri-path loc)) - (loc-query (uri-query loc))) - (unless (eq? loc-scheme 'https) - (exit 6)) - (unless (string=? loc-host "authorization-endpoint-submit-form.scm") - (exit 7)) - (unless (string=? loc-path "/client/redirect") - (exit 8)) - (let* ((kv (string-split loc-query #\&)) - (args (map (lambda (x) - (map uri-decode (string-split x #\=))) - kv))) - (unless (assoc-ref args "code") - (exit 9)) - (let ((parsed - (parameterize ((p:current-date 60)) - (decode <authorization-code> - (car (assoc-ref args "code")) - #:issuer-key key)))) - (unless parsed - (exit 10))))))))) + subject encrypted-password key)) + (parameterize ((p:anonymous-http-request + (lambda* (uri #:key (headers '()) #:allow-other-keys) + (unless (equal? uri what-uri-to-expect) + (exit 2)) + (values the-response the-response-body)))) + (use-cache + (lambda () + (receive (response response-body) + ;; The password is fake! + (parameterize ((p:current-date 0)) + (endpoint + (build-request (string->uri + (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a" + (uri-encode (uri->string client)) + (uri-encode (uri->string redirect)))) + #:headers '((content-type application/x-www-form-urlencoded)) + #:method 'POST + #:port #t) + "password=fake")) + (when (eq? (response-code response) 302) + (exit 3))) + (receive (response response-body) + (parameterize ((p:current-date 0)) + (endpoint + (build-request (string->uri + (format #f "https://authorization-endpoint-submit-form.scm/authorize?client_id=~a&redirect_uri=~a" + (uri-encode (uri->string client)) + (uri-encode (uri->string redirect)))) + #:headers '((content-type application/x-www-form-urlencoded)) + #:method 'POST + #:port #t) + "password=p4ssw0rd")) + (unless (eq? (response-code response) 302) + (exit 4)) + (let ((loc (response-location response))) + (unless (uri? loc) + (exit 5)) + (let ((loc-scheme (uri-scheme loc)) + (loc-host (uri-host loc)) + (loc-path (uri-path loc)) + (loc-query (uri-query loc))) + (unless (eq? loc-scheme 'https) + (exit 6)) + (unless (string=? loc-host "authorization-endpoint-submit-form.scm") + (exit 7)) + (unless (string=? loc-path "/client/redirect") + (exit 8)) + (let* ((kv (string-split loc-query #\&)) + (args (map (lambda (x) + (map uri-decode (string-split x #\=))) + kv))) + (unless (assoc-ref args "code") + (exit 9)) + (let ((parsed + (parameterize ((p:current-date 60)) + (decode <authorization-code> + (car (assoc-ref args "code")) + #:issuer-key key)))) + (unless parsed + (exit 10)))))))))))) diff --git a/tests/cache-revalidate.scm b/tests/cache-revalidate.scm index caa6e3e..a4eab3e 100644 --- a/tests/cache-revalidate.scm +++ b/tests/cache-revalidate.scm @@ -16,6 +16,7 @@ (use-modules (webid-oidc cache) (webid-oidc testing) + ((webid-oidc parameters) #:prefix p:) (web uri) (web request) (web response) @@ -44,15 +45,15 @@ (build-response #:code 304 #:reason-phrase "Not Modified" #:headers `((date . ,(time-utc->date (make-time time-utc 0 10))))) #f)) - (receive (response response-body) - (revalidate (string->uri "https://example.com") original-response "hello" - #:headers `((if-none-match . ("yyy" . #t)) - (if-unmodified-since . ,(time-utc->date (make-time time-utc 0 42))) - (user-agent . "Testbed")) - #:http-get backend) - (unless (eqv? (response-code response) 200) - (exit 5)) - (unless (equal? (response-headers response) - `((date . ,(time-utc->date (make-time time-utc 0 10))) - (content-type text/plain))) - (exit 6))))) + (parameterize ((p:anonymous-http-request backend)) + (receive (response response-body) + (revalidate (string->uri "https://example.com") original-response "hello" + #:headers `((if-none-match . ("yyy" . #t)) + (if-unmodified-since . ,(time-utc->date (make-time time-utc 0 42))) + (user-agent . "Testbed"))) + (unless (eqv? (response-code response) 200) + (exit 5)) + (unless (equal? (response-headers response) + `((date . ,(time-utc->date (make-time time-utc 0 10))) + (content-type text/plain))) + (exit 6)))))) diff --git a/tests/client-manifest-fraudulent.scm b/tests/client-manifest-fraudulent.scm index a1bfe20..548f6c1 100644 --- a/tests/client-manifest-fraudulent.scm +++ b/tests/client-manifest-fraudulent.scm @@ -17,6 +17,7 @@ (use-modules (webid-oidc client-manifest) (webid-oidc cache) (webid-oidc testing) + ((webid-oidc parameters) #:prefix p:) (webid-oidc errors) (web uri) (srfi srfi-19) @@ -58,17 +59,17 @@ (unless (equal? headers headers-to-expect) (exit 2)) (values what-to-respond what-to-respond-body)) - (define cache-http-get - (with-cache - #:http-get respond)) - (with-exception-handler - (lambda (error) - (unless (inconsistent-client-manifest? error) - (exit 3))) - (lambda () - (get-client-manifest - (string->uri "https://fraudulent-app.example.com/id#app") - #:http-get cache-http-get) - (exit 4)) - #:unwind? #t - #:unwind-for-type &inconsistent-client-manifest))) + (parameterize ((p:anonymous-http-request respond)) + (use-cache + (lambda () + (with-exception-handler + (lambda (error) + (unless (inconsistent-client-manifest? error) + (exit 3))) + (lambda () + (parameterize ((p:current-date 0)) + (get-client-manifest + (string->uri "https://fraudulent-app.example.com/id#app"))) + (exit 4)) + #:unwind? #t + #:unwind-for-type &inconsistent-client-manifest)))))) diff --git a/tests/client-manifest-public.scm b/tests/client-manifest-public.scm index 76eb8ba..f4e0bd5 100644 --- a/tests/client-manifest-public.scm +++ b/tests/client-manifest-public.scm @@ -26,10 +26,7 @@ (lambda () (define mf (get-client-manifest - (string->uri "http://www.w3.org/ns/solid/terms#PublicOidcClient") - #:http-get - (lambda args - (exit 1)))) + (string->uri "http://www.w3.org/ns/solid/terms#PublicOidcClient"))) (define id (client-manifest-client-id mf)) (unless (equal? id (string->uri "http://www.w3.org/ns/solid/terms#PublicOidcClient")) (exit 2)) diff --git a/tests/client-manifest.scm b/tests/client-manifest.scm index 8e98091..7f8e130 100644 --- a/tests/client-manifest.scm +++ b/tests/client-manifest.scm @@ -14,15 +14,17 @@ ;; You should have received a copy of the GNU Affero General Public License ;; along with this program. If not, see <https://www.gnu.org/licenses/>. -(use-modules (webid-oidc client-manifest) - (webid-oidc cache) - (webid-oidc testing) - (webid-oidc errors) - (web uri) - (srfi srfi-19) - (web response) - (ice-9 optargs) - (ice-9 receive)) +(define-module (tests client-manifest) + #:use-module (webid-oidc client-manifest) + #:use-module (webid-oidc cache) + #:use-module (webid-oidc testing) + #:use-module ((webid-oidc parameters) #:prefix p:) + #:use-module (webid-oidc errors) + #:use-module (web uri) + #:use-module (srfi srfi-19) + #:use-module (web response) + #:use-module (ice-9 optargs) + #:use-module (ice-9 receive)) (with-test-environment "client-manifest" @@ -52,42 +54,43 @@ (string->uri "https://app.example.com/id#app")) (exit 2)) (values what-to-respond what-to-respond-body)) - (define cache-http-get - (with-cache - #:http-get respond)) - (define mf - (get-client-manifest - (string->uri "https://app.example.com/id#app") - #:http-get cache-http-get)) - (define id (client-manifest-client-id mf)) - (unless (equal? id (string->uri "https://app.example.com/id#app")) - (exit 3)) - (unless (client-manifest-check-redirect-uri mf "https://app.example.com/callback") - (exit 4)) - (with-exception-handler - (lambda (error) - (unless (unauthorized-redirect-uri? error) - (exit 5))) - (lambda () - (client-manifest-check-redirect-uri mf "https://fraudulent-app.example.com/callback") - (exit 55)) - #:unwind? #t - #:unwind-for-type &unauthorized-redirect-uri) - (receive (response response-body) - (serve-client-manifest - (time-utc->date (make-time time-utc 0 3600)) - mf) - (unless (equal? (response-content-type response) '(application/ld+json)) - (exit 6)) - (set! what-to-respond response) - (set! what-to-respond-body response-body) - (let ((re-parsed (get-client-manifest - (string->uri "https://app.example.com/id#app") - #:http-get cache-http-get))) - (map (lambda (key) - (unless (equal? (assq-ref mf key) - (assq-ref re-parsed key)) - (exit 9))) - '(client_id redirect_uris client_name client_uri - logo_uri tos_uri scope grant_types response_types - default_max_age require_auth_time)))))) + (parameterize ((p:anonymous-http-request respond)) + (use-cache + (lambda () + (define mf + (parameterize ((p:current-date 0)) + (get-client-manifest + (string->uri "https://app.example.com/id#app")))) + (define id (client-manifest-client-id mf)) + (unless (equal? id (string->uri "https://app.example.com/id#app")) + (exit 3)) + (unless (client-manifest-check-redirect-uri mf "https://app.example.com/callback") + (exit 4)) + (with-exception-handler + (lambda (error) + (unless (unauthorized-redirect-uri? error) + (exit 5))) + (lambda () + (client-manifest-check-redirect-uri mf "https://fraudulent-app.example.com/callback") + (exit 55)) + #:unwind? #t + #:unwind-for-type &unauthorized-redirect-uri) + (receive (response response-body) + (serve-client-manifest + (time-utc->date (make-time time-utc 0 3600)) + mf) + (unless (equal? (response-content-type response) '(application/ld+json)) + (exit 6)) + (set! what-to-respond response) + (set! what-to-respond-body response-body) + (let ((re-parsed + (parameterize ((p:current-date 10)) + (get-client-manifest + (string->uri "https://app.example.com/id#app"))))) + (map (lambda (key) + (unless (equal? (assq-ref mf key) + (assq-ref re-parsed key)) + (exit 9))) + '(client_id redirect_uris client_name client_uri + logo_uri tos_uri scope grant_types response_types + default_max_age require_auth_time))))))))) diff --git a/tests/client-workflow.scm b/tests/client-workflow.scm index 50514d8..9c74198 100644 --- a/tests/client-workflow.scm +++ b/tests/client-workflow.scm @@ -75,7 +75,7 @@ #:client-id "https://client@client-workflow.scm/id" #:redirect-uri (string->uri "https://client@client-workflow.scm/authorized"))) - (client:anonymous-http-request + (p:anonymous-http-request (cute sim:request simulation <...>))) (parameterize ((p:current-date 0) (client:authorization-process diff --git a/tests/crud.scm b/tests/crud.scm index 40ec7b1..fa33138 100644 --- a/tests/crud.scm +++ b/tests/crud.scm @@ -22,6 +22,7 @@ (webid-oidc server resource path) (webid-oidc errors) (webid-oidc testing) + ((webid-oidc parameters) #:prefix p:) (webid-oidc fetch) (webid-oidc rdf-index) (web http) @@ -158,12 +159,12 @@ (when (cdr etag) (exit 15)) (with-index - (fetch "https://example.com/" - #:http-get - (lambda (uri . rest) - (values - (build-response #:headers `((content-type . ,content-type))) - root))) + (parameterize ((p:anonymous-http-request + (lambda (uri . rest) + (values + (build-response #:headers `((content-type . ,content-type))) + root)))) + (fetch "https://example.com/")) (lambda (rdf-match) (when (null? (rdf-match "https://example.com/" "http://www.w3.org/ns/ldp#contains" @@ -199,12 +200,12 @@ (when (cdr etag) (exit 22)) (with-index - (fetch "https://example.com/.acl" - #:http-get - (lambda (uri . rest) - (values - (build-response #:headers `((content-type . ,content-type))) - /.acl))) + (parameterize ((p:anonymous-http-request + (lambda (uri . rest) + (values + (build-response #:headers `((content-type . ,content-type))) + /.acl)))) + (fetch "https://example.com/.acl")) (lambda (rdf-match) (when (null? (rdf-match #f "http://www.w3.org/1999/02/22-rdf-syntax-ns#type" diff --git a/tests/dpop-proof-no-explicit-exp.scm b/tests/dpop-proof-no-explicit-exp.scm index c485cac..5a4ccbc 100644 --- a/tests/dpop-proof-no-explicit-exp.scm +++ b/tests/dpop-proof-no-explicit-exp.scm @@ -26,18 +26,34 @@ (srfi srfi-19) (web response) (ice-9 receive) + (ice-9 optargs) (oop goops)) (define-class <dpop-proof-with-exp> (<dpop-proof>)) +(define-method (initialize (token <dpop-proof-with-exp>) initargs) + (next-method) + ;; Override exp + (let-keywords + initargs #t + ((validity #f)) + (slot-set! token 'exp + (let ((iat (time-second (date->time-utc (iat token))))) + (time-utc->date + (make-time time-utc 0 + (+ iat validity))))))) + (define malicious-jwt-created? #f) (define-method (token->jwt (token <dpop-proof-with-exp>)) (set! malicious-jwt-created? #t) (receive (header payload) (next-method) - (values header - `((exp . ,(time-second (date->time-utc (exp token)))) - ,@payload)))) + (let ((exp (time-second (date->time-utc (exp token))))) + (unless (equal? exp 3600) + (exit 3)) + (values header + `((exp . ,exp) + ,@payload))))) (with-test-environment "dpop-proof-no-explicit-exp" diff --git a/tests/jwks-get.scm b/tests/jwks-get.scm index 8f23492..ffc0bbb 100644 --- a/tests/jwks-get.scm +++ b/tests/jwks-get.scm @@ -16,6 +16,7 @@ (use-modules (webid-oidc jwk) (webid-oidc testing) + ((webid-oidc parameters) #:prefix p:) (webid-oidc cache) (web uri) (srfi srfi-19) @@ -58,15 +59,12 @@ } ") (exit 3))) - (define cache-http-get - (with-cache - #:http-get respond)) - (define* (cache-http-request uri #:key (headers '()) (method 'GET)) - (unless (eq? method 'GET) - (exit 4)) - (cache-http-get uri #:headers headers)) - (define jwks (get-jwks "https://example.com/keys" - #:http-request cache-http-request)) + (define jwks + (parameterize ((p:anonymous-http-request respond) + (p:current-date 0)) ;; the cache requires it + (use-cache + (lambda () + (get-jwks "https://example.com/keys"))))) (define the-keys (keys jwks)) (unless (eq? (length the-keys) 2) (exit 5)) diff --git a/tests/oidc-configuration.scm b/tests/oidc-configuration.scm index 736c3f8..3d31b9d 100644 --- a/tests/oidc-configuration.scm +++ b/tests/oidc-configuration.scm @@ -120,43 +120,41 @@ \"solid_oidc_supported\": \"https://solidproject.org/TR/solid-oidc\" }")) (else (exit 2)))) - (define cache-http-get - (with-cache - #:http-get respond)) - (define cfg - (make <oidc-configuration> - #:server "example.com" - #:http-request cache-http-get)) - (define my-jwks - (parameterize ((p:anonymous-http-request cache-http-get)) - (jwks cfg))) - (unless (is-a? cfg <oidc-configuration>) - (exit 3)) - (unless (is-a? my-jwks <jwks>) - (exit 4)) - (let ((my-oidc + (parameterize ((p:anonymous-http-request respond) + (p:current-date 0)) ;; for the cache + (use-cache + (lambda () + (define cfg (make <oidc-configuration> - #:jwks-uri "https://example.com/keys" - #:authorization-endpoint "https://example.com/authorize" - #:token-endpoint "https://example.com/token" - #:solid-oidc-supported "https://solidproject.org/TR/solid-oidc"))) - (receive (response response-body) - (serve my-oidc (time-utc->date (make-time time-utc 0 3600))) - (unless (eqv? (car (response-content-type response)) 'application/json) - (exit 5)) - (let ((parsed - (->json-data + #:server "example.com")) + (define my-jwks (jwks cfg)) + (unless (is-a? cfg <oidc-configuration>) + (exit 3)) + (unless (is-a? my-jwks <jwks>) + (exit 4)) + (let ((my-oidc (make <oidc-configuration> - #:json-data (stubs:json-string->scm response-body))))) - (unless (equal? (assq-ref parsed 'jwks_uri) - "https://example.com/keys") - (exit 7)) - (unless (equal? (assq-ref parsed 'authorization_endpoint) - "https://example.com/authorize") - (exit 8)) - (unless (equal? (assq-ref parsed 'token_endpoint) - "https://example.com/token") - (exit 9)) - (unless (equal? (assq-ref parsed 'solid_oidc_supported) - "https://solidproject.org/TR/solid-oidc") - (exit 10))))))) + #:jwks-uri "https://example.com/keys" + #:authorization-endpoint "https://example.com/authorize" + #:token-endpoint "https://example.com/token" + #:solid-oidc-supported "https://solidproject.org/TR/solid-oidc"))) + (receive (response response-body) + (serve my-oidc (time-utc->date (make-time time-utc 0 3600))) + (unless (eqv? (car (response-content-type response)) 'application/json) + (exit 5)) + (let ((parsed + (->json-data + (make <oidc-configuration> + #:json-data (stubs:json-string->scm response-body))))) + (unless (equal? (assq-ref parsed 'jwks_uri) + "https://example.com/keys") + (exit 7)) + (unless (equal? (assq-ref parsed 'authorization_endpoint) + "https://example.com/authorize") + (exit 8)) + (unless (equal? (assq-ref parsed 'token_endpoint) + "https://example.com/token") + (exit 9)) + (unless (equal? (assq-ref parsed 'solid_oidc_supported) + "https://solidproject.org/TR/solid-oidc") + (exit 10)))))))))) diff --git a/tests/provider-confirmation.scm b/tests/provider-confirmation.scm index fe9f4a2..e326ac8 100644 --- a/tests/provider-confirmation.scm +++ b/tests/provider-confirmation.scm @@ -16,6 +16,7 @@ (use-modules (webid-oidc provider-confirmation) (webid-oidc testing) + ((webid-oidc parameters) #:prefix p:) (web uri) (srfi srfi-19) (web response) @@ -42,9 +43,11 @@ (unless (equal? headers what-headers-to-expect) (exit 2)) (values what-to-respond what-to-respond-body)) - (define cnf (get-provider-confirmations - (string->uri "https://provider-confirmation.scm/id#webid") - #:http-get http-get)) + (define cnf + (parameterize + ((p:anonymous-http-request http-get)) + (get-provider-confirmations + (string->uri "https://provider-confirmation.scm/id#webid")))) (unless (eq? (length cnf) 2) (format (current-error-port) "~s\n" cnf) (exit 3)) diff --git a/tests/resource-server.scm b/tests/resource-server.scm index 89df999..767088d 100644 --- a/tests/resource-server.scm +++ b/tests/resource-server.scm @@ -92,10 +92,10 @@ DPoP: ~a\r\n\r\n" (define rq-body "") (define authenticator (make-authenticator - #:server-uri server-uri - #:http-get http-get)) + #:server-uri server-uri)) (define parsed - (parameterize ((p:current-date 20)) + (parameterize ((p:current-date 20) + (p:anonymous-http-request http-get)) (authenticator rq rq-body))) (unless (uri? parsed) (exit 2)) diff --git a/tests/token-endpoint-issue.scm b/tests/token-endpoint-issue.scm index 0815c30..8fdd1ad 100644 --- a/tests/token-endpoint-issue.scm +++ b/tests/token-endpoint-issue.scm @@ -40,7 +40,6 @@ (define subject (string->uri "https://token-endpoint-issue.scm/profile/card#me")) (define client (string->uri "https://token-endpoint-issue.scm/client/card#app")) (define issuer (string->uri "https://issuer.token-endpoint-issue.scm")) - (define validity 3600) (define authz (parameterize ((p:current-date 0)) (issue <authorization-code> @@ -50,7 +49,7 @@ (define endpoint (make-token-endpoint (string->uri "https://token-endpoint-issue.scm/token") - issuer key validity)) + issuer key)) (receive (response response-body . _) ;; The code is fake! (let ((dpop @@ -103,25 +102,25 @@ (unless refresh-token-enc (exit 7)) (let ((access-token - (parameterize ((p:current-date 20)) - (decode <access-token> access-token-enc - #:http-request - (lambda* (uri . args) - (cond - ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration")) - (values (build-response #:headers '((content-type application/json))) - "{ + (parameterize ((p:current-date 20) + (p:anonymous-http-request + (lambda* (uri . args) + (cond + ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration")) + (values (build-response #:headers '((content-type application/json))) + "{ \"jwks_uri\": \"https://token-endpoint-issue.scm/keys\", \"token_endpoint\": \"https://token-endpoint-issue.scm/token\", \"authorization_endpoint\": \"https://token-endpoint-issue.scm/authorize\", \"solid_oidc_supported\": \"https://solidproject.org/TR/solid-oidc\" }")) - ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys")) - (values (build-response #:headers '((content-type application/json))) - (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key)))))))) - (else - (format (current-error-port) "Unknown URI: ~s\n" (uri->string uri)) - (exit 11)))))))) + ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys")) + (values (build-response #:headers '((content-type application/json))) + (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key)))))))) + (else + (format (current-error-port) "Unknown URI: ~s\n" (uri->string uri)) + (exit 11)))))) + (decode <access-token> access-token-enc)))) (unless access-token (exit 8)) (let ((access-token-cnf/jkt (cnf/jkt access-token))) diff --git a/tests/token-endpoint-refresh.scm b/tests/token-endpoint-refresh.scm index f0174b8..90e2625 100644 --- a/tests/token-endpoint-refresh.scm +++ b/tests/token-endpoint-refresh.scm @@ -41,12 +41,11 @@ (define subject (string->uri "https://token-endpoint-issue.scm/profile/card#me")) (define client (string->uri "https://token-endpoint-issue.scm/client/card#app")) (define issuer (string->uri "https://issuer.token-endpoint-issue.scm")) - (define validity 3600) (define refresh-code (issue-refresh-token subject client (jkt client-key))) (define endpoint (make-token-endpoint (string->uri "https://token-endpoint-issue.scm/token") - issuer key validity)) + issuer key)) (receive (response response-body . _) ;; The refresh token is fake! (let ((dpop @@ -98,24 +97,24 @@ (unless refresh-token-enc (exit 7)) (let ((access-token - (parameterize ((p:current-date 20)) - (decode <access-token> access-token-enc - #:http-request - (lambda* (uri . args) - (cond - ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration")) - (values (build-response #:headers '((content-type application/json))) - "{ + (parameterize ((p:current-date 20) + (p:anonymous-http-request + (lambda* (uri . args) + (cond + ((equal? uri (string->uri "https://issuer.token-endpoint-issue.scm/.well-known/openid-configuration")) + (values (build-response #:headers '((content-type application/json))) + "{ \"jwks_uri\": \"https://token-endpoint-issue.scm/keys\", \"token_endpoint\": \"https://token-endpoint-issue.scm/token\", \"authorization_endpoint\": \"https://token-endpoint-issue.scm/authorize\", \"solid_oidc_supported\": \"https://solidproject.org/TR/solid-oidc\" }")) - ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys")) - (values (build-response #:headers '((content-type application/json))) - (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key)))))))) - (else - (exit 8)))))))) + ((equal? uri (string->uri "https://token-endpoint-issue.scm/keys")) + (values (build-response #:headers '((content-type application/json))) + (stubs:scm->json-string `((keys . ,(list->vector (list (key->jwk key)))))))) + (else + (exit 8)))))) + (decode <access-token> access-token-enc)))) (unless access-token (exit 9)) (let ((access-token-cnf/jkt (cnf/jkt access-token))) |