diff options
| author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-03 11:06:44 +0200 |
|---|---|---|
| committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-03 11:13:22 +0200 |
| commit | 50aa57c3483ea6e489870e44498fb322a01cc979 (patch) | |
| tree | c6841ed38f607b49116f95e90bd76ae239228790 /src/scm/webid-oidc/program.scm | |
| parent | 752baccc78ecfc769c0aa228f1af2e1ec1c30027 (diff) | |
Do not accept the password in clear, use an encrypted password
Diffstat (limited to 'src/scm/webid-oidc/program.scm')
| -rw-r--r-- | src/scm/webid-oidc/program.scm | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/src/scm/webid-oidc/program.scm b/src/scm/webid-oidc/program.scm index 7e47c2b..f083700 100644 --- a/src/scm/webid-oidc/program.scm +++ b/src/scm/webid-oidc/program.scm @@ -153,8 +153,8 @@ (string->symbol (G_ "command-line|server|issuer|key-file"))) (subject-sym (string->symbol (G_ "command-line|server|issuer|subject"))) - (password-sym - (string->symbol (G_ "command-line|server|issuer|password"))) + (encrypted-password-sym + (string->symbol (G_ "command-line|server|issuer|encrypted-password"))) (jwks-uri-sym (string->symbol (G_ "command-line|server|issuer|jwks-uri"))) (authorization-endpoint-uri-sym @@ -182,7 +182,7 @@ (,error-file-sym (single-char #\e) (value #t)) (,key-file-sym (single-char #\k) (value #t)) (,subject-sym (single-char #\s) (value #t)) - (,password-sym (single-char #\w) (value #t)) + (,encrypted-password-sym (single-char #\w) (value #t)) (,jwks-uri-sym (single-char #\j) (value #t)) (,authorization-endpoint-uri-sym (single-char #\a) (value #t)) (,token-endpoint-uri-sym (single-char #\t) (value #t)) @@ -252,8 +252,8 @@ Options for the identity provider: key is generated. -s WEBID, --~a=WEBID: set the identity of the subject. - -w PASSWORD, --~a=PASSWORD: - set the password to recognize the user. + -w ENCRYPTED_PASSWORD, --~a=ENCRYPTED_PASSWORD: + set the encrypted password to recognize the user. -j URI, --~a=URI: set the URI to query the key of the server. -a URI, --~a=URI: @@ -324,7 +324,7 @@ invoked with the following options: --~a 'https://webid-oidc-demo.planete-kraus.eu' \\ --~a '/var/lib/webid-oidc/issuer/key.jwk' \\ --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\ - --~a \"$PASSWORD\" \\ + --~a \"$ENCRYPTED_PASSWORD\" \\ --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\ --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\ --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\ @@ -375,7 +375,7 @@ If you find a bug, then please send a report to ~a. ;; Options for the identity provider key-file-sym subject-sym - password-sym + encrypted-password-sym jwks-uri-sym authorization-endpoint-uri-sym token-endpoint-uri-sym @@ -414,7 +414,7 @@ If you find a bug, then please send a report to ~a. (car (command-line)) (G_ "command-line|command|identity-provider") complete-corresponding-source-sym - server-name-sym key-file-sym subject-sym password-sym + server-name-sym key-file-sym subject-sym encrypted-password-sym jwks-uri-sym authorization-endpoint-uri-sym token-endpoint-uri-sym port-sym ;; Running the public pages for an application @@ -478,7 +478,7 @@ If you find a bug, then please send a report to ~a. (subject (let ((str (option-ref options subject-sym #f))) (and str (string->uri str)))) - (password (option-ref options password-sym #f)) + (encrypted-password (option-ref options encrypted-password-sym #f)) (jwks-uri (let ((str (option-ref options jwks-uri-sym #f))) (and str (string->uri str)))) @@ -544,9 +544,9 @@ If you find a bug, then please send a report to ~a. (format (current-error-port) (G_ "You must pass --~a to set the subject of the identity provider.\n") subject-sym) (exit 1)) - (unless password - (format (current-error-port) (G_ "You must pass --~a to set the subject’s password.\n") - password-sym) + (unless encrypted-password + (format (current-error-port) (G_ "You must pass --~a to set the subject’s encrypted password.\n") + encrypted-password-sym) (exit 1)) (unless jwks-uri (format (current-error-port) (G_ "You must pass --~a to set the JWKS URI.\n") @@ -562,7 +562,7 @@ If you find a bug, then please send a report to ~a. (exit 1)) (let ((handler (make-identity-provider - server-name key-file subject password jwks-uri + server-name key-file subject encrypted-password jwks-uri authorization-endpoint-uri token-endpoint-uri (make-jti-list) #:current-time current-time @@ -616,9 +616,9 @@ If you find a bug, then please send a report to ~a. (format (current-error-port) (G_ "You must pass --~a to set the subject of the identity provider.\n") subject-sym) (exit 1)) - (unless password - (format (current-error-port) (G_ "You must pass --~a to set the subject’s password.\n") - password-sym) + (unless encrypted-password + (format (current-error-port) (G_ "You must pass --~a to set the subject’s encrypted password.\n") + encrypted-password-sym) (exit 1)) (unless jwks-uri (format (current-error-port) (G_ "You must pass --~a to set the JWKS URI.\n") @@ -654,7 +654,7 @@ If you find a bug, then please send a report to ~a. #:http-get cache-http-get)) (identity-provider-handler (make-identity-provider - server-name key-file subject password jwks-uri + server-name key-file subject encrypted-password jwks-uri authorization-endpoint-uri token-endpoint-uri jti-list #:current-time current-time |