Client manifest: use GOOPS

1 files changed, 110 insertions, 0 deletions

diff --git a/doc/disfluid.texi b/doc/disfluid.texi
index 5523a21..f655f76 100644
--- a/doc/disfluid.texi
+++ b/doc/disfluid.texi
@@ -63,6 +63,7 @@ is tracked in the Guix channel
 * Common parameters::
 * Managing keys::
 * OIDC discovery::
+* Client manifest::
 * The Json Web Token::
 * Caching on server side::
 * Content negociation::
@@ -542,6 +543,115 @@ this value. They will not revalidate it until after
 @var{expiration-date}, a SRFI-19 date.
 @end deffn
 
+@node Client manifest
+@chapter Client manifest
+To make sure that a client application is legitimate, it is mandated
+that it serves a public document under its ID URI, and that document
+should confirm the URI and the redirection URI, where the client
+application gets the authorization code.
+
+@deftp {Class} <client-manifest> () @var{client-id} @var{redirect-uris}
+This is the class encapsulating a very basic client
+manifest. @var{client-id} is an URI, and @var{redirect-uris} is a list
+of URIs.
+
+You can construct one by providing both @code{#:@var{client-id}} and
+@code{#:@var{redirect-uris}}, or by providing only
+@code{#:@var{client-id}}, in which case it will be downloaded from the
+web.
+@end deftp
+
+Clients that cannot serve pages should use the anonymous client ID,
+that accepts all redirect URIs.
+
+@deffn {Generic} client-id @var{manifest}
+Return the client ID of @var{manifest}.
+@end deffn
+
+@deffn {Generic} redirect-uris @var{manifest}
+Return the list of accepted redirection URIs for @var{manifest}.
+@end deffn
+
+@deffn {Generic} ->json-data @var{manifest}
+Convert @var{manifest} to JSON data (alists for objects, vectors for
+arrays). You should override this method if you design an extended
+client manifest class.
+@end deffn
+
+@deffn {Generic} check-redirect-uri @var{manifest} @var{uri}
+Check that @var{manifest} controls @var{uri}, where to send the
+authorization code. Raises an exception if that’s not the case.
+@end deffn
+
+@deftp {Exception type} &invalid-client-manifest
+This exception is raised when the client manifest is invalid.
+@end deftp
+
+@deffn {function} make-invalid-client-manifest
+Constructor for the @code{&invalid-client-manifest} exception type.
+@end deffn
+
+@deffn {function} invalid-client-manifest? @var{exception}
+Check whether @var{exception} was raised because of an invalid client
+manifest.
+@end deffn
+
+@deftp {Exception type} &unauthorized-redirect-uri
+This exception is raised when the requested authorization URI is
+unauthorized.
+@end deftp
+
+@deffn {function} make-unauthorized-redirect-uri
+Constructor for the @code{&unauthorized-redirect-uri} exception type.
+@end deffn
+
+@deffn {function} unauthorized-redirect-uri? @var{exception}
+Check whether @var{exception} was raised because of an unauthorized
+redirection URI.
+@end deffn
+
+@deftp {Exception type} &inconsistent-client-manifest
+This exception is raised when the client ID does not match what the
+client manifest says.
+@end deftp
+
+@deffn {function} make-inconsistent-client-manifest
+Constructor for the @code{&inconsistent-client-manifest} exception type.
+@end deffn
+
+@deffn {function} inconsistent-client-manifest? @var{exception}
+Check whether @var{exception} was raised because of an inconsistent
+client manifest.
+@end deffn
+
+@deftp {Exception type} &cannot-serve-public-manifest
+This exception is raised when the manifest to serve has the public
+client URI as ID.
+@end deftp
+
+@deffn {function} make-cannot-serve-public-manifest
+Constructor for the @code{&cannot-serve-public-manifest} exception type.
+@end deffn
+
+@deffn {function} cannot-serve-public-manifest? @var{exception}
+Check whether @var{exception} was raised because the server wants to
+serve a public manifest.
+@end deffn
+
+@deftp {Exception type} &cannot-fetch-client-manifest
+This exception is raised when the server does not behave correctly
+when fetching the manifest.
+@end deftp
+
+@deffn {function} make-cannot-fetch-client-manifest
+Constructor for the @code{&cannot-fetch-client-manifest} exception type.
+@end deffn
+
+@deffn {function} cannot-fetch-client-manifest? @var{exception}
+Check whether @var{exception} was raised because we could not fetch a
+client manifest.
+@end deffn
+
 @node The Json Web Token
 @chapter The Json Web Token