From 9e2873b126bff9e0d13d2953729def4b0b3cd73e Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Thu, 30 Sep 2021 19:51:38 +0200 Subject: Client manifest: use GOOPS --- doc/disfluid.texi | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) (limited to 'doc') diff --git a/doc/disfluid.texi b/doc/disfluid.texi index 5523a21..f655f76 100644 --- a/doc/disfluid.texi +++ b/doc/disfluid.texi @@ -63,6 +63,7 @@ is tracked in the Guix channel * Common parameters:: * Managing keys:: * OIDC discovery:: +* Client manifest:: * The Json Web Token:: * Caching on server side:: * Content negociation:: @@ -542,6 +543,115 @@ this value. They will not revalidate it until after @var{expiration-date}, a SRFI-19 date. @end deffn +@node Client manifest +@chapter Client manifest +To make sure that a client application is legitimate, it is mandated +that it serves a public document under its ID URI, and that document +should confirm the URI and the redirection URI, where the client +application gets the authorization code. + +@deftp {Class} () @var{client-id} @var{redirect-uris} +This is the class encapsulating a very basic client +manifest. @var{client-id} is an URI, and @var{redirect-uris} is a list +of URIs. + +You can construct one by providing both @code{#:@var{client-id}} and +@code{#:@var{redirect-uris}}, or by providing only +@code{#:@var{client-id}}, in which case it will be downloaded from the +web. +@end deftp + +Clients that cannot serve pages should use the anonymous client ID, +that accepts all redirect URIs. + +@deffn {Generic} client-id @var{manifest} +Return the client ID of @var{manifest}. +@end deffn + +@deffn {Generic} redirect-uris @var{manifest} +Return the list of accepted redirection URIs for @var{manifest}. +@end deffn + +@deffn {Generic} ->json-data @var{manifest} +Convert @var{manifest} to JSON data (alists for objects, vectors for +arrays). You should override this method if you design an extended +client manifest class. +@end deffn + +@deffn {Generic} check-redirect-uri @var{manifest} @var{uri} +Check that @var{manifest} controls @var{uri}, where to send the +authorization code. Raises an exception if that’s not the case. +@end deffn + +@deftp {Exception type} &invalid-client-manifest +This exception is raised when the client manifest is invalid. +@end deftp + +@deffn {function} make-invalid-client-manifest +Constructor for the @code{&invalid-client-manifest} exception type. +@end deffn + +@deffn {function} invalid-client-manifest? @var{exception} +Check whether @var{exception} was raised because of an invalid client +manifest. +@end deffn + +@deftp {Exception type} &unauthorized-redirect-uri +This exception is raised when the requested authorization URI is +unauthorized. +@end deftp + +@deffn {function} make-unauthorized-redirect-uri +Constructor for the @code{&unauthorized-redirect-uri} exception type. +@end deffn + +@deffn {function} unauthorized-redirect-uri? @var{exception} +Check whether @var{exception} was raised because of an unauthorized +redirection URI. +@end deffn + +@deftp {Exception type} &inconsistent-client-manifest +This exception is raised when the client ID does not match what the +client manifest says. +@end deftp + +@deffn {function} make-inconsistent-client-manifest +Constructor for the @code{&inconsistent-client-manifest} exception type. +@end deffn + +@deffn {function} inconsistent-client-manifest? @var{exception} +Check whether @var{exception} was raised because of an inconsistent +client manifest. +@end deffn + +@deftp {Exception type} &cannot-serve-public-manifest +This exception is raised when the manifest to serve has the public +client URI as ID. +@end deftp + +@deffn {function} make-cannot-serve-public-manifest +Constructor for the @code{&cannot-serve-public-manifest} exception type. +@end deffn + +@deffn {function} cannot-serve-public-manifest? @var{exception} +Check whether @var{exception} was raised because the server wants to +serve a public manifest. +@end deffn + +@deftp {Exception type} &cannot-fetch-client-manifest +This exception is raised when the server does not behave correctly +when fetching the manifest. +@end deftp + +@deffn {function} make-cannot-fetch-client-manifest +Constructor for the @code{&cannot-fetch-client-manifest} exception type. +@end deffn + +@deffn {function} cannot-fetch-client-manifest? @var{exception} +Check whether @var{exception} was raised because we could not fetch a +client manifest. +@end deffn + @node The Json Web Token @chapter The Json Web Token -- cgit v1.2.3