summaryrefslogtreecommitdiff
path: root/src/scm/webid-oidc/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'src/scm/webid-oidc/ChangeLog')
-rw-r--r--src/scm/webid-oidc/ChangeLog124
1 files changed, 124 insertions, 0 deletions
diff --git a/src/scm/webid-oidc/ChangeLog b/src/scm/webid-oidc/ChangeLog
new file mode 100644
index 0000000..1223e69
--- /dev/null
+++ b/src/scm/webid-oidc/ChangeLog
@@ -0,0 +1,124 @@
+2021-04-30 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * reverse-proxy.scm (make-reverse-proxy): Make the auth header
+ lowercase, so that all capitalizations of that header in the
+ incoming requests are dropped.
+
+2021-04-26 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * identity-provider.scm (make-identity-provider): while saving the
+ key to file, close the port so that it gets flushed.
+
+2021-04-22 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * oidc-configuration.scm (get-oidc-configuration): accept hosts as
+ URIs (discard everything but the host).
+
+ * token-endpoint.scm (make-token-endpoint): use (webid-oidc
+ oidc-id-token) to issue the ID token.
+
+ * oidc-id-token.scm (issue-id-token): fix function.
+ (id-token-payload?): now the std uses a "webid" claim for the
+ webid of the user, fix that.
+
+ * token-endpoint.scm (make-token-endpoint): also return the ID
+ token.
+
+ * oidc-id-token.scm (id-token-decode): this function still used a
+ cache and current-time arguments.
+
+2021-03-30 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * hello-world.scm (webid-oidc): remove the hello world.
+
+ * resource.scm: don’t provide a Linked Data Platform
+ implementation here.
+
+ * resource-server.scm (make-authenticator): The server’s public
+ URI is now exported, so you don’t rely on the Host header anymore.
+
+ * dpop-proof.scm (uris-compatible): Check decoded paths, so if
+ some characters are encoded they are equal to their decoded
+ counterparts.
+
+2021-03-13 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * resource.scm (default-root-acl): The root authorization
+ statements need not be inherited, they are by default.
+
+2021-02-27 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * hello-world.scm (main): Use an explicit caching and loggin
+ http-get.
+ (main): Add a content-type to the “unauthorized” response.
+
+ * resource-server.scm (make-authenticator): http-get and
+ current-time are now authenticator parameters, not request
+ parameters.
+
+ * provider-confirmation.scm (get-provider-confirmations): Don't
+ try to cache.
+
+ * identity-provider.scm (make-identity-provider): The identity
+ provider only uses the cache through the http-get argument.
+ (main): Use a caching http-get.
+
+ * token-endpoint.scm (make-token-endpoint): make the current-time
+ argument an endpoint parameter, not a handler parameter.
+
+ * authorization-endpoint.scm (make-authorization-endpoint): No
+ need for an explicit cache, since we have http-get.
+ (make-authorization-endpoint): Pass current-time as an endpoint
+ parameter, not a handler parameter, because it should be
+ synchronized with that of the internal http-get with cache.
+ (make-authorization-endpoint): get-client-manifest is simpler.
+
+ * client-manifest.scm (get-client-manifest): Same simplification
+ as for get-jwks.
+
+ * oidc-configuration.scm (get-oidc-configuration): Same
+ siplifications as for get-jwks.
+
+ * jwk.scm (get-jwks): Simplification, the cache is managed through
+ the http-get argument.
+
+ * Makefile.am (dist_webidoidcmod_DATA): Use the new guile web-client with cache
+
+2021-02-17 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * authorization-page.scm (with-locale): Avoid deadlock when
+ setlocale throws.
+
+2021-02-07 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * authorization-endpoint.scm (make-authorization-endpoint): use
+ the new modules.
+
+ * Makefile.am (webidoidcgo_DATA): compile the new modules to
+ generate the authorization pages.
+
+ * Makefile.am (dist_webidoidcmod_DATA): distribute the new modules
+ to generate the authorization pages.
+
+ * authorization-page.scm: wrapper of the unsafe module in a
+ thread-safe fashion.
+
+ * authorization-page-unsafe.scm: new module.
+
+ * dpop-proof.scm (uris-compatible): Also check userinfo for
+ equality.
+
+2020-12-05 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * dpop-proof.scm (dpop-proof-decode): Accept a predicate to decode
+ a dpop proof, so that we can use it for the token endpoint.
+
+2020-12-02 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * jws.scm (jws-decode): In order to verify OIDC ID tokens, the key
+ lookup function now takes a full JWS and not only the header.
+
+2020-11-29 Vivien Kraus <vivien@planete-kraus.eu>
+
+ * jws.scm (jws-decode): The JWS can be verified using a JWKS or multiple keys.
+
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-28 19:24:59 +0000