From abd22d93f6e61e0d62d340def3526931f042c910 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Tue, 27 Jul 2021 20:30:37 +0200 Subject: The client manifest spec changed: now it’s a plain OIDC registration token. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/scm/webid-oidc/client-manifest.scm | 62 +++++++++++----------------------- src/scm/webid-oidc/client.scm | 12 +++---- tests/client-manifest-fraudulent.scm | 9 ++--- tests/client-manifest.scm | 13 +++---- 4 files changed, 32 insertions(+), 64 deletions(-) diff --git a/src/scm/webid-oidc/client-manifest.scm b/src/scm/webid-oidc/client-manifest.scm index 0515fdd..c4b49f0 100644 --- a/src/scm/webid-oidc/client-manifest.scm +++ b/src/scm/webid-oidc/client-manifest.scm @@ -82,54 +82,21 @@ (vector->list redirect-uris) (uri->string redir))))) -(define (turtle-escape str) - (define (folder c other) - (if (or (eq? c #\\) (eq? c #\")) - (cons* c #\\ other) - (cons c other))) - (list->string (reverse (string-fold folder '() str)))) - (define-public (serve-client-manifest expiration-date mf) (when (eq? mf public-oidc-client) (raise-cannot-serve-public-manifest)) - (let ((json-object (stubs:scm->json-string (the-client-manifest mf))) - (id (uri->string (client-manifest-client-id (the-client-manifest mf))))) - (let ((resource (string-append " -@prefix solid: . - -<" id "> solid:oidcRegistration \"\"\" -" (turtle-escape json-object) " -\"\"\" . -"))) - (values (build-response #:headers `((content-type text/turtle) - (expires . ,expiration-date))) - resource)))) - -(define (find-registration id graph) - (cond ((null? graph) - (raise-no-client-manifest-registration (string->uri id))) - ((and (string=? (rdf-triple-predicate (car graph)) - "http://www.w3.org/ns/solid/terms#oidcRegistration") - (string? (rdf-triple-subject (car graph))) - (string=? (rdf-triple-subject (car graph)) id) - (rdf-literal? (rdf-triple-object (car graph))) - (string=? (rdf-literal-type (rdf-triple-object (car graph))) - "http://www.w3.org/2001/XMLSchema#string")) - (let ((object (rdf-triple-object (car graph)))) - (let ((ret (stubs:json-string->scm (rdf-literal-lexical-form object)))) - (if (client-manifest? ret) - (begin - (unless (equal? (uri->string (client-manifest-client-id ret)) - id) - (raise-inconsistent-client-manifest-id (string->uri id) - (client-manifest-client-id ret))) - ret) - (find-registration id (cdr graph)))))) - (else (find-registration id (cdr graph))))) + (let ((json-object (stubs:scm->json-string + `((@context . "https://www.w3.org/ns/solid/oidc-context.jsonld") + ,@(the-client-manifest mf))))) + (values (build-response #:headers `((content-type application/ld+json) + (expires . ,expiration-date))) + json-object))) (define*-public (get-client-manifest id #:key (http-get http-get)) + (unless (uri? id) + (set! id (string->uri id))) (with-exception-handler (lambda (error) (raise-cannot-fetch-client-manifest id error)) @@ -138,5 +105,14 @@ (string->uri "http://www.w3.org/ns/solid/terms#PublicOidcClient")) public-oidc-client - (let ((graph (fetch id #:http-get http-get))) - (find-registration (uri->string id) graph)))))) + (receive (response response-body) + (http-get id) + (when (bytevector? response-body) + (set! response-body (utf8->string response-body))) + (let ((mf (the-client-manifest (stubs:json-string->scm response-body)))) + (unless (equal? (uri->string (client-manifest-client-id mf)) + (uri->string id)) + (raise-inconsistent-client-manifest-id + id + (client-manifest-client-id mf))) + mf)))))) diff --git a/src/scm/webid-oidc/client.scm b/src/scm/webid-oidc/client.scm index 30cbc75..83bca37 100644 --- a/src/scm/webid-oidc/client.scm +++ b/src/scm/webid-oidc/client.scm @@ -522,18 +522,16 @@ (set! client-uri (string->uri client-uri))) (let* ((manifest (format #f - "@prefix solid: . - -<~a> solid:oidcRegistration \"\"\"{ + "{ + \"@context\": \"https://www.w3.org/ns/solid/oidc-context.jsonld\", \"client_id\" : \"~a\", \"redirect_uris\" : [\"~a\"], \"client_name\" : \"~a\", \"client_uri\" : \"~a\", \"grant_types\" : [\"refresh_token\", \"authorization_code\"], \"response_types\" : [\"code\"] -}\"\"\" . +} " - (uri->string id) (uri->string id) (uri->string redirect-uri) client-name @@ -551,12 +549,12 @@ (build-response #:code 304 #:reason-phrase "Not Modified" - #:headers `((content-type text/turtle) + #:headers `((content-type application/ld+json) (etag . (,manifest-etag . #t)))) #f) (values (build-response - #:headers `((content-type text/turtle) + #:headers `((content-type application/ld+json) (etag . (,manifest-etag . #t)) (cache-control public must-revalidate))) manifest)))) diff --git a/tests/client-manifest-fraudulent.scm b/tests/client-manifest-fraudulent.scm index a43039d..da77c27 100644 --- a/tests/client-manifest-fraudulent.scm +++ b/tests/client-manifest-fraudulent.scm @@ -36,9 +36,7 @@ (define what-to-respond (build-response #:headers '((content-type text/turtle)))) (define what-to-respond-body - "@prefix solid: . - -<#app> solid:oidcRegistration \"\"\"{ + "{ \"client_id\" : \"https://app.example.com/id#app\", \"redirect_uris\" : [\"https://app.example.com/callback\"], \"client_name\" : \"Solid Application Name\", @@ -50,10 +48,9 @@ \"response_types\" : [\"code\"], \"default_max_age\" : 60000, \"require_auth_time\" : true - }\"\"\" . -") + }") (define headers-to-expect - '((accept (text/turtle application/n-quads application/ld+json)))) + '()) (define uri-to-expect (string->uri "https://fraudulent-app.example.com/id#app")) (define* (respond uri #:key (headers '())) diff --git a/tests/client-manifest.scm b/tests/client-manifest.scm index ba8a79a..fb40901 100644 --- a/tests/client-manifest.scm +++ b/tests/client-manifest.scm @@ -28,11 +28,9 @@ "client-manifest" (lambda () (define what-to-respond - (build-response #:headers '((content-type text/turtle)))) + (build-response #:headers '((content-type application/ld+json)))) (define what-to-respond-body - "@prefix solid: . - -<#app> solid:oidcRegistration \"\"\"{ + "{ \"client_id\" : \"https://app.example.com/id#app\", \"redirect_uris\" : [\"https://app.example.com/callback\"], \"client_name\" : \"Solid Application Name\", @@ -44,10 +42,9 @@ \"response_types\" : [\"code\"], \"default_max_age\" : 60000, \"require_auth_time\" : true - }\"\"\" . -") +}") (define* (respond uri #:key (headers '())) - (unless (equal? headers '((accept (text/turtle application/n-quads application/ld+json)))) + (unless (equal? headers '()) (exit 1)) (when (string? uri) (set! uri (string->uri uri))) @@ -84,7 +81,7 @@ (serve-client-manifest (time-utc->date (make-time time-utc 0 3600)) mf) - (unless (equal? (response-content-type response) '(text/turtle)) + (unless (equal? (response-content-type response) '(application/ld+json)) (exit 6)) (set! what-to-respond response) (set! what-to-respond-body response-body) -- cgit v1.2.3